Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for aura_application_enablement_services by avaya

    CVE-2022-2975 (GCVE-0-2022-2975)

    Vulnerability from nvd – Published: 2022-10-06 00:00 – Updated: 2024-08-03 00:52
    VLAI
    Title
    Avaya Aura Application Enablement Services weak permissions in web application
    Summary
    A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Avaya Avaya Aura Application Enablement Services Affected: 10.1.x , ≤ 10.1.0.1 (custom)
    Affected: 8.x , ≤ 8.1.3.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:59.830Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://download.avaya.com/css/public/documents/101083688"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avaya Aura Application Enablement Services",
              "vendor": "Avaya",
              "versions": [
                {
                  "lessThanOrEqual": "10.1.0.1",
                  "status": "affected",
                  "version": "10.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "8.1.3.4",
                  "status": "affected",
                  "version": "8.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-11T00:00:00.000Z",
            "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
            "shortName": "avaya"
          },
          "references": [
            {
              "url": "https://download.avaya.com/css/public/documents/101083688"
            }
          ],
          "source": {
            "advisory": "ASA-2022-123",
            "defect": [
              "AES-28952",
              "AES-28953",
              "AES-28954"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Avaya Aura Application Enablement Services weak permissions in web application",
          "x_generator": {
            "engine": "vulnogram 0.1.0-rc1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
        "assignerShortName": "avaya",
        "cveId": "CVE-2022-2975",
        "datePublished": "2022-10-06T00:00:00.000Z",
        "dateReserved": "2022-08-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:52:59.830Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5285 (GCVE-0-2016-5285)

    Vulnerability from nvd – Published: 2019-11-15 15:44 – Updated: 2024-08-06 00:53
    VLAI
    Summary
    A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
    Severity
    No CVSS data available.
    CWE
    • denial of service
    Assigner
    Impacted products
    Date Public
    2016-10-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:53:48.923Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94349"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-46"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3163-1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa137"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Network Security Services",
              "vendor": "Mozilla",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.24"
                }
              ]
            }
          ],
          "datePublic": "2016-10-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-09T19:53:19.000Z",
            "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
            "shortName": "mozilla"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/94349"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.gentoo.org/glsa/201701-46"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3163-1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bto.bluecoat.com/security-advisory/sa137"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@mozilla.org",
              "ID": "CVE-2016-5285",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Services",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.24"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Mozilla"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html",
                  "refsource": "MISC",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
                },
                {
                  "name": "http://www.securityfocus.com/bid/94349",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/94349"
                },
                {
                  "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html",
                  "refsource": "MISC",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
                },
                {
                  "name": "https://security.gentoo.org/glsa/201701-46",
                  "refsource": "MISC",
                  "url": "https://security.gentoo.org/glsa/201701-46"
                },
                {
                  "name": "http://rhn.redhat.com/errata/RHSA-2016-2779.html",
                  "refsource": "MISC",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
                },
                {
                  "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html",
                  "refsource": "MISC",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
                },
                {
                  "name": "http://www.ubuntu.com/usn/USN-3163-1",
                  "refsource": "MISC",
                  "url": "http://www.ubuntu.com/usn/USN-3163-1"
                },
                {
                  "name": "https://bto.bluecoat.com/security-advisory/sa137",
                  "refsource": "MISC",
                  "url": "https://bto.bluecoat.com/security-advisory/sa137"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "assignerShortName": "mozilla",
        "cveId": "CVE-2016-5285",
        "datePublished": "2019-11-15T15:44:05.000Z",
        "dateReserved": "2016-06-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:53:48.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3939 (GCVE-0-2009-3939)

    Vulnerability from nvd – Published: 2009-11-16 19:00 – Updated: 2024-08-07 06:45
    VLAI
    Summary
    The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/38276 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/usn-864-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.redhat.com/show_bug.cgi?id=526068 x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/38779 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/37019 vdb-entryx_refsource_BID
    http://support.avaya.com/css/P8/documents/100073666 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/37909 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2010/dsa-1996 vendor-advisoryx_refsource_DEBIAN
    http://www.openwall.com/lists/oss-security/2009/11/13/1 mailing-listx_refsource_MLIST
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://rhn.redhat.com/errata/RHSA-2010-0095.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://osvdb.org/60201 vdb-entryx_refsource_OSVDB
    https://rhn.redhat.com/errata/RHSA-2010-0046.html vendor-advisoryx_refsource_REDHAT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/38017 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/38492 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2009-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:45:50.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "38276",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38276"
              },
              {
                "name": "SUSE-SA:2009:061",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
              },
              {
                "name": "USN-864-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-864-1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526068"
              },
              {
                "name": "SUSE-SA:2010:001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
              },
              {
                "name": "38779",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38779"
              },
              {
                "name": "37019",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/37019"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/css/P8/documents/100073666"
              },
              {
                "name": "SUSE-SA:2010:012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
              },
              {
                "name": "37909",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37909"
              },
              {
                "name": "SUSE-SA:2010:014",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
              },
              {
                "name": "SUSE-SA:2009:064",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
              },
              {
                "name": "DSA-1996",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2010/dsa-1996"
              },
              {
                "name": "[oss-security] 20091113 CVE request: kernel: bad permissions on megaraid_sas sysfs files",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2009/11/13/1"
              },
              {
                "name": "oval:org.mitre.oval:def:10310",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310"
              },
              {
                "name": "RHSA-2010:0095",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
              },
              {
                "name": "SUSE-SA:2010:005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
              },
              {
                "name": "60201",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/60201"
              },
              {
                "name": "RHSA-2010:0046",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
              },
              {
                "name": "oval:org.mitre.oval:def:7540",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540"
              },
              {
                "name": "SUSE-SA:2010:010",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
              },
              {
                "name": "38017",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38017"
              },
              {
                "name": "38492",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38492"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "38276",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38276"
            },
            {
              "name": "SUSE-SA:2009:061",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
            },
            {
              "name": "USN-864-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-864-1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526068"
            },
            {
              "name": "SUSE-SA:2010:001",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
            },
            {
              "name": "38779",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38779"
            },
            {
              "name": "37019",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/37019"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/css/P8/documents/100073666"
            },
            {
              "name": "SUSE-SA:2010:012",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
            },
            {
              "name": "37909",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37909"
            },
            {
              "name": "SUSE-SA:2010:014",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
            },
            {
              "name": "SUSE-SA:2009:064",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
            },
            {
              "name": "DSA-1996",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2010/dsa-1996"
            },
            {
              "name": "[oss-security] 20091113 CVE request: kernel: bad permissions on megaraid_sas sysfs files",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/11/13/1"
            },
            {
              "name": "oval:org.mitre.oval:def:10310",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310"
            },
            {
              "name": "RHSA-2010:0095",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
            },
            {
              "name": "SUSE-SA:2010:005",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
            },
            {
              "name": "60201",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/60201"
            },
            {
              "name": "RHSA-2010:0046",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
            },
            {
              "name": "oval:org.mitre.oval:def:7540",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540"
            },
            {
              "name": "SUSE-SA:2010:010",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
            },
            {
              "name": "38017",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38017"
            },
            {
              "name": "38492",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38492"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-3939",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "38276",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38276"
                },
                {
                  "name": "SUSE-SA:2009:061",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
                },
                {
                  "name": "USN-864-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-864-1"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=526068",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526068"
                },
                {
                  "name": "SUSE-SA:2010:001",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
                },
                {
                  "name": "38779",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38779"
                },
                {
                  "name": "37019",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/37019"
                },
                {
                  "name": "http://support.avaya.com/css/P8/documents/100073666",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/css/P8/documents/100073666"
                },
                {
                  "name": "SUSE-SA:2010:012",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
                },
                {
                  "name": "37909",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37909"
                },
                {
                  "name": "SUSE-SA:2010:014",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
                },
                {
                  "name": "SUSE-SA:2009:064",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
                },
                {
                  "name": "DSA-1996",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2010/dsa-1996"
                },
                {
                  "name": "[oss-security] 20091113 CVE request: kernel: bad permissions on megaraid_sas sysfs files",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2009/11/13/1"
                },
                {
                  "name": "oval:org.mitre.oval:def:10310",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310"
                },
                {
                  "name": "RHSA-2010:0095",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
                },
                {
                  "name": "SUSE-SA:2010:005",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
                },
                {
                  "name": "60201",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/60201"
                },
                {
                  "name": "RHSA-2010:0046",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:7540",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540"
                },
                {
                  "name": "SUSE-SA:2010:010",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
                },
                {
                  "name": "38017",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38017"
                },
                {
                  "name": "38492",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38492"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-3939",
        "datePublished": "2009-11-16T19:00:00.000Z",
        "dateReserved": "2009-11-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:45:50.560Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1058 (GCVE-0-2006-1058)

    Vulnerability from nvd – Published: 2006-04-04 10:00 – Updated: 2024-08-07 16:56
    VLAI
    Summary
    BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/25098 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/17330 vdb-entryx_refsource_BID
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/19477 third-party-advisoryx_refsource_SECUNIA
    http://bugs.busybox.net/view.php?id=604 x_refsource_CONFIRM
    http://secunia.com/advisories/25848 third-party-advisoryx_refsource_SECUNIA
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://www.redhat.com/support/errata/RHSA-2007-02… vendor-advisoryx_refsource_REDHAT
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2005-12-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:56:15.493Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "25098",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25098"
              },
              {
                "name": "17330",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17330"
              },
              {
                "name": "oval:org.mitre.oval:def:9483",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9483"
              },
              {
                "name": "19477",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19477"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.busybox.net/view.php?id=604"
              },
              {
                "name": "25848",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25848"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-250.htm"
              },
              {
                "name": "RHSA-2007:0244",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2007-0244.html"
              },
              {
                "name": "busybox-passwd-weak-security(25569)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25569"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-12-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "25098",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25098"
            },
            {
              "name": "17330",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17330"
            },
            {
              "name": "oval:org.mitre.oval:def:9483",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9483"
            },
            {
              "name": "19477",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19477"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.busybox.net/view.php?id=604"
            },
            {
              "name": "25848",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25848"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-250.htm"
            },
            {
              "name": "RHSA-2007:0244",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0244.html"
            },
            {
              "name": "busybox-passwd-weak-security(25569)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25569"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2006-1058",
        "datePublished": "2006-04-04T10:00:00.000Z",
        "dateReserved": "2006-03-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:56:15.493Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2975 (GCVE-0-2022-2975)

    Vulnerability from cvelistv5 – Published: 2022-10-06 00:00 – Updated: 2024-08-03 00:52
    VLAI
    Title
    Avaya Aura Application Enablement Services weak permissions in web application
    Summary
    A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Avaya Avaya Aura Application Enablement Services Affected: 10.1.x , ≤ 10.1.0.1 (custom)
    Affected: 8.x , ≤ 8.1.3.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:59.830Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://download.avaya.com/css/public/documents/101083688"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avaya Aura Application Enablement Services",
              "vendor": "Avaya",
              "versions": [
                {
                  "lessThanOrEqual": "10.1.0.1",
                  "status": "affected",
                  "version": "10.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "8.1.3.4",
                  "status": "affected",
                  "version": "8.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-11T00:00:00.000Z",
            "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
            "shortName": "avaya"
          },
          "references": [
            {
              "url": "https://download.avaya.com/css/public/documents/101083688"
            }
          ],
          "source": {
            "advisory": "ASA-2022-123",
            "defect": [
              "AES-28952",
              "AES-28953",
              "AES-28954"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Avaya Aura Application Enablement Services weak permissions in web application",
          "x_generator": {
            "engine": "vulnogram 0.1.0-rc1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
        "assignerShortName": "avaya",
        "cveId": "CVE-2022-2975",
        "datePublished": "2022-10-06T00:00:00.000Z",
        "dateReserved": "2022-08-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:52:59.830Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5285 (GCVE-0-2016-5285)

    Vulnerability from cvelistv5 – Published: 2019-11-15 15:44 – Updated: 2024-08-06 00:53
    VLAI
    Summary
    A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
    Severity
    No CVSS data available.
    CWE
    • denial of service
    Assigner
    Impacted products
    Date Public
    2016-10-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:53:48.923Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94349"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-46"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3163-1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa137"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Network Security Services",
              "vendor": "Mozilla",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.24"
                }
              ]
            }
          ],
          "datePublic": "2016-10-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-09T19:53:19.000Z",
            "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
            "shortName": "mozilla"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/94349"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.gentoo.org/glsa/201701-46"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3163-1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bto.bluecoat.com/security-advisory/sa137"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@mozilla.org",
              "ID": "CVE-2016-5285",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Services",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.24"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Mozilla"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html",
                  "refsource": "MISC",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
                },
                {
                  "name": "http://www.securityfocus.com/bid/94349",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/94349"
                },
                {
                  "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html",
                  "refsource": "MISC",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
                },
                {
                  "name": "https://security.gentoo.org/glsa/201701-46",
                  "refsource": "MISC",
                  "url": "https://security.gentoo.org/glsa/201701-46"
                },
                {
                  "name": "http://rhn.redhat.com/errata/RHSA-2016-2779.html",
                  "refsource": "MISC",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
                },
                {
                  "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html",
                  "refsource": "MISC",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
                },
                {
                  "name": "http://www.ubuntu.com/usn/USN-3163-1",
                  "refsource": "MISC",
                  "url": "http://www.ubuntu.com/usn/USN-3163-1"
                },
                {
                  "name": "https://bto.bluecoat.com/security-advisory/sa137",
                  "refsource": "MISC",
                  "url": "https://bto.bluecoat.com/security-advisory/sa137"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "assignerShortName": "mozilla",
        "cveId": "CVE-2016-5285",
        "datePublished": "2019-11-15T15:44:05.000Z",
        "dateReserved": "2016-06-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:53:48.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3939 (GCVE-0-2009-3939)

    Vulnerability from cvelistv5 – Published: 2009-11-16 19:00 – Updated: 2024-08-07 06:45
    VLAI
    Summary
    The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/38276 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/usn-864-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.redhat.com/show_bug.cgi?id=526068 x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/38779 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/37019 vdb-entryx_refsource_BID
    http://support.avaya.com/css/P8/documents/100073666 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/37909 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2010/dsa-1996 vendor-advisoryx_refsource_DEBIAN
    http://www.openwall.com/lists/oss-security/2009/11/13/1 mailing-listx_refsource_MLIST
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://rhn.redhat.com/errata/RHSA-2010-0095.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://osvdb.org/60201 vdb-entryx_refsource_OSVDB
    https://rhn.redhat.com/errata/RHSA-2010-0046.html vendor-advisoryx_refsource_REDHAT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/38017 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/38492 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2009-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:45:50.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "38276",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38276"
              },
              {
                "name": "SUSE-SA:2009:061",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
              },
              {
                "name": "USN-864-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-864-1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526068"
              },
              {
                "name": "SUSE-SA:2010:001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
              },
              {
                "name": "38779",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38779"
              },
              {
                "name": "37019",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/37019"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/css/P8/documents/100073666"
              },
              {
                "name": "SUSE-SA:2010:012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
              },
              {
                "name": "37909",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37909"
              },
              {
                "name": "SUSE-SA:2010:014",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
              },
              {
                "name": "SUSE-SA:2009:064",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
              },
              {
                "name": "DSA-1996",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2010/dsa-1996"
              },
              {
                "name": "[oss-security] 20091113 CVE request: kernel: bad permissions on megaraid_sas sysfs files",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2009/11/13/1"
              },
              {
                "name": "oval:org.mitre.oval:def:10310",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310"
              },
              {
                "name": "RHSA-2010:0095",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
              },
              {
                "name": "SUSE-SA:2010:005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
              },
              {
                "name": "60201",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/60201"
              },
              {
                "name": "RHSA-2010:0046",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
              },
              {
                "name": "oval:org.mitre.oval:def:7540",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540"
              },
              {
                "name": "SUSE-SA:2010:010",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
              },
              {
                "name": "38017",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38017"
              },
              {
                "name": "38492",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38492"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "38276",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38276"
            },
            {
              "name": "SUSE-SA:2009:061",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
            },
            {
              "name": "USN-864-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-864-1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526068"
            },
            {
              "name": "SUSE-SA:2010:001",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
            },
            {
              "name": "38779",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38779"
            },
            {
              "name": "37019",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/37019"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/css/P8/documents/100073666"
            },
            {
              "name": "SUSE-SA:2010:012",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
            },
            {
              "name": "37909",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37909"
            },
            {
              "name": "SUSE-SA:2010:014",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
            },
            {
              "name": "SUSE-SA:2009:064",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
            },
            {
              "name": "DSA-1996",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2010/dsa-1996"
            },
            {
              "name": "[oss-security] 20091113 CVE request: kernel: bad permissions on megaraid_sas sysfs files",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/11/13/1"
            },
            {
              "name": "oval:org.mitre.oval:def:10310",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310"
            },
            {
              "name": "RHSA-2010:0095",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
            },
            {
              "name": "SUSE-SA:2010:005",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
            },
            {
              "name": "60201",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/60201"
            },
            {
              "name": "RHSA-2010:0046",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
            },
            {
              "name": "oval:org.mitre.oval:def:7540",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540"
            },
            {
              "name": "SUSE-SA:2010:010",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
            },
            {
              "name": "38017",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38017"
            },
            {
              "name": "38492",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38492"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-3939",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "38276",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38276"
                },
                {
                  "name": "SUSE-SA:2009:061",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
                },
                {
                  "name": "USN-864-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-864-1"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=526068",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526068"
                },
                {
                  "name": "SUSE-SA:2010:001",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
                },
                {
                  "name": "38779",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38779"
                },
                {
                  "name": "37019",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/37019"
                },
                {
                  "name": "http://support.avaya.com/css/P8/documents/100073666",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/css/P8/documents/100073666"
                },
                {
                  "name": "SUSE-SA:2010:012",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
                },
                {
                  "name": "37909",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37909"
                },
                {
                  "name": "SUSE-SA:2010:014",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
                },
                {
                  "name": "SUSE-SA:2009:064",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
                },
                {
                  "name": "DSA-1996",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2010/dsa-1996"
                },
                {
                  "name": "[oss-security] 20091113 CVE request: kernel: bad permissions on megaraid_sas sysfs files",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2009/11/13/1"
                },
                {
                  "name": "oval:org.mitre.oval:def:10310",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310"
                },
                {
                  "name": "RHSA-2010:0095",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
                },
                {
                  "name": "SUSE-SA:2010:005",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
                },
                {
                  "name": "60201",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/60201"
                },
                {
                  "name": "RHSA-2010:0046",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:7540",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540"
                },
                {
                  "name": "SUSE-SA:2010:010",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
                },
                {
                  "name": "38017",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38017"
                },
                {
                  "name": "38492",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38492"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-3939",
        "datePublished": "2009-11-16T19:00:00.000Z",
        "dateReserved": "2009-11-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:45:50.560Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1058 (GCVE-0-2006-1058)

    Vulnerability from cvelistv5 – Published: 2006-04-04 10:00 – Updated: 2024-08-07 16:56
    VLAI
    Summary
    BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/25098 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/17330 vdb-entryx_refsource_BID
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/19477 third-party-advisoryx_refsource_SECUNIA
    http://bugs.busybox.net/view.php?id=604 x_refsource_CONFIRM
    http://secunia.com/advisories/25848 third-party-advisoryx_refsource_SECUNIA
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://www.redhat.com/support/errata/RHSA-2007-02… vendor-advisoryx_refsource_REDHAT
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2005-12-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:56:15.493Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "25098",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25098"
              },
              {
                "name": "17330",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17330"
              },
              {
                "name": "oval:org.mitre.oval:def:9483",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9483"
              },
              {
                "name": "19477",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19477"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.busybox.net/view.php?id=604"
              },
              {
                "name": "25848",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25848"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-250.htm"
              },
              {
                "name": "RHSA-2007:0244",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2007-0244.html"
              },
              {
                "name": "busybox-passwd-weak-security(25569)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25569"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-12-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "25098",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25098"
            },
            {
              "name": "17330",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17330"
            },
            {
              "name": "oval:org.mitre.oval:def:9483",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9483"
            },
            {
              "name": "19477",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19477"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.busybox.net/view.php?id=604"
            },
            {
              "name": "25848",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25848"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-250.htm"
            },
            {
              "name": "RHSA-2007:0244",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0244.html"
            },
            {
              "name": "busybox-passwd-weak-security(25569)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25569"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2006-1058",
        "datePublished": "2006-04-04T10:00:00.000Z",
        "dateReserved": "2006-03-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:56:15.493Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }