Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2015-AVI-431
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QFabric 3100 Director versions 12.x",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "ScreenOS",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CTPView 7.0R3",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Juniper Junos OS",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-2905",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2905"
},
{
"name": "CVE-2011-2483",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2483"
},
{
"name": "CVE-2013-1667",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1667"
},
{
"name": "CVE-2012-3417",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3417"
},
{
"name": "CVE-2014-0063",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0063"
},
{
"name": "CVE-2015-5600",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
},
{
"name": "CVE-2014-3566",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3566"
},
{
"name": "CVE-2014-8867",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8867"
},
{
"name": "CVE-2015-1793",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1793"
},
{
"name": "CVE-2015-1791",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1791"
},
{
"name": "CVE-2009-3490",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3490"
},
{
"name": "CVE-2012-0866",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0866"
},
{
"name": "CVE-2010-3433",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3433"
},
{
"name": "CVE-2012-5526",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5526"
},
{
"name": "CVE-2010-1447",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1447"
},
{
"name": "CVE-2014-0061",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0061"
},
{
"name": "CVE-2009-0115",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0115"
},
{
"name": "CVE-2007-6067",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6067"
},
{
"name": "CVE-2010-0826",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0826"
},
{
"name": "CVE-2014-8159",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8159"
},
{
"name": "CVE-2010-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0211"
},
{
"name": "CVE-2013-4242",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4242"
},
{
"name": "CVE-2015-1158",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1158"
},
{
"name": "CVE-2015-2808",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
},
{
"name": "CVE-2010-4352",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4352"
},
{
"name": "CVE-2015-7749",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7749"
},
{
"name": "CVE-2011-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1720"
},
{
"name": "CVE-2010-1168",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1168"
},
{
"name": "CVE-2009-1189",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1189"
},
{
"name": "CVE-2014-6450",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6450"
},
{
"name": "CVE-2015-1789",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1789"
},
{
"name": "CVE-2008-2937",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2937"
},
{
"name": "CVE-2012-2697",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2697"
},
{
"name": "CVE-2013-2566",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
},
{
"name": "CVE-2011-1081",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1081"
},
{
"name": "CVE-2009-1632",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1632"
},
{
"name": "CVE-2012-3488",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3488"
},
{
"name": "CVE-2015-5361",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5361"
},
{
"name": "CVE-2013-6435",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6435"
},
{
"name": "CVE-2010-2761",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2761"
},
{
"name": "CVE-2012-5195",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5195"
},
{
"name": "CVE-2015-1788",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
},
{
"name": "CVE-2014-6449",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6449"
},
{
"name": "CVE-2015-1792",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1792"
},
{
"name": "CVE-2014-6451",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6451"
},
{
"name": "CVE-2012-6329",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6329"
},
{
"name": "CVE-2014-4345",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4345"
},
{
"name": "CVE-2008-5302",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5302"
},
{
"name": "CVE-2013-6629",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6629"
},
{
"name": "CVE-2014-2285",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2285"
},
{
"name": "CVE-2013-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4449"
},
{
"name": "CVE-2012-0868",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0868"
},
{
"name": "CVE-2007-4476",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4476"
},
{
"name": "CVE-2010-4410",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4410"
},
{
"name": "CVE-2008-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
},
{
"name": "CVE-2015-7752",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7752"
},
{
"name": "CVE-2010-0407",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0407"
},
{
"name": "CVE-2014-0064",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0064"
},
{
"name": "CVE-2014-0065",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0065"
},
{
"name": "CVE-2007-4772",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4772"
},
{
"name": "CVE-2013-0292",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0292"
},
{
"name": "CVE-2012-6151",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6151"
},
{
"name": "CVE-2008-5303",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5303"
},
{
"name": "CVE-2015-1159",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1159"
},
{
"name": "CVE-2011-2200",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2200"
},
{
"name": "CVE-2015-7748",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7748"
},
{
"name": "CVE-2015-7750",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7750"
},
{
"name": "CVE-2015-7751",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7751"
},
{
"name": "CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
},
{
"name": "CVE-2008-3834",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3834"
},
{
"name": "CVE-2010-0624",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0624"
},
{
"name": "CVE-2014-0062",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0062"
},
{
"name": "CVE-2011-1025",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1025"
},
{
"name": "CVE-2014-6448",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6448"
},
{
"name": "CVE-2011-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3597"
},
{
"name": "CVE-2010-0212",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0212"
},
{
"name": "CVE-2009-1185",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1185"
},
{
"name": "CVE-2009-4901",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4901"
},
{
"name": "CVE-2010-1172",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1172"
},
{
"name": "CVE-2010-4530",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4530"
},
{
"name": "CVE-2011-1024",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1024"
},
{
"name": "CVE-2014-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
},
{
"name": "CVE-2014-0060",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0060"
},
{
"name": "CVE-1999-0524",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0524"
},
{
"name": "CVE-2010-4015",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4015"
},
{
"name": "CVE-2011-0002",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0002"
},
{
"name": "CVE-2009-1574",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1574"
},
{
"name": "CVE-2009-3736",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3736"
},
{
"name": "CVE-2015-1790",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1790"
},
{
"name": "CVE-2012-2143",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2143"
},
{
"name": "CVE-2014-0066",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0066"
},
{
"name": "CVE-2010-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0001"
}
],
"links": [],
"reference": "CERTFR-2015-AVI-431",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10694 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10700 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10700\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10703 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10703\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10708 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10708\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10705 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10706 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10706\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10695 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10695\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10699 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10699\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10697 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10697\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10707 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10707\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10702 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10702\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10704 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10704\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10696 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10696\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10701 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10701\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CVE-2011-2483 (GCVE-0-2011-2483)
Vulnerability from cvelistv5 – Published: 2011-08-25 14:00 – Updated: 2024-08-06 23:00
VLAI
EPSS
VEX
Summary
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
22 references
| URL | Tags |
|---|---|
| http://www.openwall.com/crypt/ | x_refsource_CONFIRM |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://support.apple.com/kb/HT5130 | x_refsource_CONFIRM |
| http://php.net/security/crypt_blowfish | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/49241 | vdb-entryx_refsource_BID |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.debian.org/security/2012/dsa-2399 | vendor-advisoryx_refsource_DEBIAN |
| http://www.debian.org/security/2011/dsa-2340 | vendor-advisoryx_refsource_DEBIAN |
| http://www.redhat.com/support/errata/RHSA-2011-13… | vendor-advisoryx_refsource_REDHAT |
| http://www.postgresql.org/docs/8.4/static/release… | x_refsource_CONFIRM |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.redhat.com/support/errata/RHSA-2011-13… | vendor-advisoryx_refsource_REDHAT |
| http://www.redhat.com/support/errata/RHSA-2011-14… | vendor-advisoryx_refsource_REDHAT |
| http://www.php.net/ChangeLog-5.php#5.3.7 | x_refsource_CONFIRM |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| http://www.php.net/archive/2011.php#id2011-08-18-1 | x_refsource_CONFIRM |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://freshmeat.net/projects/crypt_blowfish | x_refsource_MISC |
| http://www.ubuntu.com/usn/USN-1229-1 | vendor-advisoryx_refsource_UBUNTU |
Date Public
2011-06-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/crypt/"
},
{
"name": "MDVSA-2011:180",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:180"
},
{
"name": "php-cryptblowfish-info-disclosure(69319)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69319"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://php.net/security/crypt_blowfish"
},
{
"name": "49241",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49241"
},
{
"name": "MDVSA-2011:165",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:165"
},
{
"name": "DSA-2399",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2399"
},
{
"name": "DSA-2340",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2340"
},
{
"name": "RHSA-2011:1378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1378.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-9.html"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "SUSE-SA:2011:035",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html"
},
{
"name": "MDVSA-2011:178",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
},
{
"name": "RHSA-2011:1377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1377.html"
},
{
"name": "RHSA-2011:1423",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1423.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php#5.3.7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/archive/2011.php#id2011-08-18-1"
},
{
"name": "MDVSA-2011:179",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:179"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://freshmeat.net/projects/crypt_blowfish"
},
{
"name": "USN-1229-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1229-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/crypt/"
},
{
"name": "MDVSA-2011:180",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:180"
},
{
"name": "php-cryptblowfish-info-disclosure(69319)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69319"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://php.net/security/crypt_blowfish"
},
{
"name": "49241",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49241"
},
{
"name": "MDVSA-2011:165",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:165"
},
{
"name": "DSA-2399",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2399"
},
{
"name": "DSA-2340",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2340"
},
{
"name": "RHSA-2011:1378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1378.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-9.html"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "SUSE-SA:2011:035",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html"
},
{
"name": "MDVSA-2011:178",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
},
{
"name": "RHSA-2011:1377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1377.html"
},
{
"name": "RHSA-2011:1423",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1423.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php#5.3.7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/archive/2011.php#id2011-08-18-1"
},
{
"name": "MDVSA-2011:179",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:179"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://freshmeat.net/projects/crypt_blowfish"
},
{
"name": "USN-1229-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1229-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/crypt/",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/crypt/"
},
{
"name": "MDVSA-2011:180",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:180"
},
{
"name": "php-cryptblowfish-info-disclosure(69319)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69319"
},
{
"name": "http://support.apple.com/kb/HT5130",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "http://php.net/security/crypt_blowfish",
"refsource": "CONFIRM",
"url": "http://php.net/security/crypt_blowfish"
},
{
"name": "49241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49241"
},
{
"name": "MDVSA-2011:165",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:165"
},
{
"name": "DSA-2399",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2399"
},
{
"name": "DSA-2340",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2340"
},
{
"name": "RHSA-2011:1378",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1378.html"
},
{
"name": "http://www.postgresql.org/docs/8.4/static/release-8-4-9.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-9.html"
},
{
"name": "APPLE-SA-2012-02-01-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "SUSE-SA:2011:035",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html"
},
{
"name": "MDVSA-2011:178",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
},
{
"name": "RHSA-2011:1377",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1377.html"
},
{
"name": "RHSA-2011:1423",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1423.html"
},
{
"name": "http://www.php.net/ChangeLog-5.php#5.3.7",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php#5.3.7"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "http://www.php.net/archive/2011.php#id2011-08-18-1",
"refsource": "CONFIRM",
"url": "http://www.php.net/archive/2011.php#id2011-08-18-1"
},
{
"name": "MDVSA-2011:179",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:179"
},
{
"name": "http://freshmeat.net/projects/crypt_blowfish",
"refsource": "MISC",
"url": "http://freshmeat.net/projects/crypt_blowfish"
},
{
"name": "USN-1229-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1229-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2483",
"datePublished": "2011-08-25T14:00:00.000Z",
"dateReserved": "2011-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:00:34.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3597 (GCVE-0-2011-3597)
Vulnerability from cvelistv5 – Published: 2012-01-13 18:00 – Updated: 2024-08-06 23:37
VLAI
EPSS
VEX
Summary
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
| URL | Tags |
|---|---|
| http://www.redhat.com/support/errata/RHSA-2011-17… | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=743010 | x_refsource_CONFIRM |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://aix.software.ibm.com/aix/efixes/security/p… | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-1643-1 | vendor-advisoryx_refsource_UBUNTU |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.redhat.com/support/errata/RHSA-2011-14… | vendor-advisoryx_refsource_REDHAT |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| http://secunia.com/advisories/46279 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/51457 | third-party-advisoryx_refsource_SECUNIA |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/49911 | vdb-entryx_refsource_BID |
Date Public
2011-10-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2011:1797",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1797.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743010"
},
{
"name": "MDVSA-2012:009",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:009"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc"
},
{
"name": "USN-1643-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"name": "oval:org.mitre.oval:def:19446",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446"
},
{
"name": "MDVSA-2012:008",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:008"
},
{
"name": "RHSA-2011:1424",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1424.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "46279",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46279"
},
{
"name": "51457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51457"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes"
},
{
"name": "49911",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49911"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2011:1797",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1797.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743010"
},
{
"name": "MDVSA-2012:009",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:009"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc"
},
{
"name": "USN-1643-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"name": "oval:org.mitre.oval:def:19446",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446"
},
{
"name": "MDVSA-2012:008",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:008"
},
{
"name": "RHSA-2011:1424",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1424.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "46279",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46279"
},
{
"name": "51457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51457"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes"
},
{
"name": "49911",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49911"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3597",
"datePublished": "2012-01-13T18:00:00.000Z",
"dateReserved": "2011-09-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:48.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0866 (GCVE-0-2012-0866)
Vulnerability from cvelistv5 – Published: 2012-07-18 23:00 – Updated: 2024-08-06 18:38
VLAI
EPSS
VEX
Summary
CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
| URL | Tags |
|---|---|
| http://www.postgresql.org/about/news/1377/ | x_refsource_CONFIRM |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://secunia.com/advisories/49273 | third-party-advisoryx_refsource_SECUNIA |
| http://rhn.redhat.com/errata/RHSA-2012-0678.html | vendor-advisoryx_refsource_REDHAT |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.postgresql.org/docs/9.0/static/release… | x_refsource_CONFIRM |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| http://www.postgresql.org/docs/8.4/static/release… | x_refsource_CONFIRM |
| http://www.debian.org/security/2012/dsa-2418 | vendor-advisoryx_refsource_DEBIAN |
| http://www.postgresql.org/docs/8.3/static/release… | x_refsource_CONFIRM |
| http://secunia.com/advisories/49272 | third-party-advisoryx_refsource_SECUNIA |
| http://www.postgresql.org/docs/9.1/static/release… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2012-0677.html | vendor-advisoryx_refsource_REDHAT |
| http://lists.opensuse.org/opensuse-updates/2012-0… | vendor-advisoryx_refsource_SUSE |
Date Public
2012-02-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:15.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/about/news/1377/"
},
{
"name": "MDVSA-2012:027",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:027"
},
{
"name": "49273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49273"
},
{
"name": "RHSA-2012:0678",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0678.html"
},
{
"name": "MDVSA-2012:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:026"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html"
},
{
"name": "MDVSA-2012:092",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:092"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html"
},
{
"name": "DSA-2418",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2418"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/8.3/static/release-8-3-18.html"
},
{
"name": "49272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49272"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html"
},
{
"name": "RHSA-2012:0677",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0677.html"
},
{
"name": "openSUSE-SU-2012:1173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/about/news/1377/"
},
{
"name": "MDVSA-2012:027",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:027"
},
{
"name": "49273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49273"
},
{
"name": "RHSA-2012:0678",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0678.html"
},
{
"name": "MDVSA-2012:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:026"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html"
},
{
"name": "MDVSA-2012:092",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:092"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html"
},
{
"name": "DSA-2418",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2418"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/8.3/static/release-8-3-18.html"
},
{
"name": "49272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49272"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html"
},
{
"name": "RHSA-2012:0677",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0677.html"
},
{
"name": "openSUSE-SU-2012:1173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0866",
"datePublished": "2012-07-18T23:00:00.000Z",
"dateReserved": "2012-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:38:15.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0868 (GCVE-0-2012-0868)
Vulnerability from cvelistv5 – Published: 2012-07-18 23:00 – Updated: 2024-08-06 18:38
VLAI
EPSS
VEX
Summary
CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
| URL | Tags |
|---|---|
| http://www.postgresql.org/about/news/1377/ | x_refsource_CONFIRM |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://secunia.com/advisories/49273 | third-party-advisoryx_refsource_SECUNIA |
| http://rhn.redhat.com/errata/RHSA-2012-0678.html | vendor-advisoryx_refsource_REDHAT |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.postgresql.org/docs/9.0/static/release… | x_refsource_CONFIRM |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| http://www.postgresql.org/docs/8.4/static/release… | x_refsource_CONFIRM |
| http://www.debian.org/security/2012/dsa-2418 | vendor-advisoryx_refsource_DEBIAN |
| http://www.postgresql.org/docs/8.3/static/release… | x_refsource_CONFIRM |
| http://secunia.com/advisories/49272 | third-party-advisoryx_refsource_SECUNIA |
| http://www.postgresql.org/docs/9.1/static/release… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2012-0677.html | vendor-advisoryx_refsource_REDHAT |
| http://lists.opensuse.org/opensuse-updates/2012-0… | vendor-advisoryx_refsource_SUSE |
Date Public
2012-02-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/about/news/1377/"
},
{
"name": "MDVSA-2012:027",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:027"
},
{
"name": "49273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49273"
},
{
"name": "RHSA-2012:0678",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0678.html"
},
{
"name": "MDVSA-2012:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:026"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html"
},
{
"name": "DSA-2418",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2418"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/8.3/static/release-8-3-18.html"
},
{
"name": "49272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49272"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html"
},
{
"name": "RHSA-2012:0677",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0677.html"
},
{
"name": "openSUSE-SU-2012:1173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/about/news/1377/"
},
{
"name": "MDVSA-2012:027",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:027"
},
{
"name": "49273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49273"
},
{
"name": "RHSA-2012:0678",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0678.html"
},
{
"name": "MDVSA-2012:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:026"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html"
},
{
"name": "DSA-2418",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2418"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/8.3/static/release-8-3-18.html"
},
{
"name": "49272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49272"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html"
},
{
"name": "RHSA-2012:0677",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0677.html"
},
{
"name": "openSUSE-SU-2012:1173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0868",
"datePublished": "2012-07-18T23:00:00.000Z",
"dateReserved": "2012-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:38:14.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2143 (GCVE-0-2012-2143)
Vulnerability from cvelistv5 – Published: 2012-07-05 14:00 – Updated: 2024-08-06 19:26
VLAI
EPSS
VEX
Summary
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
25 references
| URL | Tags |
|---|---|
| http://www.postgresql.org/docs/9.1/static/release… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://security.freebsd.org/advisories/FreeBSD-SA… | vendor-advisoryx_refsource_FREEBSD |
| http://secunia.com/advisories/50718 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://bugzilla.redhat.com/show_bug.cgi?id=816956 | x_refsource_CONFIRM |
| http://www.postgresql.org/support/security/ | x_refsource_CONFIRM |
| http://www.debian.org/security/2012/dsa-2491 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securitytracker.com/id?1026995 | vdb-entryx_refsource_SECTRACK |
| http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=… | x_refsource_CONFIRM |
| http://www.postgresql.org/docs/8.3/static/release… | x_refsource_CONFIRM |
| http://www.postgresql.org/docs/8.4/static/release… | x_refsource_CONFIRM |
| http://git.postgresql.org/gitweb/?p=postgresql.gi… | x_refsource_CONFIRM |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://support.apple.com/kb/HT5501 | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2012-1037.html | vendor-advisoryx_refsource_REDHAT |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| http://www.postgresql.org/docs/9.0/static/release… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2012-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2012-1… | vendor-advisoryx_refsource_SUSE |
| http://secunia.com/advisories/49304 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.opensuse.org/opensuse-updates/2012-1… | vendor-advisoryx_refsource_SUSE |
Date Public
2012-05-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-4.html"
},
{
"name": "SUSE-SU-2012:0840",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html"
},
{
"name": "FreeBSD-SA-12:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc"
},
{
"name": "50718",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50718"
},
{
"name": "FEDORA-2012-8924",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html"
},
{
"name": "FEDORA-2012-8893",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=816956"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/support/security/"
},
{
"name": "DSA-2491",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2491"
},
{
"name": "1026995",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026995"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aab49e934de1fff046e659cbec46e3d053b41c34"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/8.3/static/release-8-3-19.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-12.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.postgresql.org/gitweb/?p=postgresql.git\u0026a=commit\u0026h=932ded2ed51e8333852e370c7a6dad75d9f236f9"
},
{
"name": "APPLE-SA-2012-09-19-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5501"
},
{
"name": "RHSA-2012:1037",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1037.html"
},
{
"name": "FEDORA-2012-8915",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html"
},
{
"name": "MDVSA-2012:092",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:092"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-8.html"
},
{
"name": "openSUSE-SU-2012:1251",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html"
},
{
"name": "openSUSE-SU-2012:1288",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html"
},
{
"name": "49304",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49304"
},
{
"name": "openSUSE-SU-2012:1299",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-4.html"
},
{
"name": "SUSE-SU-2012:0840",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html"
},
{
"name": "FreeBSD-SA-12:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc"
},
{
"name": "50718",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50718"
},
{
"name": "FEDORA-2012-8924",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html"
},
{
"name": "FEDORA-2012-8893",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=816956"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/support/security/"
},
{
"name": "DSA-2491",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2491"
},
{
"name": "1026995",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026995"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aab49e934de1fff046e659cbec46e3d053b41c34"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/8.3/static/release-8-3-19.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-12.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.postgresql.org/gitweb/?p=postgresql.git\u0026a=commit\u0026h=932ded2ed51e8333852e370c7a6dad75d9f236f9"
},
{
"name": "APPLE-SA-2012-09-19-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5501"
},
{
"name": "RHSA-2012:1037",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1037.html"
},
{
"name": "FEDORA-2012-8915",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html"
},
{
"name": "MDVSA-2012:092",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:092"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-8.html"
},
{
"name": "openSUSE-SU-2012:1251",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html"
},
{
"name": "openSUSE-SU-2012:1288",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html"
},
{
"name": "49304",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49304"
},
{
"name": "openSUSE-SU-2012:1299",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.postgresql.org/docs/9.1/static/release-9-1-4.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-4.html"
},
{
"name": "SUSE-SU-2012:0840",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html"
},
{
"name": "FreeBSD-SA-12:02",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc"
},
{
"name": "50718",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50718"
},
{
"name": "FEDORA-2012-8924",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html"
},
{
"name": "FEDORA-2012-8893",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=816956",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=816956"
},
{
"name": "http://www.postgresql.org/support/security/",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/support/security/"
},
{
"name": "DSA-2491",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2491"
},
{
"name": "1026995",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026995"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=aab49e934de1fff046e659cbec46e3d053b41c34",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=aab49e934de1fff046e659cbec46e3d053b41c34"
},
{
"name": "http://www.postgresql.org/docs/8.3/static/release-8-3-19.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/8.3/static/release-8-3-19.html"
},
{
"name": "http://www.postgresql.org/docs/8.4/static/release-8-4-12.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-12.html"
},
{
"name": "http://git.postgresql.org/gitweb/?p=postgresql.git\u0026a=commit\u0026h=932ded2ed51e8333852e370c7a6dad75d9f236f9",
"refsource": "CONFIRM",
"url": "http://git.postgresql.org/gitweb/?p=postgresql.git\u0026a=commit\u0026h=932ded2ed51e8333852e370c7a6dad75d9f236f9"
},
{
"name": "APPLE-SA-2012-09-19-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name": "http://support.apple.com/kb/HT5501",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5501"
},
{
"name": "RHSA-2012:1037",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1037.html"
},
{
"name": "FEDORA-2012-8915",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html"
},
{
"name": "MDVSA-2012:092",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:092"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "http://www.postgresql.org/docs/9.0/static/release-9-0-8.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-8.html"
},
{
"name": "openSUSE-SU-2012:1251",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html"
},
{
"name": "openSUSE-SU-2012:1288",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html"
},
{
"name": "49304",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49304"
},
{
"name": "openSUSE-SU-2012:1299",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2143",
"datePublished": "2012-07-05T14:00:00.000Z",
"dateReserved": "2012-04-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:08.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2697 (GCVE-0-2012-2697)
Vulnerability from cvelistv5 – Published: 2013-02-24 21:00 – Updated: 2024-08-06 19:42
VLAI
EPSS
VEX
Summary
Unspecified vulnerability in autofs, as used in Red Hat Enterprise Linux (RHEL) 5, allows local users to cause a denial of service (autofs crash and delayed mounts) or prevent "mount expiration" via unspecified vectors related to "using an LDAP-based automount map."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/57183 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/89878 | vdb-entryx_refsource_OSVDB |
| http://rhn.redhat.com/errata/RHSA-2013-0132.html | vendor-advisoryx_refsource_REDHAT |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=831772 | x_refsource_MISC |
Date Public
2013-01-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:31.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57183",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57183"
},
{
"name": "89878",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/89878"
},
{
"name": "RHSA-2013:0132",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0132.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=831772"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in autofs, as used in Red Hat Enterprise Linux (RHEL) 5, allows local users to cause a denial of service (autofs crash and delayed mounts) or prevent \"mount expiration\" via unspecified vectors related to \"using an LDAP-based automount map.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "57183",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57183"
},
{
"name": "89878",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/89878"
},
{
"name": "RHSA-2013:0132",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0132.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=831772"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2697",
"datePublished": "2013-02-24T21:00:00.000Z",
"dateReserved": "2012-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:42:31.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3417 (GCVE-0-2012-3417)
Vulnerability from cvelistv5 – Published: 2012-08-13 20:00 – Updated: 2024-08-06 20:05
VLAI
EPSS
VEX
Summary
The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota (aka quota) before 3.17 invokes the hosts_ctl function the first time without a host name, which might allow remote attackers to bypass TCP Wrappers rules in hosts.deny.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://hermes.opensuse.org/messages/15509723 | vendor-advisoryx_refsource_SUSE |
| https://bugzilla.redhat.com/show_bug.cgi?id=566717 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2012/07/19/2 | mailing-listx_refsource_MLIST |
| http://rhn.redhat.com/errata/RHSA-2013-0120.html | vendor-advisoryx_refsource_REDHAT |
| http://www.openwall.com/lists/oss-security/2012/07/19/5 | mailing-listx_refsource_MLIST |
| http://linuxquota.git.sourceforge.net/git/gitweb.… | x_refsource_CONFIRM |
| http://sourceforge.net/tracker/?func=detail&aid=2… | x_refsource_CONFIRM |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
Date Public
2009-04-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2012:1058",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15509723"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=566717"
},
{
"name": "[oss-security] 20120719 CVE Request: quota: incorrect use of tcp_wrappers",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/19/2"
},
{
"name": "RHSA-2013:0120",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0120.html"
},
{
"name": "[oss-security] 20120719 Re: CVE Request: quota: incorrect use of tcp_wrappers",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/19/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linuxquota.git.sourceforge.net/git/gitweb.cgi?p=linuxquota/linuxquota%3Ba=commitdiff%3Bh=0abbfe92536fa5854eb65572de0cf131f80e2387"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=2743481\u0026group_id=18136\u0026atid=118136"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota (aka quota) before 3.17 invokes the hosts_ctl function the first time without a host name, which might allow remote attackers to bypass TCP Wrappers rules in hosts.deny."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2012:1058",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15509723"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=566717"
},
{
"name": "[oss-security] 20120719 CVE Request: quota: incorrect use of tcp_wrappers",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/19/2"
},
{
"name": "RHSA-2013:0120",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0120.html"
},
{
"name": "[oss-security] 20120719 Re: CVE Request: quota: incorrect use of tcp_wrappers",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/19/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linuxquota.git.sourceforge.net/git/gitweb.cgi?p=linuxquota/linuxquota%3Ba=commitdiff%3Bh=0abbfe92536fa5854eb65572de0cf131f80e2387"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=2743481\u0026group_id=18136\u0026atid=118136"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3417",
"datePublished": "2012-08-13T20:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:05:12.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3488 (GCVE-0-2012-3488)
Vulnerability from cvelistv5 – Published: 2012-10-03 21:00 – Updated: 2024-08-06 20:05
VLAI
EPSS
VEX
Summary
The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
24 references
| URL | Tags |
|---|---|
| http://rhn.redhat.com/errata/RHSA-2012-1263.html | vendor-advisoryx_refsource_REDHAT |
| http://www.postgresql.org/docs/9.0/static/release… | x_refsource_CONFIRM |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://secunia.com/advisories/50636 | third-party-advisoryx_refsource_SECUNIA |
| https://bugzilla.redhat.com/show_bug.cgi?id=849172 | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-1542-1 | vendor-advisoryx_refsource_UBUNTU |
| http://secunia.com/advisories/50718 | third-party-advisoryx_refsource_SECUNIA |
| http://www.postgresql.org/docs/9.1/static/release… | x_refsource_CONFIRM |
| https://blogs.oracle.com/sunsecurity/entry/multip… | x_refsource_CONFIRM |
| http://www.postgresql.org/docs/8.4/static/release… | x_refsource_CONFIRM |
| http://www.postgresql.org/docs/8.3/static/release… | x_refsource_CONFIRM |
| http://www.postgresql.org/about/news/1407/ | x_refsource_CONFIRM |
| http://secunia.com/advisories/50635 | third-party-advisoryx_refsource_SECUNIA |
| http://www.postgresql.org/support/security/ | x_refsource_CONFIRM |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://secunia.com/advisories/50946 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/55072 | vdb-entryx_refsource_BID |
| http://www.debian.org/security/2012/dsa-2534 | vendor-advisoryx_refsource_DEBIAN |
| http://rhn.redhat.com/errata/RHSA-2012-1264.html | vendor-advisoryx_refsource_REDHAT |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2012-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2012-1… | vendor-advisoryx_refsource_SUSE |
| http://secunia.com/advisories/50859 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.opensuse.org/opensuse-updates/2012-1… | vendor-advisoryx_refsource_SUSE |
Date Public
2012-08-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2012:1263",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1263.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-9.html"
},
{
"name": "MDVSA-2012:139",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:139"
},
{
"name": "50636",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50636"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=849172"
},
{
"name": "USN-1542-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1542-1"
},
{
"name": "50718",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50718"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-5.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-13.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/8.3/static/release-8-3-20.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/about/news/1407/"
},
{
"name": "50635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50635"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/support/security/"
},
{
"name": "APPLE-SA-2013-03-14-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
},
{
"name": "50946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50946"
},
{
"name": "55072",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55072"
},
{
"name": "DSA-2534",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2534"
},
{
"name": "RHSA-2012:1264",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1264.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "openSUSE-SU-2012:1251",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html"
},
{
"name": "openSUSE-SU-2012:1288",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html"
},
{
"name": "50859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50859"
},
{
"name": "openSUSE-SU-2012:1299",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2012:1263",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1263.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-9.html"
},
{
"name": "MDVSA-2012:139",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:139"
},
{
"name": "50636",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50636"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=849172"
},
{
"name": "USN-1542-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1542-1"
},
{
"name": "50718",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50718"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-5.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-13.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/8.3/static/release-8-3-20.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/about/news/1407/"
},
{
"name": "50635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50635"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/support/security/"
},
{
"name": "APPLE-SA-2013-03-14-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
},
{
"name": "50946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50946"
},
{
"name": "55072",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55072"
},
{
"name": "DSA-2534",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2534"
},
{
"name": "RHSA-2012:1264",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1264.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "openSUSE-SU-2012:1251",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html"
},
{
"name": "openSUSE-SU-2012:1288",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html"
},
{
"name": "50859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50859"
},
{
"name": "openSUSE-SU-2012:1299",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2012:1263",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1263.html"
},
{
"name": "http://www.postgresql.org/docs/9.0/static/release-9-0-9.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-9.html"
},
{
"name": "MDVSA-2012:139",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:139"
},
{
"name": "50636",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50636"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=849172",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=849172"
},
{
"name": "USN-1542-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1542-1"
},
{
"name": "50718",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50718"
},
{
"name": "http://www.postgresql.org/docs/9.1/static/release-9-1-5.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-5.html"
},
{
"name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2",
"refsource": "CONFIRM",
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2"
},
{
"name": "http://www.postgresql.org/docs/8.4/static/release-8-4-13.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-13.html"
},
{
"name": "http://www.postgresql.org/docs/8.3/static/release-8-3-20.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/8.3/static/release-8-3-20.html"
},
{
"name": "http://www.postgresql.org/about/news/1407/",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/about/news/1407/"
},
{
"name": "50635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50635"
},
{
"name": "http://www.postgresql.org/support/security/",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/support/security/"
},
{
"name": "APPLE-SA-2013-03-14-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
},
{
"name": "50946",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50946"
},
{
"name": "55072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55072"
},
{
"name": "DSA-2534",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2534"
},
{
"name": "RHSA-2012:1264",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1264.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "openSUSE-SU-2012:1251",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html"
},
{
"name": "openSUSE-SU-2012:1288",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html"
},
{
"name": "50859",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50859"
},
{
"name": "openSUSE-SU-2012:1299",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3488",
"datePublished": "2012-10-03T21:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:05:12.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5195 (GCVE-0-2012-5195)
Vulnerability from cvelistv5 – Published: 2012-12-18 00:00 – Updated: 2024-08-06 20:58
VLAI
EPSS
VEX
Summary
Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
16 references
| URL | Tags |
|---|---|
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.nntp.perl.org/group/perl.perl5.porters… | mailing-listx_refsource_MLIST |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| https://wiki.mageia.org/en/Support/Advisories/MGA… | x_refsource_CONFIRM |
| http://secunia.com/advisories/55314 | third-party-advisoryx_refsource_SECUNIA |
| http://www.ubuntu.com/usn/USN-1643-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.debian.org/security/2012/dsa-2586 | vendor-advisoryx_refsource_DEBIAN |
| http://www.openwall.com/lists/oss-security/2012/10/26/2 | mailing-listx_refsource_MLIST |
| http://perl5.git.perl.org/perl.git/commit/2709980… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/56287 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2012/10/27/1 | mailing-listx_refsource_MLIST |
| http://rhn.redhat.com/errata/RHSA-2013-0685.html | vendor-advisoryx_refsource_REDHAT |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| http://secunia.com/advisories/51457 | third-party-advisoryx_refsource_SECUNIA |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
Date Public
2012-10-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:58:03.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "MDVSA-2013:113",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"name": "[perl.perl5.porters] 20121010 maint-5.12, maint-5.14, and CVE-2012-5195",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55314"
},
{
"name": "USN-1643-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"name": "DSA-2586",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2586"
},
{
"name": "[oss-security] 20121026 Medium severity flaw with Perl 5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/26/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44"
},
{
"name": "56287",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56287"
},
{
"name": "[oss-security] 20121027 Re: Medium severity flaw with Perl 5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/27/1"
},
{
"name": "RHSA-2013:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "51457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51457"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the \u0027x\u0027 string repeat operator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "MDVSA-2013:113",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"name": "[perl.perl5.porters] 20121010 maint-5.12, maint-5.14, and CVE-2012-5195",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55314"
},
{
"name": "USN-1643-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"name": "DSA-2586",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2586"
},
{
"name": "[oss-security] 20121026 Medium severity flaw with Perl 5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/26/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44"
},
{
"name": "56287",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56287"
},
{
"name": "[oss-security] 20121027 Re: Medium severity flaw with Perl 5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/27/1"
},
{
"name": "RHSA-2013:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "51457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51457"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the \u0027x\u0027 string repeat operator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "MDVSA-2013:113",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"name": "[perl.perl5.porters] 20121010 maint-5.12, maint-5.14, and CVE-2012-5195",
"refsource": "MLIST",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352"
},
{
"name": "55314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55314"
},
{
"name": "USN-1643-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"name": "DSA-2586",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2586"
},
{
"name": "[oss-security] 20121026 Medium severity flaw with Perl 5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/26/2"
},
{
"name": "http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44"
},
{
"name": "56287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56287"
},
{
"name": "[oss-security] 20121027 Re: Medium severity flaw with Perl 5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/27/1"
},
{
"name": "RHSA-2013:0685",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "51457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51457"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5195",
"datePublished": "2012-12-18T00:00:00.000Z",
"dateReserved": "2012-09-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:58:03.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5526 (GCVE-0-2012-5526)
Vulnerability from cvelistv5 – Published: 2012-11-21 23:00 – Updated: 2024-08-06 21:05
VLAI
EPSS
VEX
Summary
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
| URL | Tags |
|---|---|
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/55314 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/56562 | vdb-entryx_refsource_BID |
| http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.… | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-1643-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.securitytracker.com/id?1027780 | vdb-entryx_refsource_SECTRACK |
| http://www.debian.org/security/2012/dsa-2586 | vendor-advisoryx_refsource_DEBIAN |
| http://rhn.redhat.com/errata/RHSA-2013-0685.html | vendor-advisoryx_refsource_REDHAT |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| https://github.com/markstos/CGI.pm/pull/23 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2012/11/15/6 | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/51457 | third-party-advisoryx_refsource_SECUNIA |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
Date Public
2012-11-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "perl-cgipm-header-injection(80098)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80098"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55314"
},
{
"name": "56562",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56562"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes"
},
{
"name": "USN-1643-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"name": "1027780",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027780"
},
{
"name": "DSA-2586",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2586"
},
{
"name": "RHSA-2013:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/markstos/CGI.pm/pull/23"
},
{
"name": "[oss-security] 20121115 Re: CVE Request -- perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/15/6"
},
{
"name": "51457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51457"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "perl-cgipm-header-injection(80098)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80098"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55314"
},
{
"name": "56562",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56562"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes"
},
{
"name": "USN-1643-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"name": "1027780",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027780"
},
{
"name": "DSA-2586",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2586"
},
{
"name": "RHSA-2013:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/markstos/CGI.pm/pull/23"
},
{
"name": "[oss-security] 20121115 Re: CVE Request -- perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/15/6"
},
{
"name": "51457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51457"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5526",
"datePublished": "2012-11-21T23:00:00.000Z",
"dateReserved": "2012-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:05:47.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…