Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2014-AVI-008
Vulnerability from certfr_avis - Published: 2014-01-10 - Updated: 2014-01-10
De multiples vulnérabilités ont été corrigées dans Avaya Experience Portal. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Avaya Experience Portal versions antérieures à 7.0
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eAvaya Experience Portal versions ant\u00e9rieures \u00e0 7.0\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4244"
},
{
"name": "CVE-2012-3511",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3511"
},
{
"name": "CVE-2012-4405",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4405"
},
{
"name": "CVE-2011-3970",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3970"
},
{
"name": "CVE-2012-3400",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3400"
},
{
"name": "CVE-2012-2871",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2012-2133",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2133"
},
{
"name": "CVE-2012-3488",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3488"
},
{
"name": "CVE-2012-1568",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1568"
},
{
"name": "CVE-2012-2893",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2893"
},
{
"name": "CVE-2012-3546",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3546"
},
{
"name": "CVE-2012-3489",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3489"
},
{
"name": "CVE-2011-1202",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1202"
},
{
"name": "CVE-2012-2825",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2825"
}
],
"initial_release_date": "2014-01-10T00:00:00",
"last_revision_date": "2014-01-10T00:00:00",
"links": [],
"reference": "CERTA-2014-AVI-008",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAvaya Experience Portal\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Avaya Experience Portal",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2012-482 du 08 janvier 2014",
"url": "https://downloads.avaya.com/css/P8/documents/100167760"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2013-041 du 08 janvier 2014",
"url": "https://downloads.avaya.com/css/P8/documents/100169684"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2012-479 du 08 janvier 2014",
"url": "https://downloads.avaya.com/css/P8/documents/100167733"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2012-448 du 08 janvier 2014",
"url": "https://downloads.avaya.com/css/P8/documents/100167395"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2012-371 du 08 janvier 2014",
"url": "https://downloads.avaya.com/css/P8/documents/100166061"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2012-444 du 08 janvier 2014",
"url": "https://downloads.avaya.com/css/P8/documents/100167374"
}
]
}
CVE-2012-3489 (GCVE-0-2012-3489)
Vulnerability from cvelistv5 – Published: 2012-10-03 21:00 – Updated: 2024-08-06 20:05
VLAI
EPSS
Summary
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
21 references
Date Public
2012-08-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2012:1263",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1263.html"
},
{
"name": "55074",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55074"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-9.html"
},
{
"name": "MDVSA-2012:139",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:139"
},
{
"name": "USN-1542-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1542-1"
},
{
"name": "50718",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50718"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-5.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-13.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/8.3/static/release-8-3-20.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/about/news/1407/"
},
{
"name": "50635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50635"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/support/security/"
},
{
"name": "APPLE-SA-2013-03-14-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
},
{
"name": "50946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50946"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=849173"
},
{
"name": "DSA-2534",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2534"
},
{
"name": "openSUSE-SU-2012:1251",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html"
},
{
"name": "openSUSE-SU-2012:1288",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html"
},
{
"name": "50859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50859"
},
{
"name": "openSUSE-SU-2012:1299",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-13T09:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2012:1263",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1263.html"
},
{
"name": "55074",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55074"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-9.html"
},
{
"name": "MDVSA-2012:139",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:139"
},
{
"name": "USN-1542-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1542-1"
},
{
"name": "50718",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50718"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-5.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-13.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/8.3/static/release-8-3-20.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/about/news/1407/"
},
{
"name": "50635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50635"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/support/security/"
},
{
"name": "APPLE-SA-2013-03-14-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
},
{
"name": "50946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50946"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=849173"
},
{
"name": "DSA-2534",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2534"
},
{
"name": "openSUSE-SU-2012:1251",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html"
},
{
"name": "openSUSE-SU-2012:1288",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html"
},
{
"name": "50859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50859"
},
{
"name": "openSUSE-SU-2012:1299",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2012:1263",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1263.html"
},
{
"name": "55074",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55074"
},
{
"name": "http://www.postgresql.org/docs/9.0/static/release-9-0-9.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-9.html"
},
{
"name": "MDVSA-2012:139",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:139"
},
{
"name": "USN-1542-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1542-1"
},
{
"name": "50718",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50718"
},
{
"name": "http://www.postgresql.org/docs/9.1/static/release-9-1-5.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-5.html"
},
{
"name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2",
"refsource": "CONFIRM",
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2"
},
{
"name": "http://www.postgresql.org/docs/8.4/static/release-8-4-13.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-13.html"
},
{
"name": "http://www.postgresql.org/docs/8.3/static/release-8-3-20.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/8.3/static/release-8-3-20.html"
},
{
"name": "http://www.postgresql.org/about/news/1407/",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/about/news/1407/"
},
{
"name": "50635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50635"
},
{
"name": "http://www.postgresql.org/support/security/",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/support/security/"
},
{
"name": "APPLE-SA-2013-03-14-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
},
{
"name": "50946",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50946"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=849173",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=849173"
},
{
"name": "DSA-2534",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2534"
},
{
"name": "openSUSE-SU-2012:1251",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html"
},
{
"name": "openSUSE-SU-2012:1288",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html"
},
{
"name": "50859",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50859"
},
{
"name": "openSUSE-SU-2012:1299",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3489",
"datePublished": "2012-10-03T21:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:05:12.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3511 (GCVE-0-2012-3511)
Vulnerability from cvelistv5 – Published: 2012-10-03 10:00 – Updated: 2024-08-06 20:05
VLAI
EPSS
Summary
Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-1572-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.kernel.org/pub/linux/kernel/v3.x/Chang… | x_refsource_CONFIRM |
| http://secunia.com/advisories/50732 | third-party-advisoryx_refsource_SECUNIA |
| http://www.ubuntu.com/usn/USN-1567-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.ubuntu.com/usn/USN-1577-1 | vendor-advisoryx_refsource_UBUNTU |
| http://git.kernel.org/?p=linux/kernel/git/torvald… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=849734 | x_refsource_CONFIRM |
| https://github.com/torvalds/linux/commit/9ab4233d… | x_refsource_CONFIRM |
| http://ubuntu.com/usn/usn-1529-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.openwall.com/lists/oss-security/2012/0… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/55151 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/50633 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/55055 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2012-07-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1572-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1572-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5"
},
{
"name": "50732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50732"
},
{
"name": "USN-1567-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1567-1"
},
{
"name": "USN-1577-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1577-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=849734"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb"
},
{
"name": "USN-1529-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1529-1"
},
{
"name": "[oss-security] 20120820 Re: CVE Request -- kernel: mm: use-after-free in madvise_remove()",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/20/13"
},
{
"name": "55151",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55151"
},
{
"name": "50633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50633"
},
{
"name": "55055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55055"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-1572-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1572-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5"
},
{
"name": "50732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50732"
},
{
"name": "USN-1567-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1567-1"
},
{
"name": "USN-1577-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1577-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=849734"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb"
},
{
"name": "USN-1529-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1529-1"
},
{
"name": "[oss-security] 20120820 Re: CVE Request -- kernel: mm: use-after-free in madvise_remove()",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/20/13"
},
{
"name": "55151",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55151"
},
{
"name": "50633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50633"
},
{
"name": "55055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55055"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3511",
"datePublished": "2012-10-03T10:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:05:12.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3546 (GCVE-0-2012-3546)
Vulnerability from cvelistv5 – Published: 2012-12-19 11:00 – Updated: 2024-08-06 20:13
VLAI
EPSS
Summary
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
43 references
Date Public
2012-12-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:13:50.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT101139",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2"
},
{
"name": "1027833",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027833"
},
{
"name": "USN-1685-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1685-1"
},
{
"name": "56812",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56812"
},
{
"name": "openSUSE-SU-2012:1700",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1377892"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892\u0026r2=1377891\u0026pathrev=1377892"
},
{
"name": "RHSA-2013:0640",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0640.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892\u0026r2=1377891\u0026pathrev=1377892"
},
{
"name": "RHSA-2013:0163",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0163.html"
},
{
"name": "SSRT101182",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878"
},
{
"name": "RHSA-2013:0164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0164.html"
},
{
"name": "RHSA-2013:0192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html"
},
{
"name": "RHSA-2013:0198",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html"
},
{
"name": "RHSA-2013:0641",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0641.html"
},
{
"name": "20121204 CVE-2012-3546 Apache Tomcat Bypass of security constraints",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "RHSA-2013:0004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0004.html"
},
{
"name": "RHSA-2013:0195",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html"
},
{
"name": "RHSA-2013:0221",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html"
},
{
"name": "RHSA-2013:0196",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html"
},
{
"name": "RHSA-2013:0147",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0147.html"
},
{
"name": "oval:org.mitre.oval:def:19305",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305"
},
{
"name": "HPSBMU02873",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878"
},
{
"name": "RHSA-2013:0158",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0158.html"
},
{
"name": "RHSA-2013:0193",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html"
},
{
"name": "RHSA-2013:0157",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0157.html"
},
{
"name": "51984",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51984"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "52054",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52054"
},
{
"name": "57126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57126"
},
{
"name": "RHSA-2013:0146",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0146.html"
},
{
"name": "openSUSE-SU-2013:0147",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html"
},
{
"name": "RHSA-2013:0191",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html"
},
{
"name": "RHSA-2013:0623",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0623.html"
},
{
"name": "RHSA-2013:0197",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0197.html"
},
{
"name": "RHSA-2013:0235",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0235.html"
},
{
"name": "RHSA-2013:0642",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0642.html"
},
{
"name": "RHSA-2013:0194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html"
},
{
"name": "HPSBUX02866",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2"
},
{
"name": "RHSA-2013:0005",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0005.html"
},
{
"name": "HPSBST02955",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
},
{
"name": "openSUSE-SU-2012:1701",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html"
},
{
"name": "RHSA-2013:0162",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0162.html"
},
{
"name": "RHSA-2013:0151",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0151.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SSRT101139",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2"
},
{
"name": "1027833",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027833"
},
{
"name": "USN-1685-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1685-1"
},
{
"name": "56812",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56812"
},
{
"name": "openSUSE-SU-2012:1700",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1377892"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892\u0026r2=1377891\u0026pathrev=1377892"
},
{
"name": "RHSA-2013:0640",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0640.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892\u0026r2=1377891\u0026pathrev=1377892"
},
{
"name": "RHSA-2013:0163",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0163.html"
},
{
"name": "SSRT101182",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878"
},
{
"name": "RHSA-2013:0164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0164.html"
},
{
"name": "RHSA-2013:0192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html"
},
{
"name": "RHSA-2013:0198",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html"
},
{
"name": "RHSA-2013:0641",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0641.html"
},
{
"name": "20121204 CVE-2012-3546 Apache Tomcat Bypass of security constraints",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "RHSA-2013:0004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0004.html"
},
{
"name": "RHSA-2013:0195",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html"
},
{
"name": "RHSA-2013:0221",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html"
},
{
"name": "RHSA-2013:0196",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html"
},
{
"name": "RHSA-2013:0147",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0147.html"
},
{
"name": "oval:org.mitre.oval:def:19305",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305"
},
{
"name": "HPSBMU02873",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878"
},
{
"name": "RHSA-2013:0158",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0158.html"
},
{
"name": "RHSA-2013:0193",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html"
},
{
"name": "RHSA-2013:0157",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0157.html"
},
{
"name": "51984",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51984"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "52054",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52054"
},
{
"name": "57126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57126"
},
{
"name": "RHSA-2013:0146",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0146.html"
},
{
"name": "openSUSE-SU-2013:0147",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html"
},
{
"name": "RHSA-2013:0191",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html"
},
{
"name": "RHSA-2013:0623",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0623.html"
},
{
"name": "RHSA-2013:0197",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0197.html"
},
{
"name": "RHSA-2013:0235",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0235.html"
},
{
"name": "RHSA-2013:0642",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0642.html"
},
{
"name": "RHSA-2013:0194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html"
},
{
"name": "HPSBUX02866",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2"
},
{
"name": "RHSA-2013:0005",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0005.html"
},
{
"name": "HPSBST02955",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
},
{
"name": "openSUSE-SU-2012:1701",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html"
},
{
"name": "RHSA-2013:0162",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0162.html"
},
{
"name": "RHSA-2013:0151",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0151.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3546",
"datePublished": "2012-12-19T11:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:13:50.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4244 (GCVE-0-2012-4244)
Vulnerability from cvelistv5 – Published: 2012-09-14 00:00 – Updated: 2024-08-06 20:28
VLAI
EPSS
Summary
ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
26 references
Date Public
2012-09-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:28:07.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2547",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2547"
},
{
"name": "USN-1566-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1566-1"
},
{
"name": "HPSBOV03226",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141879471518471\u0026w=2"
},
{
"name": "SSRT101004",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141879471518471\u0026w=2"
},
{
"name": "51096",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/51096"
},
{
"name": "50582",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/50582"
},
{
"name": "RHSA-2012:1365",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1365.html"
},
{
"name": "RHSA-2012:1266",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1266.html"
},
{
"name": "openSUSE-SU-2012:1192",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00021.html"
},
{
"name": "RHSA-2012:1267",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1267.html"
},
{
"name": "55522",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55522"
},
{
"name": "FEDORA-2012-13922",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087703.html"
},
{
"name": "MDVSA-2012:152",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:152"
},
{
"name": "FEDORA-2012-14106",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087697.html"
},
{
"name": "SUSE-SU-2012:1199",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00022.html"
},
{
"name": "APPLE-SA-2013-09-12-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name": "50579",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/50579"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488"
},
{
"name": "50645",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/50645"
},
{
"name": "SUSE-SU-2012:1333",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00007.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00778"
},
{
"tags": [
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5880"
},
{
"name": "RHSA-2012:1268",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1268.html"
},
{
"name": "50560",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/50560"
},
{
"name": "FEDORA-2012-14030",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088381.html"
},
{
"name": "50673",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/50673"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221209-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-09T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2547",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2547"
},
{
"name": "USN-1566-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1566-1"
},
{
"name": "HPSBOV03226",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141879471518471\u0026w=2"
},
{
"name": "SSRT101004",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141879471518471\u0026w=2"
},
{
"name": "51096",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/51096"
},
{
"name": "50582",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/50582"
},
{
"name": "RHSA-2012:1365",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1365.html"
},
{
"name": "RHSA-2012:1266",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1266.html"
},
{
"name": "openSUSE-SU-2012:1192",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00021.html"
},
{
"name": "RHSA-2012:1267",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1267.html"
},
{
"name": "55522",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/55522"
},
{
"name": "FEDORA-2012-13922",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087703.html"
},
{
"name": "MDVSA-2012:152",
"tags": [
"vendor-advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:152"
},
{
"name": "FEDORA-2012-14106",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087697.html"
},
{
"name": "SUSE-SU-2012:1199",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00022.html"
},
{
"name": "APPLE-SA-2013-09-12-1",
"tags": [
"vendor-advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name": "50579",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/50579"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488"
},
{
"name": "50645",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/50645"
},
{
"name": "SUSE-SU-2012:1333",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00007.html"
},
{
"url": "https://kb.isc.org/article/AA-00778"
},
{
"url": "http://support.apple.com/kb/HT5880"
},
{
"name": "RHSA-2012:1268",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1268.html"
},
{
"name": "50560",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/50560"
},
{
"name": "FEDORA-2012-14030",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088381.html"
},
{
"name": "50673",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/50673"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221209-0008/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4244",
"datePublished": "2012-09-14T00:00:00.000Z",
"dateReserved": "2012-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:28:07.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4405 (GCVE-0-2012-4405)
Vulnerability from cvelistv5 – Published: 2012-09-18 17:00 – Updated: 2024-08-06 20:35
VLAI
EPSS
Summary
Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2012-09-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2012:1256",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1256.html"
},
{
"name": "GLSA-201412-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0301"
},
{
"name": "[oss-security] 20120911 CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/11/2"
},
{
"name": "openSUSE-SU-2012:1290",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00015.html"
},
{
"name": "MDVSA-2013:089",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:089"
},
{
"name": "MDVSA-2013:090",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:090"
},
{
"name": "55494",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55494"
},
{
"name": "50719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50719"
},
{
"name": "SUSE-SU-2012:1222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00031.html"
},
{
"name": "openSUSE-SU-2012:1289",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00001.html"
},
{
"name": "icclib-pdf-bo(78411)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78411"
},
{
"name": "1027517",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027517"
},
{
"name": "USN-1581-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1581-1"
},
{
"name": "MDVSA-2012:151",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:151"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2012:1256",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1256.html"
},
{
"name": "GLSA-201412-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0301"
},
{
"name": "[oss-security] 20120911 CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/11/2"
},
{
"name": "openSUSE-SU-2012:1290",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00015.html"
},
{
"name": "MDVSA-2013:089",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:089"
},
{
"name": "MDVSA-2013:090",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:090"
},
{
"name": "55494",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55494"
},
{
"name": "50719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50719"
},
{
"name": "SUSE-SU-2012:1222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00031.html"
},
{
"name": "openSUSE-SU-2012:1289",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00001.html"
},
{
"name": "icclib-pdf-bo(78411)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78411"
},
{
"name": "1027517",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027517"
},
{
"name": "USN-1581-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1581-1"
},
{
"name": "MDVSA-2012:151",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:151"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4405",
"datePublished": "2012-09-18T17:00:00.000Z",
"dateReserved": "2012-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:35:09.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…