Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by lilo
CVE-2011-1934 (GCVE-0-2011-1934)
Vulnerability from cvelistv5 – Published: 2019-11-26 21:03 – Updated: 2024-08-06 22:46
VLAI?
Summary
lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1.
Severity ?
No CVSS data available.
CWE
- lilo.conf world-readable
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1934"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-1934"
},
{
"name": "[oss-security] 20110519 Re: CVE requests: ffmpeg/widelands/jifty::db/lilo/libpcap",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2011/q2/464"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615103"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "lilo",
"vendor": "lilo",
"versions": [
{
"status": "affected",
"version": "23.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "lilo.conf world-readable",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T21:03:19.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1934"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-1934"
},
{
"name": "[oss-security] 20110519 Re: CVE requests: ffmpeg/widelands/jifty::db/lilo/libpcap",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://seclists.org/oss-sec/2011/q2/464"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615103"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "lilo",
"version": {
"version_data": [
{
"version_value": "23.1"
}
]
}
}
]
},
"vendor_name": "lilo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "lilo.conf world-readable"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-1934",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1934"
},
{
"name": "https://access.redhat.com/security/cve/cve-2011-1934",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2011-1934"
},
{
"name": "[oss-security] 20110519 Re: CVE requests: ffmpeg/widelands/jifty::db/lilo/libpcap",
"refsource": "MLIST",
"url": "https://seclists.org/oss-sec/2011/q2/464"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615103",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615103"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1934",
"datePublished": "2019-11-26T21:03:19.000Z",
"dateReserved": "2011-05-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:46:00.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3895 (GCVE-0-2008-3895)
Vulnerability from cvelistv5 – Published: 2008-09-03 14:00 – Updated: 2024-08-07 09:53
VLAI?
Summary
LILO 22.6.1 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2008-08-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ivizsecurity.com/preboot-patch.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"
},
{
"name": "20080825 [IVIZ-08-008] LILO Security Model bypass exploiting wrong BIOS API usage",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495801/100/0/threaded"
},
{
"name": "4211",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LILO 22.6.1 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ivizsecurity.com/preboot-patch.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"
},
{
"name": "20080825 [IVIZ-08-008] LILO Security Model bypass exploiting wrong BIOS API usage",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495801/100/0/threaded"
},
{
"name": "4211",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4211"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LILO 22.6.1 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ivizsecurity.com/preboot-patch.html",
"refsource": "MISC",
"url": "http://www.ivizsecurity.com/preboot-patch.html"
},
{
"name": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf",
"refsource": "MISC",
"url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"
},
{
"name": "20080825 [IVIZ-08-008] LILO Security Model bypass exploiting wrong BIOS API usage",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495801/100/0/threaded"
},
{
"name": "4211",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4211"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3895",
"datePublished": "2008-09-03T14:00:00.000Z",
"dateReserved": "2008-09-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:53:00.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}