All the vulnerabilites related to novell - suse_linux
cve-2005-4791
Vulnerability from cvelistv5
Published
2006-04-26 22:00
Modified
2024-08-08 00:01
Severity ?
EPSS score ?
Summary
Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/39580 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/15040 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/27771 | third-party-advisory, x_refsource_SECUNIA | |
| http://sourceforge.net/project/shownotes.php?release_id=555823&group_id=87005 | x_refsource_CONFIRM | |
| http://www.novell.com/linux/security/advisories/2005_22_sr.html | vendor-advisory, x_refsource_SUSE | |
| http://www.vupen.com/english/advisories/2007/3965 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:22.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39580",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39580"
},
{
"name": "15040",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15040"
},
{
"name": "27771",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27771"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=555823\u0026group_id=87005"
},
{
"name": "SUSE-SR:2005:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
},
{
"name": "ADV-2007-3965",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3965"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-12-01T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39580",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39580"
},
{
"name": "15040",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15040"
},
{
"name": "27771",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27771"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=555823\u0026group_id=87005"
},
{
"name": "SUSE-SR:2005:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
},
{
"name": "ADV-2007-3965",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3965"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39580",
"refsource": "OSVDB",
"url": "http://osvdb.org/39580"
},
{
"name": "15040",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15040"
},
{
"name": "27771",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27771"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=555823\u0026group_id=87005",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=555823\u0026group_id=87005"
},
{
"name": "SUSE-SR:2005:022",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
},
{
"name": "ADV-2007-3965",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3965"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4791",
"datePublished": "2006-04-26T22:00:00",
"dateReserved": "2006-04-26T00:00:00",
"dateUpdated": "2024-08-08T00:01:22.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1297
Vulnerability from cvelistv5
Published
2009-10-23 18:00
Modified
2024-08-07 05:04
Severity ?
EPSS score ?
Summary
iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:109 | vendor-advisory, x_refsource_MANDRIVA | |
| https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2013:109",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:109"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241"
},
{
"name": "SUSE-SR:2009:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-11T01:57:00",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "MDVSA-2013:109",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:109"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241"
},
{
"name": "SUSE-SR:2009:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2009-1297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2013:109",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:109"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241"
},
{
"name": "SUSE-SR:2009:016",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2009-1297",
"datePublished": "2009-10-23T18:00:00",
"dateReserved": "2009-04-15T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0803
Vulnerability from cvelistv5
Published
2006-02-23 20:00
Modified
2024-08-07 16:48
Severity ?
EPSS score ?
Summary
The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.novell.com/linux/security/advisories/2006_13_gpg.html | vendor-advisory, x_refsource_SUSE | |
| http://www.novell.com/linux/security/advisories/2006_09_gpg.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/16889 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SA:2006:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_13_gpg.html"
},
{
"name": "SUSE-SA:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_09_gpg.html"
},
{
"name": "16889",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-04-18T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SA:2006:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_13_gpg.html"
},
{
"name": "SUSE-SA:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_09_gpg.html"
},
{
"name": "16889",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16889"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2006:013",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_13_gpg.html"
},
{
"name": "SUSE-SA:2006:009",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_09_gpg.html"
},
{
"name": "16889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16889"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0803",
"datePublished": "2006-02-23T20:00:00",
"dateReserved": "2006-02-20T00:00:00",
"dateUpdated": "2024-08-07T16:48:56.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2025
Vulnerability from cvelistv5
Published
2009-04-09 15:00
Modified
2024-08-07 08:41
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/34567 | third-party-advisory, x_refsource_SECUNIA | |
| http://download.opensuse.org/update/10.3-test/repodata/patch-struts-5872.xml | x_refsource_CONFIRM | |
| http://secunia.com/advisories/34642 | third-party-advisory, x_refsource_SECUNIA | |
| http://support.novell.com/security/cve/CVE-2008-2025.html | x_refsource_CONFIRM | |
| http://osvdb.org/53380 | vdb-entry, x_refsource_OSVDB | |
| http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html | vendor-advisory, x_refsource_SUSE | |
| https://launchpad.net/bugs/cve/2008-2025 | x_refsource_MISC | |
| https://bugzilla.novell.com/show_bug.cgi?id=385273 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:41:00.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34567"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.opensuse.org/update/10.3-test/repodata/patch-struts-5872.xml"
},
{
"name": "34642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34642"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/security/cve/CVE-2008-2025.html"
},
{
"name": "53380",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53380"
},
{
"name": "SUSE-SR:2009:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.net/bugs/cve/2008-2025"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=385273"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"insufficient quoting of parameters.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-16T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34567"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.opensuse.org/update/10.3-test/repodata/patch-struts-5872.xml"
},
{
"name": "34642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34642"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/security/cve/CVE-2008-2025.html"
},
{
"name": "53380",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53380"
},
{
"name": "SUSE-SR:2009:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.net/bugs/cve/2008-2025"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=385273"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"insufficient quoting of parameters.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34567",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34567"
},
{
"name": "http://download.opensuse.org/update/10.3-test/repodata/patch-struts-5872.xml",
"refsource": "CONFIRM",
"url": "http://download.opensuse.org/update/10.3-test/repodata/patch-struts-5872.xml"
},
{
"name": "34642",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34642"
},
{
"name": "http://support.novell.com/security/cve/CVE-2008-2025.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/security/cve/CVE-2008-2025.html"
},
{
"name": "53380",
"refsource": "OSVDB",
"url": "http://osvdb.org/53380"
},
{
"name": "SUSE-SR:2009:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "https://launchpad.net/bugs/cve/2008-2025",
"refsource": "MISC",
"url": "https://launchpad.net/bugs/cve/2008-2025"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=385273",
"refsource": "MISC",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=385273"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2025",
"datePublished": "2009-04-09T15:00:00",
"dateReserved": "2008-04-30T00:00:00",
"dateUpdated": "2024-08-07T08:41:00.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2567
Vulnerability from cvelistv5
Published
2015-04-16 16:00
Modified
2024-08-06 05:17
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201507-19 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securitytracker.com/id/1032121 | vdb-entry, x_refsource_SECTRACK | |
| http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:17:27.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201507-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201507-19"
},
{
"name": "1032121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032121"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "SUSE-SU-2015:0946",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T16:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "GLSA-201507-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201507-19"
},
{
"name": "1032121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032121"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "SUSE-SU-2015:0946",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-2567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201507-19",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-19"
},
{
"name": "1032121",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032121"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "SUSE-SU-2015:0946",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2015-2567",
"datePublished": "2015-04-16T16:00:00",
"dateReserved": "2015-03-20T00:00:00",
"dateUpdated": "2024-08-06T05:17:27.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4636
Vulnerability from cvelistv5
Published
2008-11-27 00:00
Modified
2024-08-07 10:24
Severity ?
EPSS score ?
Summary
yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/32464 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/32832 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/50284 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46879 | vdb-entry, x_refsource_XF | |
| http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00003.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32464",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32464"
},
{
"name": "32832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32832"
},
{
"name": "50284",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50284"
},
{
"name": "yast2backup-backup-command-execution(46879)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46879"
},
{
"name": "SUSE-SA:2008:054",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32464",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32464"
},
{
"name": "32832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32832"
},
{
"name": "50284",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50284"
},
{
"name": "yast2backup-backup-command-execution(46879)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46879"
},
{
"name": "SUSE-SA:2008:054",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32464",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32464"
},
{
"name": "32832",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32832"
},
{
"name": "50284",
"refsource": "OSVDB",
"url": "http://osvdb.org/50284"
},
{
"name": "yast2backup-backup-command-execution(46879)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46879"
},
{
"name": "SUSE-SA:2008:054",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4636",
"datePublished": "2008-11-27T00:00:00",
"dateReserved": "2008-10-21T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0414
Vulnerability from cvelistv5
Published
2013-12-02 02:00
Modified
2024-08-06 18:23
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an image name.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=761165 | x_refsource_MISC | |
| http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5145796.html | x_refsource_CONFIRM | |
| https://support.novell.com/security/cve/CVE-2012-0414.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:31.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=761165"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5145796.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.novell.com/security/cve/CVE-2012-0414.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an image name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-02T01:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=761165"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5145796.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.novell.com/security/cve/CVE-2012-0414.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an image name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=761165",
"refsource": "MISC",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=761165"
},
{
"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5145796.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5145796.html"
},
{
"name": "https://support.novell.com/security/cve/CVE-2012-0414.html",
"refsource": "CONFIRM",
"url": "https://support.novell.com/security/cve/CVE-2012-0414.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0414",
"datePublished": "2013-12-02T02:00:00",
"dateReserved": "2012-01-09T00:00:00",
"dateUpdated": "2024-08-06T18:23:31.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3321
Vulnerability from cvelistv5
Published
2005-10-27 04:00
Modified
2024-08-07 23:10
Severity ?
EPSS score ?
Summary
chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/20263 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/17290/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.novell.com/linux/security/advisories/2005_62_permissions.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/15182 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/22853 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:07.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20263",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20263"
},
{
"name": "17290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17290/"
},
{
"name": "SUSE-SA:2005:062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_62_permissions.html"
},
{
"name": "15182",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15182"
},
{
"name": "suse-chkstat-bypass-security(22853)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22853"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20263",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20263"
},
{
"name": "17290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17290/"
},
{
"name": "SUSE-SA:2005:062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_62_permissions.html"
},
{
"name": "15182",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15182"
},
{
"name": "suse-chkstat-bypass-security(22853)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22853"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20263",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20263"
},
{
"name": "17290",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17290/"
},
{
"name": "SUSE-SA:2005:062",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_62_permissions.html"
},
{
"name": "15182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15182"
},
{
"name": "suse-chkstat-bypass-security(22853)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22853"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3321",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:07.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2566
Vulnerability from cvelistv5
Published
2015-04-16 16:00
Modified
2024-08-06 05:17
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201507-19 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securitytracker.com/id/1032121 | vdb-entry, x_refsource_SECTRACK | |
| http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:17:27.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201507-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201507-19"
},
{
"name": "1032121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032121"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "SUSE-SU-2015:0946",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T16:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "GLSA-201507-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201507-19"
},
{
"name": "1032121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032121"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "SUSE-SU-2015:0946",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-2566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201507-19",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-19"
},
{
"name": "1032121",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032121"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "SUSE-SU-2015:0946",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2015-2566",
"datePublished": "2015-04-16T16:00:00",
"dateReserved": "2015-03-20T00:00:00",
"dateUpdated": "2024-08-06T05:17:27.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1507
Vulnerability from cvelistv5
Published
2010-09-03 19:00
Modified
2024-09-16 17:08
Severity ?
EPSS score ?
Summary
WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=591345 | x_refsource_CONFIRM | |
| http://support.novell.com/security/cve/CVE-2010-1507.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/42128 | vdb-entry, x_refsource_BID | |
| http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html | vendor-advisory, x_refsource_SUSE | |
| https://bugzilla.novell.com/show_bug.cgi?id=598834 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:41.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=591345"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/security/cve/CVE-2010-1507.html"
},
{
"name": "42128",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42128"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=598834"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance\u0027s image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-03T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=591345"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/security/cve/CVE-2010-1507.html"
},
{
"name": "42128",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42128"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=598834"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance\u0027s image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=591345",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=591345"
},
{
"name": "http://support.novell.com/security/cve/CVE-2010-1507.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/security/cve/CVE-2010-1507.html"
},
{
"name": "42128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42128"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=598834",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=598834"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1507",
"datePublished": "2010-09-03T19:00:00Z",
"dateReserved": "2010-04-26T00:00:00Z",
"dateUpdated": "2024-09-16T17:08:35.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4790
Vulnerability from cvelistv5
Published
2006-04-26 22:00
Modified
2024-08-08 00:01
Severity ?
EPSS score ?
Summary
Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:22.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=188806"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=199841"
},
{
"name": "27621",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27621"
},
{
"name": "27608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27608"
},
{
"name": "28672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28672"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=485224"
},
{
"name": "MDVSA-2008:064",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:064"
},
{
"name": "39578",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39578"
},
{
"name": "27799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27799"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=362941"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=189249"
},
{
"name": "26480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26480"
},
{
"name": "SUSE-SR:2005:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
},
{
"name": "28339",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28339"
},
{
"name": "GLSA-200711-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-12.xml"
},
{
"name": "39577",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39577"
},
{
"name": "25341",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25341"
},
{
"name": "FEDORA-2007-3011",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00206.html"
},
{
"name": "USN-560-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/560-1/"
},
{
"name": "FEDORA-2007-3792",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00913.html"
},
{
"name": "tomboy-ldlibrarypath-privilege-escalation(36054)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36054"
},
{
"name": "GLSA-200801-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-14.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=188806"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=199841"
},
{
"name": "27621",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27621"
},
{
"name": "27608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27608"
},
{
"name": "28672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28672"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=485224"
},
{
"name": "MDVSA-2008:064",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:064"
},
{
"name": "39578",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39578"
},
{
"name": "27799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27799"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=362941"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=189249"
},
{
"name": "26480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26480"
},
{
"name": "SUSE-SR:2005:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
},
{
"name": "28339",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28339"
},
{
"name": "GLSA-200711-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-12.xml"
},
{
"name": "39577",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39577"
},
{
"name": "25341",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25341"
},
{
"name": "FEDORA-2007-3011",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00206.html"
},
{
"name": "USN-560-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/560-1/"
},
{
"name": "FEDORA-2007-3792",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00913.html"
},
{
"name": "tomboy-ldlibrarypath-privilege-escalation(36054)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36054"
},
{
"name": "GLSA-200801-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-14.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=188806",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=188806"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=199841",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=199841"
},
{
"name": "27621",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27621"
},
{
"name": "27608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27608"
},
{
"name": "28672",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28672"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=485224",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=485224"
},
{
"name": "MDVSA-2008:064",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:064"
},
{
"name": "39578",
"refsource": "OSVDB",
"url": "http://osvdb.org/39578"
},
{
"name": "27799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27799"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=362941",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=362941"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=189249",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=189249"
},
{
"name": "26480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26480"
},
{
"name": "SUSE-SR:2005:022",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
},
{
"name": "28339",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28339"
},
{
"name": "GLSA-200711-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-12.xml"
},
{
"name": "39577",
"refsource": "OSVDB",
"url": "http://osvdb.org/39577"
},
{
"name": "25341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25341"
},
{
"name": "FEDORA-2007-3011",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00206.html"
},
{
"name": "USN-560-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/560-1/"
},
{
"name": "FEDORA-2007-3792",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00913.html"
},
{
"name": "tomboy-ldlibrarypath-privilege-escalation(36054)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36054"
},
{
"name": "GLSA-200801-14",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-14.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4790",
"datePublished": "2006-04-26T22:00:00",
"dateReserved": "2006-04-26T00:00:00",
"dateUpdated": "2024-08-08T00:01:22.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4394
Vulnerability from cvelistv5
Published
2007-08-17 22:00
Modified
2024-08-07 14:53
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/46404 | vdb-entry, x_refsource_OSVDB | |
| http://www.novell.com/linux/security/advisories/2007_16_sr.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/26395 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46404",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46404"
},
{
"name": "SUSE-SR:2007:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html"
},
{
"name": "26395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26395"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a \"core clean\" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-15T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46404",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46404"
},
{
"name": "SUSE-SR:2007:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html"
},
{
"name": "26395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26395"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in a \"core clean\" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46404",
"refsource": "OSVDB",
"url": "http://osvdb.org/46404"
},
{
"name": "SUSE-SR:2007:016",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html"
},
{
"name": "26395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26395"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4394",
"datePublished": "2007-08-17T22:00:00",
"dateReserved": "2007-08-17T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4432
Vulnerability from cvelistv5
Published
2007-08-20 19:00
Modified
2024-08-07 14:53
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/46783 | vdb-entry, x_refsource_OSVDB | |
| http://www.novell.com/linux/security/advisories/2007_17_sr.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/26543 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/46781 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/46784 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/46782 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46783",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46783"
},
{
"name": "SUSE-SR:2007:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
},
{
"name": "26543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26543"
},
{
"name": "46781",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46781"
},
{
"name": "46784",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46784"
},
{
"name": "46782",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46782"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-09-13T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46783",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46783"
},
{
"name": "SUSE-SR:2007:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
},
{
"name": "26543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26543"
},
{
"name": "46781",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46781"
},
{
"name": "46784",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46784"
},
{
"name": "46782",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46782"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46783",
"refsource": "OSVDB",
"url": "http://osvdb.org/46783"
},
{
"name": "SUSE-SR:2007:017",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
},
{
"name": "26543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26543"
},
{
"name": "46781",
"refsource": "OSVDB",
"url": "http://osvdb.org/46781"
},
{
"name": "46784",
"refsource": "OSVDB",
"url": "http://osvdb.org/46784"
},
{
"name": "46782",
"refsource": "OSVDB",
"url": "http://osvdb.org/46782"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4432",
"datePublished": "2007-08-20T19:00:00",
"dateReserved": "2007-08-20T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5229
Vulnerability from cvelistv5
Published
2006-10-10 23:00
Modified
2024-08-07 19:41
Severity ?
EPSS score ?
Summary
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/25979 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/448702/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/448025/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/448156/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2007/2545 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/20418 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/448108/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/32721 | vdb-entry, x_refsource_OSVDB | |
| http://www.sybsecurity.com/hack-proventia-1.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:05.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25979",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25979"
},
{
"name": "20061014 Re: yet another OpenSSH timing leak?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448702/100/0/threaded"
},
{
"name": "20061009 yet another OpenSSH timing leak?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448025/100/0/threaded"
},
{
"name": "20061010 Re: yet another OpenSSH timing leak?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448156/100/0/threaded"
},
{
"name": "ADV-2007-2545",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2545"
},
{
"name": "20418",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20418"
},
{
"name": "20061009 Re: yet another OpenSSH timing leak?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448108/100/0/threaded"
},
{
"name": "32721",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32721"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sybsecurity.com/hack-proventia-1.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25979",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25979"
},
{
"name": "20061014 Re: yet another OpenSSH timing leak?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448702/100/0/threaded"
},
{
"name": "20061009 yet another OpenSSH timing leak?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448025/100/0/threaded"
},
{
"name": "20061010 Re: yet another OpenSSH timing leak?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448156/100/0/threaded"
},
{
"name": "ADV-2007-2545",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2545"
},
{
"name": "20418",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20418"
},
{
"name": "20061009 Re: yet another OpenSSH timing leak?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448108/100/0/threaded"
},
{
"name": "32721",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32721"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sybsecurity.com/hack-proventia-1.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25979",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25979"
},
{
"name": "20061014 Re: yet another OpenSSH timing leak?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448702/100/0/threaded"
},
{
"name": "20061009 yet another OpenSSH timing leak?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448025/100/0/threaded"
},
{
"name": "20061010 Re: yet another OpenSSH timing leak?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448156/100/0/threaded"
},
{
"name": "ADV-2007-2545",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2545"
},
{
"name": "20418",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20418"
},
{
"name": "20061009 Re: yet another OpenSSH timing leak?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448108/100/0/threaded"
},
{
"name": "32721",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32721"
},
{
"name": "http://www.sybsecurity.com/hack-proventia-1.pdf",
"refsource": "MISC",
"url": "http://www.sybsecurity.com/hack-proventia-1.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5229",
"datePublished": "2006-10-10T23:00:00",
"dateReserved": "2006-10-10T00:00:00",
"dateUpdated": "2024-08-07T19:41:05.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3912
Vulnerability from cvelistv5
Published
2011-01-12 23:00
Modified
2024-08-07 03:26
Severity ?
EPSS score ?
Summary
The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html | vendor-advisory, x_refsource_SUSE | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64690 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/42877 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/70405 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2011/0076 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:26:12.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2011:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"name": "suse-linux-supportconfig-unspecified(64690)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64690"
},
{
"name": "42877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42877"
},
{
"name": "70405",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70405"
},
{
"name": "ADV-2011-0076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0076"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not \"disguise passwords\" in configuration files, which has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2011:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"name": "suse-linux-supportconfig-unspecified(64690)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64690"
},
{
"name": "42877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42877"
},
{
"name": "70405",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70405"
},
{
"name": "ADV-2011-0076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0076"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not \"disguise passwords\" in configuration files, which has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2011:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"name": "suse-linux-supportconfig-unspecified(64690)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64690"
},
{
"name": "42877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42877"
},
{
"name": "70405",
"refsource": "OSVDB",
"url": "http://osvdb.org/70405"
},
{
"name": "ADV-2011-0076",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0076"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3912",
"datePublished": "2011-01-12T23:00:00",
"dateReserved": "2010-10-12T00:00:00",
"dateUpdated": "2024-08-07T03:26:12.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4854
Vulnerability from cvelistv5
Published
2013-07-26 23:00
Modified
2024-08-06 16:59
Severity ?
EPSS score ?
Summary
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:39.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2013-13863",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html"
},
{
"name": "HPSBUX02926",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-01015"
},
{
"name": "APPLE-SA-2014-10-16-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
},
{
"name": "54134",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54134"
},
{
"name": "MDVSA-2013:202",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:202"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-1244"
},
{
"name": "54185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54185"
},
{
"name": "FreeBSD-SA-13:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-01016"
},
{
"name": "oval:org.mitre.oval:def:19561",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10052"
},
{
"name": "FEDORA-2013-13831",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html"
},
{
"name": "54207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54207"
},
{
"name": "openSUSE-SU-2013:1354",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT6536"
},
{
"name": "isc-bind-cve20134854-dos(86004)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86004"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-13-210/"
},
{
"name": "20130806 [slackware-security] bind (SSA:2013-218-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html"
},
{
"name": "RHSA-2013:1114",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1114.html"
},
{
"name": "61479",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61479"
},
{
"name": "54323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54323"
},
{
"name": "SUSE-SU-2013:1310",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html"
},
{
"name": "54211",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54211"
},
{
"name": "USN-1910-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1910-1"
},
{
"name": "DSA-2728",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2728"
},
{
"name": "1028838",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028838"
},
{
"name": "RHSA-2013:1115",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1115.html"
},
{
"name": "SSRT101281",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
},
{
"name": "54432",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54432"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2013-13863",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html"
},
{
"name": "HPSBUX02926",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-01015"
},
{
"name": "APPLE-SA-2014-10-16-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
},
{
"name": "54134",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54134"
},
{
"name": "MDVSA-2013:202",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:202"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-1244"
},
{
"name": "54185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54185"
},
{
"name": "FreeBSD-SA-13:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-01016"
},
{
"name": "oval:org.mitre.oval:def:19561",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10052"
},
{
"name": "FEDORA-2013-13831",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html"
},
{
"name": "54207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54207"
},
{
"name": "openSUSE-SU-2013:1354",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT6536"
},
{
"name": "isc-bind-cve20134854-dos(86004)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86004"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-13-210/"
},
{
"name": "20130806 [slackware-security] bind (SSA:2013-218-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html"
},
{
"name": "RHSA-2013:1114",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1114.html"
},
{
"name": "61479",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61479"
},
{
"name": "54323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54323"
},
{
"name": "SUSE-SU-2013:1310",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html"
},
{
"name": "54211",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54211"
},
{
"name": "USN-1910-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1910-1"
},
{
"name": "DSA-2728",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2728"
},
{
"name": "1028838",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028838"
},
{
"name": "RHSA-2013:1115",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1115.html"
},
{
"name": "SSRT101281",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
},
{
"name": "54432",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54432"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2013-13863",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html"
},
{
"name": "HPSBUX02926",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
},
{
"name": "https://kb.isc.org/article/AA-01015",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01015"
},
{
"name": "APPLE-SA-2014-10-16-3",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
},
{
"name": "54134",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54134"
},
{
"name": "MDVSA-2013:202",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:202"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1244",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1244"
},
{
"name": "54185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54185"
},
{
"name": "FreeBSD-SA-13:07",
"refsource": "FREEBSD",
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc"
},
{
"name": "https://kb.isc.org/article/AA-01016",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01016"
},
{
"name": "oval:org.mitre.oval:def:19561",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10052",
"refsource": "MISC",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10052"
},
{
"name": "FEDORA-2013-13831",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html"
},
{
"name": "54207",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54207"
},
{
"name": "openSUSE-SU-2013:1354",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html"
},
{
"name": "https://support.apple.com/kb/HT6536",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6536"
},
{
"name": "isc-bind-cve20134854-dos(86004)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86004"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-13-210/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-13-210/"
},
{
"name": "20130806 [slackware-security] bind (SSA:2013-218-01)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html"
},
{
"name": "RHSA-2013:1114",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1114.html"
},
{
"name": "61479",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61479"
},
{
"name": "54323",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54323"
},
{
"name": "SUSE-SU-2013:1310",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html"
},
{
"name": "54211",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54211"
},
{
"name": "USN-1910-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1910-1"
},
{
"name": "DSA-2728",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2728"
},
{
"name": "1028838",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028838"
},
{
"name": "RHSA-2013:1115",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1115.html"
},
{
"name": "SSRT101281",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
},
{
"name": "54432",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54432"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4854",
"datePublished": "2013-07-26T23:00:00",
"dateReserved": "2013-07-16T00:00:00",
"dateUpdated": "2024-08-06T16:59:39.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3110
Vulnerability from cvelistv5
Published
2010-10-12 19:00
Modified
2024-09-16 22:36
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:46.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SA:2010:033",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-12T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SA:2010:033",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2010:033",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3110",
"datePublished": "2010-10-12T19:00:00Z",
"dateReserved": "2010-08-24T00:00:00Z",
"dateUpdated": "2024-09-16T22:36:15.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1325
Vulnerability from cvelistv5
Published
2010-09-03 19:00
Modified
2024-08-07 01:21
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=588284 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/42121 | vdb-entry, x_refsource_BID | |
| http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html | vendor-advisory, x_refsource_SUSE | |
| http://support.novell.com/security/cve/CVE-2010-1325.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/61006 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:18.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=588284"
},
{
"name": "42121",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42121"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/security/cve/CVE-2010-1325.html"
},
{
"name": "apacheslms-quoting-csrf(61006)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named \"Apache SLMS,\" but that is incorrect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=588284"
},
{
"name": "42121",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42121"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/security/cve/CVE-2010-1325.html"
},
{
"name": "apacheslms-quoting-csrf(61006)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61006"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named \"Apache SLMS,\" but that is incorrect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=588284",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=588284"
},
{
"name": "42121",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42121"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "http://support.novell.com/security/cve/CVE-2010-1325.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/security/cve/CVE-2010-1325.html"
},
{
"name": "apacheslms-quoting-csrf(61006)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61006"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1325",
"datePublished": "2010-09-03T19:00:00",
"dateReserved": "2010-04-08T00:00:00",
"dateUpdated": "2024-08-07T01:21:18.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0988
Vulnerability from cvelistv5
Published
2011-04-18 17:00
Modified
2024-08-06 22:14
Severity ?
EPSS score ?
Summary
pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/44039 | third-party-advisory, x_refsource_SECUNIA | |
| https://hermes.opensuse.org/messages/7849430 | vendor-advisory, x_refsource_SUSE | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66618 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:26.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44039"
},
{
"name": "SUSE-SU-2011:0306",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/7849430"
},
{
"name": "sles-pureftpd-privilege-escalation(66618)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66618"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "44039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44039"
},
{
"name": "SUSE-SU-2011:0306",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/7849430"
},
{
"name": "sles-pureftpd-privilege-escalation(66618)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66618"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44039"
},
{
"name": "SUSE-SU-2011:0306",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/7849430"
},
{
"name": "sles-pureftpd-privilege-escalation(66618)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66618"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0988",
"datePublished": "2011-04-18T17:00:00",
"dateReserved": "2011-02-14T00:00:00",
"dateUpdated": "2024-08-06T22:14:26.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1285
Vulnerability from cvelistv5
Published
2007-03-06 20:00
Modified
2024-08-07 12:50
Severity ?
EPSS score ?
Summary
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/173043"
},
{
"name": "22764",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22764"
},
{
"name": "RHSA-2007:0154",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0154.html"
},
{
"name": "26048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26048"
},
{
"name": "20070418 rPSA-2007-0073-1 php php-mysql php-pgsql",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/466166/100/0/threaded"
},
{
"name": "GLSA-200705-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
},
{
"name": "24941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24941"
},
{
"name": "27864",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27864"
},
{
"name": "RHSA-2007:0162",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0162.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://us2.php.net/releases/4_4_7.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/releases/4_4_8.php"
},
{
"name": "SSA:2008-045-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.335136"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php#5.2.4"
},
{
"name": "28936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28936"
},
{
"name": "MDKSA-2007:090",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:090"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.php-security.org/MOPB/MOPB-03-2007.html"
},
{
"name": "USN-549-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/549-1/"
},
{
"name": "24909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24909"
},
{
"name": "MDKSA-2007:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:087"
},
{
"name": "24945",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24945"
},
{
"name": "oval:org.mitre.oval:def:11017",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11017"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1268"
},
{
"name": "32769",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32769"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://us2.php.net/releases/5_2_2.php"
},
{
"name": "1017771",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017771"
},
{
"name": "RHSA-2007:0082",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0082.html"
},
{
"name": "24924",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24924"
},
{
"name": "RHSA-2007:0155",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0155.html"
},
{
"name": "24910",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24910"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-4.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/releases/5_2_4.php"
},
{
"name": "MDKSA-2007:089",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:089"
},
{
"name": "25445",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25445"
},
{
"name": "RHSA-2007:0163",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0163.html"
},
{
"name": "USN-549-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-549-2"
},
{
"name": "26642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26642"
},
{
"name": "MDKSA-2007:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:088"
},
{
"name": "SUSE-SA:2007:044",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/173043"
},
{
"name": "22764",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22764"
},
{
"name": "RHSA-2007:0154",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0154.html"
},
{
"name": "26048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26048"
},
{
"name": "20070418 rPSA-2007-0073-1 php php-mysql php-pgsql",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/466166/100/0/threaded"
},
{
"name": "GLSA-200705-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
},
{
"name": "24941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24941"
},
{
"name": "27864",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27864"
},
{
"name": "RHSA-2007:0162",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0162.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://us2.php.net/releases/4_4_7.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/releases/4_4_8.php"
},
{
"name": "SSA:2008-045-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.335136"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php#5.2.4"
},
{
"name": "28936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28936"
},
{
"name": "MDKSA-2007:090",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:090"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.php-security.org/MOPB/MOPB-03-2007.html"
},
{
"name": "USN-549-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/549-1/"
},
{
"name": "24909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24909"
},
{
"name": "MDKSA-2007:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:087"
},
{
"name": "24945",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24945"
},
{
"name": "oval:org.mitre.oval:def:11017",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11017"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1268"
},
{
"name": "32769",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32769"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://us2.php.net/releases/5_2_2.php"
},
{
"name": "1017771",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017771"
},
{
"name": "RHSA-2007:0082",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0082.html"
},
{
"name": "24924",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24924"
},
{
"name": "RHSA-2007:0155",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0155.html"
},
{
"name": "24910",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24910"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-4.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/releases/5_2_4.php"
},
{
"name": "MDKSA-2007:089",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:089"
},
{
"name": "25445",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25445"
},
{
"name": "RHSA-2007:0163",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0163.html"
},
{
"name": "USN-549-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-549-2"
},
{
"name": "26642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26642"
},
{
"name": "MDKSA-2007:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:088"
},
{
"name": "SUSE-SA:2007:044",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/bugs/173043",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/173043"
},
{
"name": "22764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22764"
},
{
"name": "RHSA-2007:0154",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2007-0154.html"
},
{
"name": "26048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26048"
},
{
"name": "20070418 rPSA-2007-0073-1 php php-mysql php-pgsql",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466166/100/0/threaded"
},
{
"name": "GLSA-200705-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
},
{
"name": "24941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24941"
},
{
"name": "27864",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27864"
},
{
"name": "RHSA-2007:0162",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0162.html"
},
{
"name": "http://us2.php.net/releases/4_4_7.php",
"refsource": "CONFIRM",
"url": "http://us2.php.net/releases/4_4_7.php"
},
{
"name": "http://www.php.net/releases/4_4_8.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/releases/4_4_8.php"
},
{
"name": "SSA:2008-045-03",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.335136"
},
{
"name": "http://www.php.net/ChangeLog-5.php#5.2.4",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php#5.2.4"
},
{
"name": "28936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28936"
},
{
"name": "MDKSA-2007:090",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:090"
},
{
"name": "http://www.php-security.org/MOPB/MOPB-03-2007.html",
"refsource": "MISC",
"url": "http://www.php-security.org/MOPB/MOPB-03-2007.html"
},
{
"name": "USN-549-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/549-1/"
},
{
"name": "24909",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24909"
},
{
"name": "MDKSA-2007:087",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:087"
},
{
"name": "24945",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24945"
},
{
"name": "oval:org.mitre.oval:def:11017",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11017"
},
{
"name": "https://issues.rpath.com/browse/RPL-1268",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1268"
},
{
"name": "32769",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32769"
},
{
"name": "http://us2.php.net/releases/5_2_2.php",
"refsource": "CONFIRM",
"url": "http://us2.php.net/releases/5_2_2.php"
},
{
"name": "1017771",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017771"
},
{
"name": "RHSA-2007:0082",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0082.html"
},
{
"name": "24924",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24924"
},
{
"name": "RHSA-2007:0155",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2007-0155.html"
},
{
"name": "24910",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24910"
},
{
"name": "http://www.php.net/ChangeLog-4.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-4.php"
},
{
"name": "http://www.php.net/releases/5_2_4.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/releases/5_2_4.php"
},
{
"name": "MDKSA-2007:089",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:089"
},
{
"name": "25445",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25445"
},
{
"name": "RHSA-2007:0163",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2007-0163.html"
},
{
"name": "USN-549-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-549-2"
},
{
"name": "26642",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26642"
},
{
"name": "MDKSA-2007:088",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:088"
},
{
"name": "SUSE-SA:2007:044",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1285",
"datePublished": "2007-03-06T20:00:00",
"dateReserved": "2007-03-06T00:00:00",
"dateUpdated": "2024-08-07T12:50:35.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2007-08-20 19:17
Modified
2024-11-21 00:35
Severity ?
Summary
Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | suse_linux | 10.1 | |
| suse | suse_linux | 10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:suse_linux:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DC9268E-4A06-4494-BE50-A3B806AD4937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:10:*:enterprise_desktop:*:*:*:*:*",
"matchCriteriaId": "DC55429E-B607-402D-A491-0EFE7D522F2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables."
},
{
"lang": "es",
"value": "Vulnerabilidad de b\u00fasqueda en ruta no confiable\r\nen las secuencias de comandos wrapper para los programas (1) rug, (2) zen-updater, (3) zen-installer, y (4) zen-remover sobre SUSE Linux 10.1 y Enterprise 10 permiten a usuarios locales ganar privilegios a trav\u00e9s de modificaciones de variables de entorno (a) LD_LIBRARY_PATH y (b) MONO_GAC_PREFIX."
}
],
"id": "CVE-2007-4432",
"lastModified": "2024-11-21T00:35:35.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-20T19:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46781"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46782"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46783"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46784"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26543"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-27 10:02
Modified
2024-11-21 00:01
Severity ?
Summary
chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | suse_linux | 10.0 | |
| suse | suse_linux | 9.0 | |
| suse | suse_linux | 9.0 | |
| suse | suse_linux | 9.1 | |
| suse | suse_linux | 9.1 | |
| suse | suse_linux | 9.2 | |
| suse | suse_linux | 9.2 | |
| suse | suse_linux | 9.3 | |
| suse | suse_linux | 9.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:suse_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92FB0F1B-80B4-47F9-A54C-51DB7E77CA08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "56EF103F-5668-4754-A83B-D3662D0CE815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "D5F98B9A-880E-45F0-8C16-12B22970F0D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF36BC6-6CCD-4FEE-A120-5B8C4BF5620C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "B905C6E9-5058-4FD7-95B6-CD6AB6B2F516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D073E9-E535-4B36-BEF2-8499536E37DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.3:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "9C7018E7-F90C-435D-A07A-05A294EA2827",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions."
}
],
"id": "CVE-2005-3321",
"lastModified": "2024-11-21T00:01:37.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-27T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17290/"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_62_permissions.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20263"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15182"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17290/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_62_permissions.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22853"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-03 20:00
Modified
2024-11-21 01:14
Severity ?
Summary
WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | suse_linux | 11 | |
| novell | webyast_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:suse_linux:11:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "BB545D91-1C4C-4692-B01A-B8DAE4A958BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:novell:webyast_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFA7A74B-DB88-4D3E-8CE9-61E99EFC74FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance\u0027s image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key."
},
{
"lang": "es",
"value": "WebYaST en yast2-webclient en SUSE Linux Enterprise (SLE) v11 en eWebYaST appliance usa una clave secreta fijada que es incrustadaen la imagen del dispositivo, lo que permite a atacantes remotos suplantar las cookies de sesi\u00f3n por conocimiento de esta clave."
}
],
"id": "CVE-2010-1507",
"lastModified": "2024-11-21T01:14:35.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-09-03T20:00:01.527",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://support.novell.com/security/cve/CVE-2010-1507.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/42128"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=591345"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=598834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.novell.com/security/cve/CVE-2010-1507.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/42128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=591345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=598834"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-17 22:17
Modified
2024-11-21 00:35
Severity ?
Summary
Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | suse_linux | 10.0 | |
| novell | suse_linux | 10.1 | |
| suse | suse_linux | 9.0 | |
| suse | suse_linux | 10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:suse_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92FB0F1B-80B4-47F9-A54C-51DB7E77CA08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DC9268E-4A06-4494-BE50-A3B806AD4937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "F7446746-87B7-4BD3-AABF-1E0FAA8265AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:10:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "C69ED2AB-9E0D-43B3-90F3-E2E10A5B1773",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a \"core clean\" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en una tarea planificada (cron job) de \"limpieza del n\u00facleo\" creada por el paquete findutils-locate en SUSE Linux 10.0 y 10.1 y Enterprise Server 9 y 10 anterior al 10/08/2007 permite a usuarios locales borrar archivos de su elecci\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2007-4394",
"lastModified": "2024-11-21T00:35:29.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-17T22:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46404"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26395"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-29 13:59
Modified
2024-11-21 01:56
Severity ?
Summary
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:bind:9.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B178BB5-A0DC-4014-A8CC-D89B0E2F9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "1BE753CB-A16D-4605-8640-137CD4A2BB16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "5B5F1155-78D6-480B-BC0A-1D36B08D2594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "A11247D0-A33E-4CE5-910A-F38B89C63EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E9478F4E-451D-4B4E-8054-E09522F97C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "87393BF8-9FE3-4501-94CA-A1AA9E38E771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC642B5-ACA4-4764-A9F2-3C87D5D8E9E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "A16CE093-38E0-4274-AD53-B807DE72AF91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.1:p2:*:*:*:*:*:*",
"matchCriteriaId": "2FB97DEB-A0A4-458C-A94B-46B7264AB0F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BFDF6597-7131-4080-BCFC-46032138646C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "881B8C5B-8A66-45AC-85E6-758B8A8153BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "4E2D144E-6A15-4B45-8B15-15B60FB33D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "B5690EC8-66C9-4316-BEAB-C218843F7FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.2:p3:*:*:*:*:*:*",
"matchCriteriaId": "FBF13572-C341-4FB1-BAFD-AF8F0C5EF510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B1D9F9C-54C2-485F-9B66-4AEA0573BC2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "423211E8-A08B-4254-977A-1917AED9B794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "3ABE2712-33E9-45EE-890C-E9FC51D19B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "BD79961B-508F-4A20-AD4D-D766DFB928E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5E5510BF-3D22-49DA-A4C6-2D6204EB37C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1BC4C7-F72B-43DB-B729-018360F4B281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.4:b1:*:*:*:*:*:*",
"matchCriteriaId": "DB36BD1D-A6AB-4BC8-94C0-FA662622FF26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.4:p1:*:*:*:*:*:*",
"matchCriteriaId": "DFF83126-E2C8-4156-9C28-7E3005A74E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "97D011B3-D9F3-4BC2-9695-A842148EA6BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8BC43BF9-5C34-4DF1-846A-E416DE9C7DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.5:b1:*:*:*:*:*:*",
"matchCriteriaId": "ADD24439-71B4-41AC-85D4-56511445051C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B063AE57-D426-4565-B2D9-ACDB0C16C78E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CCEA5F9A-A308-4573-BBEB-6B210A61D943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D13D4E84-04EB-4843-A1C4-E3265D1DAC00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.6:p1:*:*:*:*:*:*",
"matchCriteriaId": "434AA05B-1A22-474B-BEA3-CACAD78955F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.6:p2:*:*:*:*:*:*",
"matchCriteriaId": "E434E995-F554-45A7-A907-EE2725727B82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CC599FF2-080F-4545-BA31-6F431AA558AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "78BEBD36-7BD1-4686-BF9A-60B85EBF6A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "C3407560-6D54-4B1B-9977-AD4F6EB5D6BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux:11:*:desktop:*:*:*:*:*",
"matchCriteriaId": "1F04848C-31A0-41DF-815D-C200625D8B2C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:novell:suse_linux:11:*:server:*:*:*:*:*",
"matchCriteriaId": "09D8D0FB-C49A-44AA-B95E-DD82D870A242",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dnsco_bind:9.9.3:s1:*:*:*:*:*:*",
"matchCriteriaId": "0AD242CA-7077-4D79-B399-C3517921E814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dnsco_bind:9.9.4:s1b1:*:*:*:*:*:*",
"matchCriteriaId": "23EF52C0-4E1B-4B50-9AF2-39FA3ABEB4F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:bind:9.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B96B87-F18C-41EF-9A37-7D0842433A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.9.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "AFA1AA14-4D4A-45D0-9573-D53C0FFFFF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.9.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "F5DE1274-F7A1-4F12-A4F5-1CB1DD5B84E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.9.0:a3:*:*:*:*:*:*",
"matchCriteriaId": "401A7E61-AC3D-417D-97B8-E5E736DC6FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.9.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "C7C37F7D-DD28-4C70-A534-A3F434DF4273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.9.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "B2EC1F99-85C1-4081-A118-790111741246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "85D6C9B7-9D5D-4589-AC83-E6ECB535EBFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "043A5E3F-529B-4A9A-8531-184EE6D1942D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "673057D5-256C-4933-B56F-4BF8848323F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.9.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C2CE371B-E399-4D74-B46C-3606E4BDA53A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3798A1-134C-4066-A012-10C15F103EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.9.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "9CA1AEBE-040C-483A-9850-7DA888FF8075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.9.1:p2:*:*:*:*:*:*",
"matchCriteriaId": "B9A33F04-3240-4268-B613-C4876770A30F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "91DA33F1-CA29-4EB1-8F95-8CEA71383BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7BE793-7717-4019-8F50-158C309E48B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.9.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "9BE322FB-CC6F-46BA-861C-74C16D7FC791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.9.3:b2:*:*:*:*:*:*",
"matchCriteriaId": "9C322F95-B13A-4495-A87E-9295C0169DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.9.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "C267AE8E-A71A-4AE4-BF93-86C43924E477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.9.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38A3F698-5E6C-40AC-9DC6-FF7478E0440C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.9.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C7E1293E-82F4-4401-B3AA-7CB73761E163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CF1F9EF-01AF-4708-AE02-765360AF3D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9899C87E-2C09-46AE-BC24-1ACF012784CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5ECA1A-D9B4-4ED7-95EC-684E7AA2B765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "30C501A1-FE2D-41E7-A5DB-C61D8701B9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB4C0E8-8E50-44B1-BE0C-4C261D9E9730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6BD5BFF-260A-4A9E-B0AA-C8B8386B154E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D78E559A-430D-4D50-8A83-58A37D393471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.1:p4:*:*:*:*:*:*",
"matchCriteriaId": "DD6B2A2E-6E8C-40D7-B29F-1FC9E8B1076B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.1:p5:*:*:*:*:*:*",
"matchCriteriaId": "0ADB3AF3-5E13-4EC3-AE3C-128DF51E1DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.2:prerelease:*:*:*:*:*:*",
"matchCriteriaId": "213ECCF5-4FE2-4FE8-B84E-A1C9AA98F1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C52A912B-E7C6-484A-8E15-8208C97B8CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D4B097BE-2CA1-4236-AB8F-1151FCC845A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mandriva:business_server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2916CC4D-4C4D-4232-AA24-90458181EC25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandriva:enterprise_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0175F23D-071B-4791-9349-C85ABB37BF50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:bind:9.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4EBDD71E-6F17-4EB6-899F-E27A93CDFDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "811D03B2-96A8-47F9-80BE-54228A4108EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "B3D4393C-1151-49F9-963B-B6FD88E93814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "25855A5C-302F-4A82-AEC1-8C4C9CB70362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "03E68ACA-0288-4EE5-9250-54711B2E6670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "8D717D3D-F4BF-470B-AC2B-D1234A7303EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "66D259B7-4F9E-43B2-BB1D-3B097D3CDB28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9DA20E-57EA-49A0-9DB2-E9E0191EC1AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "FCC604FD-A834-4BA7-B1E2-1FCB6A583204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.1:b2:*:*:*:*:*:*",
"matchCriteriaId": "479D3C6C-1FD7-4DBE-A841-4B58400A89F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.1:b3:*:*:*:*:*:*",
"matchCriteriaId": "BAF29160-63C2-40D0-BE08-3C8181CD5092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "8DAA3942-0979-4D33-BD52-EF7F0403DFBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "39D75F93-B6A7-4D25-8147-25F7F867E5B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "B046CE1D-03E1-462F-9762-9269E59BD554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DAC9049D-6284-40F7-9E97-596FEDF9EEDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "10D06B47-911B-4095-ABD2-DDD38E6306F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59428551-218B-4C32-982F-DCDC894E2954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "961E22DC-1467-4A0C-9450-A2E047FCFCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.3:p2:*:*:*:*:*:*",
"matchCriteriaId": "DF77CAF5-A8D6-4479-9C4D-A698D26BDC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD318FF1-320B-4311-AF7E-988C023B4938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BDCC8861-0655-4180-A083-1516AC441A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.5:b1:*:*:*:*:*:*",
"matchCriteriaId": "DB2E6ABE-B1CB-4603-AFC8-BB7BE1AD96B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.5:b2:*:*:*:*:*:*",
"matchCriteriaId": "C8FC8393-5812-4032-A458-80C01248B18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.5:p1:*:*:*:*:*:*",
"matchCriteriaId": "8DEC5C59-44A6-4B48-A84F-22C080CBE5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87BAA6BD-4677-451B-B012-F3FF6C95B369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E52B0E7-9392-4B08-906F-C47C5CA41044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.8.6:b1:*:*:*:*:*:*",
"matchCriteriaId": "BD8E5645-EAE9-43A5-8845-229C403BF93B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*",
"matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
"matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*",
"matchCriteriaId": "B64BBA96-FB3C-46AC-9A29-50EE02714FE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E752F93D-ED2E-4458-A12E-47EE62C8DCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F56191B9-387B-4850-BA5F-F73D6AFEFE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7547FBB1-AFE8-4DCB-9B6D-0EB719D26FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64DF28B6-C9FE-44AD-9D09-2F154819AFA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:13.37:*:*:*:*:*:*:*",
"matchCriteriaId": "1A153230-E0BE-4323-AC73-44E8DCD14A1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013."
},
{
"lang": "es",
"value": "La implementaci\u00f3n RFC en rdata.c en ISC BIND 9.7.x y 9.8.x anterior a 9.8.5-P2, 9.8.6b1, 9.9.x anterior a 9.9.3-P2, y 9.9.4b1, y DNSco BIND 9.9.3-S1 anterior a 9.9.3-S1-P1 y 9.9.4-S1b1, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n y salida de demonio) a trav\u00e9s de una petici\u00f3n con una secci\u00f3n RDATA manipulada que se maneja adecuadamente durante la contrucci\u00f3n de mensaje de log. Ha sido explotada \"in the wild\" en Julio de 2013."
}
],
"id": "CVE-2013-4854",
"lastModified": "2024-11-21T01:56:33.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-29T13:59:37.537",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
},
{
"source": "cve@mitre.org",
"url": "http://linux.oracle.com/errata/ELSA-2014-1244"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1114.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1115.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54134"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54185"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54207"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54211"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54323"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54432"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2013/dsa-2728"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:202"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/61479"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1028838"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1910-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-13-210/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86004"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-01015"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-01016"
},
{
"source": "cve@mitre.org",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10052"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561"
},
{
"source": "cve@mitre.org",
"url": "https://support.apple.com/kb/HT6536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://linux.oracle.com/errata/ELSA-2014-1244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1114.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1115.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1028838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1910-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-13-210/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-01015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-01016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/kb/HT6536"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-23 20:02
Modified
2024-11-21 00:07
Severity ?
Summary
The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | suse_linux | 10.0 | |
| suse | suse_linux | 9.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:suse_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92FB0F1B-80B4-47F9-A54C-51DB7E77CA08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D073E9-E535-4B36-BEF2-8499536E37DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used."
}
],
"id": "CVE-2006-0803",
"lastModified": "2024-11-21T00:07:22.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-23T20:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2006_09_gpg.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_13_gpg.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2006_09_gpg.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_13_gpg.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16889"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-16 17:00
Modified
2024-11-21 02:27
Severity ?
Summary
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | Third Party Advisory | |
| secalert_us@oracle.com | http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | Vendor Advisory | |
| secalert_us@oracle.com | http://www.securitytracker.com/id/1032121 | Third Party Advisory, VDB Entry | |
| secalert_us@oracle.com | https://security.gentoo.org/glsa/201507-19 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032121 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201507-19 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | mysql | * | |
| novell | suse_linux | 11.0 | |
| novell | suse_linux | 11.0 | |
| novell | suse_linux_for_vmware | 11.0 | |
| novell | suse_linux_sdk | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CC19DE2-CDE4-4BB4-B2F8-4AA4BFED57BA",
"versionEndIncluding": "5.6.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:suse_linux:11.0:sp3:*:*:desktop:*:*:*",
"matchCriteriaId": "BA3A8A02-9CA2-44A3-AA2E-D802043EBFBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux:11.0:sp3:*:*:server:*:*:*",
"matchCriteriaId": "959EBEA2-52D2-4509-A32A-00E1FD9B4F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux_for_vmware:11.0:sp3:*:*:server:*:*:*",
"matchCriteriaId": "790CE51A-92B7-4F1F-9E59-3630D4E9DAB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux_sdk:11.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "4AC9F045-61AE-45BB-8B86-FD7B0B7AC34A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Oracle MySQL Server 5.6.23 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a trav\u00e9s de vectores desconocidos relacionados con Server : Security : Privileges."
}
],
"id": "CVE-2015-2567",
"lastModified": "2024-11-21T02:27:37.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-16T17:00:01.563",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032121"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201507-19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201507-19"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-06 20:19
Modified
2024-11-21 00:27
Severity ?
Summary
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| php | php | * | |
| php | php | * | |
| canonical | ubuntu_linux | 7.10 | |
| novell | suse_linux | 10.0 | |
| novell | suse_linux | 10.1 | |
| suse | linux_enterprise_server | 8 | |
| suse | linux_enterprise_server | 10 | |
| redhat | enterprise_linux_desktop | 3.0 | |
| redhat | enterprise_linux_desktop | 4.0 | |
| redhat | enterprise_linux_server | 2.0 | |
| redhat | enterprise_linux_server | 3.0 | |
| redhat | enterprise_linux_server | 4.0 | |
| redhat | enterprise_linux_workstation | 2.0 | |
| redhat | enterprise_linux_workstation | 3.0 | |
| redhat | enterprise_linux_workstation | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E364C9C-B72A-4010-A112-19EFFBDD7916",
"versionEndExcluding": "4.4.7",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91370F42-4EA1-445E-913F-34F473CB1905",
"versionEndExcluding": "5.2.2",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:suse_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92FB0F1B-80B4-47F9-A54C-51DB7E77CA08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DC9268E-4A06-4494-BE50-A3B806AD4937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*",
"matchCriteriaId": "FA1E7EFF-1CCA-473B-8D5C-30D59C26DC70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:*",
"matchCriteriaId": "29184B59-5756-48DB-930C-69D5CD628548",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9EF63F-DDA3-448B-92D7-27ED92C51FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "397313C3-6BF5-4A87-90B3-55678E807171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73322DEE-27A6-4D18-88A3-ED7F9CAEABD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53A61204-33CE-422F-8285-20A5E98ADF3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2FE6DAA-4702-409A-98B6-DE13B12805A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B5DCF29-6830-45FF-BC88-17E2249C653D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines."
},
{
"lang": "es",
"value": "El motor Zend en PHP versi\u00f3n 4.x anterior a 4.4.7, y versi\u00f3n 5.x anterior a 5.2.2, permite que los atacantes remotos causen una denegaci\u00f3n de servicio (agotamiento de pila y bloqueo de PHP) por medio de matrices profundamente anidadas, que desencadenan una profunda recursi\u00f3n en la variable de rutinas de destrucci\u00f3n."
}
],
"id": "CVE-2007-1285",
"lastModified": "2024-11-21T00:27:57.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2007-03-06T20:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0154.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0155.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0163.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24909"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24910"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24924"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24941"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24945"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25445"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26048"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26642"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27864"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28936"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.335136"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "http://us2.php.net/releases/4_4_7.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "http://us2.php.net/releases/5_2_2.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:087"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:088"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:089"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:090"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/32769"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://www.php-security.org/MOPB/MOPB-03-2007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "http://www.php.net/ChangeLog-4.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "http://www.php.net/ChangeLog-5.php#5.2.4"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "http://www.php.net/releases/4_4_8.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "http://www.php.net/releases/5_2_4.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0082.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0162.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/466166/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/22764"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1017771"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-549-2"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-1268"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://launchpad.net/bugs/173043"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11017"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://usn.ubuntu.com/549-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0154.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0155.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0163.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.335136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://us2.php.net/releases/4_4_7.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://us2.php.net/releases/5_2_2.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/32769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://www.php-security.org/MOPB/MOPB-03-2007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://www.php.net/ChangeLog-4.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://www.php.net/ChangeLog-5.php#5.2.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://www.php.net/releases/4_4_8.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://www.php.net/releases/5_2_4.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0082.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0162.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/466166/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/22764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1017771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-549-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-1268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://launchpad.net/bugs/173043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://usn.ubuntu.com/549-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-02 04:36
Modified
2024-11-21 01:34
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an image name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | suse_manager | 1.2 | |
| novell | suse_linux | 11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:suse_manager:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D611DAF0-9F2C-4543-8E84-BBD18499350D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:suse_linux:11:sp1:desktop:*:*:*:*:*",
"matchCriteriaId": "26CC3F42-7BC9-4E12-A98C-9CE8CEF3140F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an image name."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el servicio Spacewalk de SUSE Manager 1.2 para SUSE Linux Enterprise (SLE) 11 SP1 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s de un nombre de imagen."
}
],
"id": "CVE-2012-0414",
"lastModified": "2024-11-21T01:34:55.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-02T04:36:26.540",
"references": [
{
"source": "cve@mitre.org",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5145796.html"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=761165"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.novell.com/security/cve/CVE-2012-0414.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5145796.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=761165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.novell.com/security/cve/CVE-2012-0414.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:05
Severity ?
Summary
Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | suse_linux | 10.0 | |
| suse | suse_linux | 9.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:suse_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92FB0F1B-80B4-47F9-A54C-51DB7E77CA08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D073E9-E535-4B36-BEF2-8499536E37DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions."
}
],
"id": "CVE-2005-4790",
"lastModified": "2024-11-21T00:05:11.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=188806"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=189249"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=199841"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39577"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39578"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26480"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27608"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27621"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27799"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28339"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28672"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200711-12.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-14.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:064"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25341"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=485224"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=362941"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36054"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/560-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00206.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00913.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=188806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=189249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=199841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200711-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-14.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=485224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=362941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/560-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00913.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-23 18:30
Modified
2024-11-21 01:02
Severity ?
Summary
iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | suse_linux | 10 | |
| novell | suse_linux | 11 | |
| opensuse | opensuse | 10.3 | |
| opensuse | opensuse | 11.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:suse_linux:10:sp2:enterprise:*:*:*:*:*",
"matchCriteriaId": "3DC820C5-6283-4EB7-A5C7-B28EFEFC3926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux:11:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "BB545D91-1C4C-4692-B01A-B8DAE4A958BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B68DF-1440-4587-8458-9C5F4D1E43F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name."
},
{
"lang": "es",
"value": "iscsi_discovery en open-iscsi en SUSE openSUSE versi\u00f3n 10.3 hasta la 11.1 y SUSE Linux Enterprise (SLE) versi\u00f3n 10 SP2 y 11, y otros sistemas operativos, permite a los usuarios locales sobrescribir archivos arbitrarios por medio de un ataque de enlace simb\u00f3lico (symlink) en un archivo temporal no especificado que tiene un nombre predecible."
}
],
"id": "CVE-2009-1297",
"lastModified": "2024-11-21T01:02:07.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-23T18:30:00.267",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:109"
},
{
"source": "security@ubuntu.com",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:05
Severity ?
Summary
Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | suse_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:suse_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92FB0F1B-80B4-47F9-A54C-51DB7E77CA08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee."
}
],
"id": "CVE-2005-4791",
"lastModified": "2024-11-21T00:05:11.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39580"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27771"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=555823\u0026group_id=87005"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15040"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=555823\u0026group_id=87005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3965"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-09 15:08
Modified
2024-11-21 00:45
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:struts:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1B8A83-43A4-4C4F-BB95-4D9CAD882D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A55DDFE1-A8AB-47BB-903E-957FCF3D023D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDDD509E-9EBF-483F-9546-A1A3A1A3380E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC81E1A-2779-4FAF-866C-970752CD1828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD69FAE-C1A3-4213-824A-7DCCE357EB01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:suse_linux:11:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "BB545D91-1C4C-4692-B01A-B8DAE4A958BE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B68DF-1440-4587-8458-9C5F4D1E43F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"insufficient quoting of parameters.\""
},
{
"lang": "es",
"value": "Vulnerabilidades de secuencias de comandos en sitios cruzados (XSS)en Apache Struts anteriores a v1.2.9-162.31.1 en SUSE Linux Enterprise (SLE) v11, anteriores a v1.2.9-108.2 en SUSE openSUSE v10.3, anteriores a v1.2.9-198.2 en SUSE openSUSE v11.0, y anteriores a v1.2.9-162.163.2 en SUSE openSUSE v11.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no espec\u00edficos, relativo a \"Citando la insuficiencia de par\u00e1metros.\" \r\n"
}
],
"id": "CVE-2008-2025",
"lastModified": "2024-11-21T00:45:54.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-09T15:08:35.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://download.opensuse.org/update/10.3-test/repodata/patch-struts-5872.xml"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53380"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34567"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34642"
},
{
"source": "cve@mitre.org",
"url": "http://support.novell.com/security/cve/CVE-2008-2025.html"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=385273"
},
{
"source": "cve@mitre.org",
"url": "https://launchpad.net/bugs/cve/2008-2025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://download.opensuse.org/update/10.3-test/repodata/patch-struts-5872.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.novell.com/security/cve/CVE-2008-2025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=385273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/bugs/cve/2008-2025"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This is not a security flaw in Struts. Struts has never guaranteed to perform filtering of the untrusted user inputs used as html tag attributes names or values. If user inputs need to be used as part of the tag attributes, the JSP page needs to perform filtering explicitly. For further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2025",
"lastModified": "2009-10-20T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-10 23:07
Modified
2024-11-21 00:18
Severity ?
Summary
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | 4.1 | |
| novell | suse_linux | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF67D77-02AC-4807-984D-C5AE9799F051",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:suse_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC4A9CAF-EC05-4822-80C4-86AB74237CA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds."
},
{
"lang": "es",
"value": "OpenSSH portable 4.1 en SUSE Linux, y posiblemente en otras plataformas y versiones, y posiblemente bajo configuraciones limitadas, permite a atacantes remotos determinar nombres de usuario v\u00e1lidos mediante discrepancias de tiempo en las cuales las respuestas tardan m\u00e1s para nombres de usuario v\u00e1lidos que para los inv\u00e1lidos, como ha sido demostrado por sshtime. NOTA: a fecha de 14/10/2006, parece que este problema depende del uso de contrase\u00f1as configuradas manualmente que provoca retrasos procesando /etc/shadow debido a un incremento en el n\u00famero de rondas."
}
],
"id": "CVE-2006-5229",
"lastModified": "2024-11-21T00:18:23.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-10T23:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25979"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/32721"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/448025/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/448108/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/448156/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/448702/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20418"
},
{
"source": "cve@mitre.org",
"url": "http://www.sybsecurity.com/hack-proventia-1.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/32721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/448025/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/448108/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/448156/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/448702/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sybsecurity.com/hack-proventia-1.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2545"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat has been unable to reproduce this flaw and believes that the reporter was experiencing behavior specific to his environment. We will not be releasing update to address this issue.",
"lastModified": "2006-10-11T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-12 20:00
Modified
2024-11-21 01:18
Severity ?
Summary
Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | suse_linux | 11 | |
| novell | suse_linux | 11 | |
| opensuse | opensuse | 11.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:suse_linux:11:sp1:desktop:*:*:*:*:*",
"matchCriteriaId": "26CC3F42-7BC9-4E12-A98C-9CE8CEF3140F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux:11:sp1:server:*:*:*:*:*",
"matchCriteriaId": "5F6E120A-5FA5-4310-A685-36ABAD81DF23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en el m\u00f3dulo Novell Client novfs para el kernel Linux en SUSE Linux Enterprise 11 SP1 y openSUSE 11.3 permite a atacantes locales escalar privilegios mediante vectores no especificados."
}
],
"id": "CVE-2010-3110",
"lastModified": "2024-11-21T01:18:03.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-12T20:00:03.710",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-03 20:00
Modified
2024-11-21 01:14
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | suse_lifecycle_management_server | 1.0 | |
| novell | suse_linux | 11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:suse_lifecycle_management_server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB693F6-A69D-4551-915D-063334219958",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:suse_linux:11:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "BB545D91-1C4C-4692-B01A-B8DAE4A958BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named \"Apache SLMS,\" but that is incorrect."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en apache2-slms package en SUSE Lifecycle Management Server (SLMS) v1.0 en SUSE Linux Enterprise (SLE) v11 permite a atacantes remotos secuestar la autenticaci\u00f3n de v\u00edctimas no especificadas a trav\u00e9s de vectores relacionados con par\u00e1metros citados inadecuados. NOSE: algunas fuentes reportan que esta vulnerabilidad en un producto llamado \"Apache SLMS,\" pero \u00e9sto es incorrecto."
}
],
"id": "CVE-2010-1325",
"lastModified": "2024-11-21T01:14:09.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-09-03T20:00:01.293",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://support.novell.com/security/cve/CVE-2010-1325.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/42121"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=588284"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.novell.com/security/cve/CVE-2010-1325.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/42121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=588284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61006"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-18 17:55
Modified
2024-11-21 01:25
Severity ?
Summary
pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pureftpd | pure-ftpd | 1.0.22 | |
| novell | suse_linux | 10 | |
| novell | suse_linux | 10 | |
| novell | suse_linux | 11 | |
| novell | suse_linux | 11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "66DC1055-CD1D-48B3-9CC4-40F42C3490A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux:10:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7BCA5CC9-72F0-46ED-A0DF-611377E2D3BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux:10:sp4:*:*:*:*:*:*",
"matchCriteriaId": "3D9148F6-3E3A-42D0-B398-B069A683A6B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux:11:sp3:desktop:*:*:*:*:*",
"matchCriteriaId": "7C041069-C3AF-468E-9E20-55974B4B9C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux:11:sp4:desktop:*:*:*:*:*",
"matchCriteriaId": "0D038A9C-3B15-4E33-BD76-500927801064",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors."
},
{
"lang": "es",
"value": "pure-ftpd 1.0.22, tal como se utiliza en SUSE Linux Enterprise Server 10 Service Pack 3 y Service Pack 4, y Enterprise Desktop 10 Service Pack 3 y Service Pack 4, cuando se ejecutan las extensiones OES Netware, crea un directorio en el que todo el mundo puede escribir, lo cual permite a usuarios locales sobrescribir archivos de forma arbitraria y ganar privilegios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-0988",
"lastModified": "2024-11-21T01:25:15.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-04-18T17:55:01.030",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44039"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66618"
},
{
"source": "cve@mitre.org",
"url": "https://hermes.opensuse.org/messages/7849430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/7849430"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-16 17:00
Modified
2024-11-21 02:27
Severity ?
Summary
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | Third Party Advisory | |
| secalert_us@oracle.com | http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | Vendor Advisory | |
| secalert_us@oracle.com | http://www.securitytracker.com/id/1032121 | Third Party Advisory, VDB Entry | |
| secalert_us@oracle.com | https://security.gentoo.org/glsa/201507-19 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032121 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201507-19 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | suse_linux | 11.0 | |
| novell | suse_linux | 11.0 | |
| novell | suse_linux_for_vmware | 11.0 | |
| novell | suse_linux_sdk | 11.0 | |
| oracle | mysql | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:suse_linux:11.0:sp3:*:*:desktop:*:*:*",
"matchCriteriaId": "BA3A8A02-9CA2-44A3-AA2E-D802043EBFBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux:11.0:sp3:*:*:server:*:*:*",
"matchCriteriaId": "959EBEA2-52D2-4509-A32A-00E1FD9B4F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux_for_vmware:11.0:sp3:*:*:server:*:*:*",
"matchCriteriaId": "790CE51A-92B7-4F1F-9E59-3630D4E9DAB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux_sdk:11.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "4AC9F045-61AE-45BB-8B86-FD7B0B7AC34A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88026F8E-06D9-4B34-89CF-C01E2486961D",
"versionEndIncluding": "5.6.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Oracle MySQL Server 5.6.22 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a trav\u00e9s de vectores relacionados con DML."
}
],
"id": "CVE-2015-2566",
"lastModified": "2024-11-21T02:27:37.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:M/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-16T17:00:00.610",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032121"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201507-19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201507-19"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-13 01:00
Modified
2024-11-21 01:19
Severity ?
Summary
The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | suse_linux | 10 | |
| novell | suse_linux | 11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:suse_linux:10:sp3:enterprise:*:*:*:*:*",
"matchCriteriaId": "729E4FC1-2207-4773-ACAE-6708B2437223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux:11:sp1:enterprise:*:*:*:*:*",
"matchCriteriaId": "461BE88B-903C-43E3-A59F-4F3CE00D025B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not \"disguise passwords\" in configuration files, which has unknown impact and attack vectors."
},
{
"lang": "es",
"value": "La secuencia de comandos en supportconfig en supportutils en el SP3 de SUSE Linux Enterprise v11 Service Pack 1 y 10 no \"disfraza contrase\u00f1as\" en los archivos de configuraci\u00f3n, que tiene un impacto y vectores de ataque desconocidos."
}
],
"id": "CVE-2010-3912",
"lastModified": "2024-11-21T01:19:53.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-13T01:00:01.740",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/70405"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/42877"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0076"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/70405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64690"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}