Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2014-AVI-480
Vulnerability from certfr_avis - Published: 2014-11-13 - Updated: 2014-11-13
De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | CTPOS versions antérieures à 6.6R2 | ||
| ESET | Security | Juniper Security Threat Response Manager versions 2012.1, 2013.1, 2013.2 | ||
| Juniper Networks | N/A | CTPView versions 4.2, 4.3, 4.4, 4.5, 4.6 | ||
| Juniper Networks | Junos Space | Junos Space jusqu'à la version 13.3 | ||
| Juniper Networks | Secure Analytics | Juniper Secure Analytics versions 2013.2, 2014.1, 2014.2 | ||
| ESET | Security | Network and Security Manager (NSM) version 2012.2 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CTPOS versions ant\u00e9rieures \u00e0 6.6R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Security Threat Response Manager versions 2012.1, 2013.1, 2013.2",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "CTPView versions 4.2, 4.3, 4.4, 4.5, 4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space jusqu\u0027\u00e0 la version 13.3",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Secure Analytics versions 2013.2, 2014.1, 2014.2",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Network and Security Manager (NSM) version 2012.2",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-3158",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3158"
},
{
"name": "CVE-2010-3853",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3853"
},
{
"name": "CVE-2014-0075",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
},
{
"name": "CVE-2010-3081",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3081"
},
{
"name": "CVE-2012-0789",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0789"
},
{
"name": "CVE-2012-2329",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2329"
},
{
"name": "CVE-2014-0460",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0460"
},
{
"name": "CVE-2011-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
},
{
"name": "CVE-2011-0421",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0421"
},
{
"name": "CVE-2012-0781",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0781"
},
{
"name": "CVE-2014-4827",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4827"
},
{
"name": "CVE-2013-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1635"
},
{
"name": "CVE-2011-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
},
{
"name": "CVE-2013-1620",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1620"
},
{
"name": "CVE-2014-0119",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
},
{
"name": "CVE-2012-2110",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
},
{
"name": "CVE-2014-7186",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7186"
},
{
"name": "CVE-2009-2416",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
},
{
"name": "CVE-2012-0788",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0788"
},
{
"name": "CVE-2010-4755",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4755"
},
{
"name": "CVE-2013-1775",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1775"
},
{
"name": "CVE-2009-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
},
{
"name": "CVE-2011-1153",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1153"
},
{
"name": "CVE-2009-3563",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
},
{
"name": "CVE-2014-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0411"
},
{
"name": "CVE-2013-1643",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1643"
},
{
"name": "CVE-2013-0791",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0791"
},
{
"name": "CVE-2010-1646",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1646"
},
{
"name": "CVE-2014-7169",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7169"
},
{
"name": "CVE-2011-1944",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
},
{
"name": "CVE-2014-0099",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
},
{
"name": "CVE-2011-0010",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0010"
},
{
"name": "CVE-2011-1398",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1398"
},
{
"name": "CVE-2011-2834",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
},
{
"name": "CVE-2014-4825",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4825"
},
{
"name": "CVE-2010-4707",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4707"
},
{
"name": "CVE-2012-0882",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0882"
},
{
"name": "CVE-2009-0159",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
},
{
"name": "CVE-2014-0453",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0453"
},
{
"name": "CVE-2011-0708",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0708"
},
{
"name": "CVE-2014-6271",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6271"
},
{
"name": "CVE-2014-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6277"
},
{
"name": "CVE-2014-1568",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
},
{
"name": "CVE-2010-0830",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
},
{
"name": "CVE-2010-0426",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0426"
},
{
"name": "CVE-2014-0423",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0423"
},
{
"name": "CVE-2012-2311",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2311"
},
{
"name": "CVE-2014-0224",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
},
{
"name": "CVE-2014-4830",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4830"
},
{
"name": "CVE-2011-3368",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3368"
},
{
"name": "CVE-2014-2532",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2532"
},
{
"name": "CVE-2014-4828",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4828"
},
{
"name": "CVE-2014-0095",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0095"
},
{
"name": "CVE-2010-0427",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0427"
},
{
"name": "CVE-2014-3470",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3470"
},
{
"name": "CVE-2014-3062",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3062"
},
{
"name": "CVE-2012-0831",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0831"
},
{
"name": "CVE-2009-2414",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
},
{
"name": "CVE-2012-0057",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0057"
},
{
"name": "CVE-2014-7187",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7187"
},
{
"name": "CVE-2010-2956",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2956"
},
{
"name": "CVE-2011-3905",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
},
{
"name": "CVE-2014-4833",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4833"
},
{
"name": "CVE-2011-4566",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4566"
},
{
"name": "CVE-2014-0837",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0837"
},
{
"name": "CVE-2010-4008",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
},
{
"name": "CVE-2014-6278",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6278"
},
{
"name": "CVE-2012-1172",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1172"
},
{
"name": "CVE-2014-0076",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0076"
},
{
"name": "CVE-2010-1163",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1163"
},
{
"name": "CVE-2011-4317",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
},
{
"name": "CVE-2011-4885",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4885"
},
{
"name": "CVE-2010-5107",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-5107"
},
{
"name": "CVE-2009-1265",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1265"
},
{
"name": "CVE-2010-3316",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3316"
},
{
"name": "CVE-2012-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3510"
},
{
"name": "CVE-2011-5000",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5000"
},
{
"name": "CVE-2010-3435",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3435"
},
{
"name": "CVE-2011-3919",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
},
{
"name": "CVE-2012-2337",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2337"
},
{
"name": "CVE-2011-1089",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
},
{
"name": "CVE-2014-0096",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
},
{
"name": "CVE-2013-5908",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5908"
},
{
"name": "CVE-2014-3091",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3091"
},
{
"name": "CVE-2012-2131",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2131"
}
],
"initial_release_date": "2014-11-13T00:00:00",
"last_revision_date": "2014-11-13T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-480",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-11-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\nex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10661 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10661"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10657 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10657"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10658 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10658"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10659 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10659"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10660 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10660"
}
]
}
CVE-2012-0789 (GCVE-0-2012-0789)
Vulnerability from cvelistv5 – Published: 2012-02-14 15:00 – Updated: 2024-08-06 18:38
VLAI
EPSS
Summary
Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://secunia.com/advisories/48668 | third-party-advisoryx_refsource_SECUNIA |
| https://bugzilla.redhat.com/show_bug.cgi?id=783609 | x_refsource_CONFIRM |
| http://www.php.net/ChangeLog-5.php#5.3.9 | x_refsource_CONFIRM |
| https://bugs.php.net/bug.php?id=53502 | x_refsource_CONFIRM |
Date Public
2010-02-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2012:0411",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html"
},
{
"name": "openSUSE-SU-2012:0426",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html"
},
{
"name": "48668",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48668"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=783609"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php#5.3.9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=53502"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-08T20:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SU-2012:0411",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html"
},
{
"name": "openSUSE-SU-2012:0426",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html"
},
{
"name": "48668",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48668"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=783609"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php#5.3.9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=53502"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2012:0411",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html"
},
{
"name": "openSUSE-SU-2012:0426",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html"
},
{
"name": "48668",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48668"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=783609",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=783609"
},
{
"name": "http://www.php.net/ChangeLog-5.php#5.3.9",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php#5.3.9"
},
{
"name": "https://bugs.php.net/bug.php?id=53502",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=53502"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0789",
"datePublished": "2012-02-14T15:00:00.000Z",
"dateReserved": "2012-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:38:14.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0831 (GCVE-0-2012-0831)
Vulnerability from cvelistv5 – Published: 2012-02-10 20:00 – Updated: 2024-08-06 18:38
VLAI
EPSS
Summary
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2012-02-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1358-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1358-1"
},
{
"name": "SUSE-SU-2012:0411",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html"
},
{
"name": "55078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55078"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.php.net/viewvc?view=revision\u0026revision=323016"
},
{
"name": "openSUSE-SU-2012:0426",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html"
},
{
"name": "SUSE-SU-2012:0472",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html"
},
{
"name": "48668",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48668"
},
{
"name": "APPLE-SA-2012-09-19-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name": "RHSA-2013:1307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1307.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5501"
},
{
"name": "FEDORA-2012-6907",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpadlibrarian.net/92454212/php5_5.3.2-1ubuntu4.13.diff.gz"
},
{
"name": "php-magicquotesgpc-sec-bypass(73125)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73125"
},
{
"name": "51954",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51954"
},
{
"name": "FEDORA-2012-6911",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-1358-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1358-1"
},
{
"name": "SUSE-SU-2012:0411",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html"
},
{
"name": "55078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55078"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.php.net/viewvc?view=revision\u0026revision=323016"
},
{
"name": "openSUSE-SU-2012:0426",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html"
},
{
"name": "SUSE-SU-2012:0472",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html"
},
{
"name": "48668",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48668"
},
{
"name": "APPLE-SA-2012-09-19-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name": "RHSA-2013:1307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1307.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5501"
},
{
"name": "FEDORA-2012-6907",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpadlibrarian.net/92454212/php5_5.3.2-1ubuntu4.13.diff.gz"
},
{
"name": "php-magicquotesgpc-sec-bypass(73125)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73125"
},
{
"name": "51954",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51954"
},
{
"name": "FEDORA-2012-6911",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0831",
"datePublished": "2012-02-10T20:00:00.000Z",
"dateReserved": "2012-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:38:14.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0882 (GCVE-0-2012-0882)
Vulnerability from cvelistv5 – Published: 2012-12-21 02:00 – Updated: 2024-08-06 18:38
VLAI
EPSS
Summary
Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://lists.immunityinc.com/pipermail/canvas/20… | mailing-listx_refsource_MLIST |
| https://lists.immunityinc.com/pipermail/canvas/20… | mailing-listx_refsource_MLIST |
| https://bugzilla.redhat.com/show_bug.cgi?id=789141 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2012/02/24/2 | mailing-listx_refsource_MLIST |
| https://blogs.oracle.com/sunsecurity/entry/cve_20… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Canvas] 20120223 VulnDisco MySQL 0day",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.immunityinc.com/pipermail/canvas/2012-February/000014.html"
},
{
"name": "[Canvas] 20120207 VulnDisco Pack Professional 9.17",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.immunityinc.com/pipermail/canvas/2012-February/000011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=789141"
},
{
"name": "[oss-security] 20120224 Re: MySQL 0-day - does it need a CVE?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/24/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0882buffer_overflow_vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-21T02:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Canvas] 20120223 VulnDisco MySQL 0day",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.immunityinc.com/pipermail/canvas/2012-February/000014.html"
},
{
"name": "[Canvas] 20120207 VulnDisco Pack Professional 9.17",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.immunityinc.com/pipermail/canvas/2012-February/000011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=789141"
},
{
"name": "[oss-security] 20120224 Re: MySQL 0-day - does it need a CVE?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/24/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0882buffer_overflow_vulnerability"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0882",
"datePublished": "2012-12-21T02:00:00.000Z",
"dateReserved": "2012-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:38:14.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1172 (GCVE-0-2012-1172)
Vulnerability from cvelistv5 – Published: 2012-05-24 00:00 – Updated: 2024-08-06 18:53
VLAI
EPSS
Summary
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
20 references
Date Public
2009-06-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:35.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT100856",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664\u0026r2=321663\u0026pathrev=321664"
},
{
"name": "FEDORA-2012-6869",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=54374"
},
{
"name": "SUSE-SU-2012:0604",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=49683"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.php.net/viewvc?view=revision\u0026revision=321664"
},
{
"name": "[oss-security] 20120313 Re: CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/03/13/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=48597"
},
{
"name": "SUSE-SU-2012:0598",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/"
},
{
"name": "APPLE-SA-2012-09-19-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5501"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php#5.4.0"
},
{
"name": "FEDORA-2012-6907",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html"
},
{
"name": "HPSBUX02791",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
},
{
"name": "DSA-2465",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2465"
},
{
"name": "FEDORA-2012-6911",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=55500"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SSRT100856",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664\u0026r2=321663\u0026pathrev=321664"
},
{
"name": "FEDORA-2012-6869",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=54374"
},
{
"name": "SUSE-SU-2012:0604",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=49683"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.php.net/viewvc?view=revision\u0026revision=321664"
},
{
"name": "[oss-security] 20120313 Re: CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/03/13/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=48597"
},
{
"name": "SUSE-SU-2012:0598",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/"
},
{
"name": "APPLE-SA-2012-09-19-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5501"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php#5.4.0"
},
{
"name": "FEDORA-2012-6907",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html"
},
{
"name": "HPSBUX02791",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
},
{
"name": "DSA-2465",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2465"
},
{
"name": "FEDORA-2012-6911",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=55500"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT100856",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
},
{
"name": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664\u0026r2=321663\u0026pathrev=321664",
"refsource": "CONFIRM",
"url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664\u0026r2=321663\u0026pathrev=321664"
},
{
"name": "FEDORA-2012-6869",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html"
},
{
"name": "https://bugs.php.net/bug.php?id=54374",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=54374"
},
{
"name": "SUSE-SU-2012:0604",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"
},
{
"name": "https://bugs.php.net/bug.php?id=49683",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=49683"
},
{
"name": "https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/",
"refsource": "MISC",
"url": "https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/"
},
{
"name": "http://svn.php.net/viewvc?view=revision\u0026revision=321664",
"refsource": "CONFIRM",
"url": "http://svn.php.net/viewvc?view=revision\u0026revision=321664"
},
{
"name": "[oss-security] 20120313 Re: CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/03/13/4"
},
{
"name": "https://bugs.php.net/bug.php?id=48597",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=48597"
},
{
"name": "SUSE-SU-2012:0598",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"
},
{
"name": "http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/",
"refsource": "MISC",
"url": "http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/"
},
{
"name": "APPLE-SA-2012-09-19-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name": "http://support.apple.com/kb/HT5501",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5501"
},
{
"name": "https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf",
"refsource": "MISC",
"url": "https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf"
},
{
"name": "http://www.php.net/ChangeLog-5.php#5.4.0",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php#5.4.0"
},
{
"name": "FEDORA-2012-6907",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html"
},
{
"name": "HPSBUX02791",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
},
{
"name": "DSA-2465",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2465"
},
{
"name": "FEDORA-2012-6911",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html"
},
{
"name": "https://bugs.php.net/bug.php?id=55500",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=55500"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1172",
"datePublished": "2012-05-24T00:00:00.000Z",
"dateReserved": "2012-02-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:53:35.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2110 (GCVE-0-2012-2110)
Vulnerability from cvelistv5 – Published: 2012-04-19 17:00 – Updated: 2024-08-06 19:26
VLAI
EPSS
Summary
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
39 references
Date Public
2012-04-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:07.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2012:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html"
},
{
"name": "SUSE-SU-2012:1149",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
},
{
"name": "SSRT101210",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "FEDORA-2012-18035",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
},
{
"name": "48899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48899"
},
{
"name": "20120419 incorrect integer conversions in OpenSSL can result in memory corruption.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html"
},
{
"name": "RHSA-2012:1308",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.openssl.org/chngview?cn=22434"
},
{
"name": "MDVSA-2012:060",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060"
},
{
"name": "RHSA-2012:1307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
},
{
"name": "18756",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18756"
},
{
"name": "RHSA-2012:0518",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html"
},
{
"name": "DSA-2454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2454"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5784"
},
{
"name": "APPLE-SA-2013-06-04-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
},
{
"name": "USN-1424-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1424-1"
},
{
"name": "48895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48895"
},
{
"name": "48847",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48847"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.openssl.org/chngview?cn=22439"
},
{
"name": "RHSA-2012:1306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
},
{
"name": "SUSE-SU-2012:0637",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html"
},
{
"name": "RHSA-2012:0522",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html"
},
{
"name": "FEDORA-2012-6343",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html"
},
{
"name": "HPSBOV02793",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"name": "57353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57353"
},
{
"name": "53158",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53158"
},
{
"name": "HPSBUX02782",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
},
{
"name": "SSRT100891",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"name": "FEDORA-2012-6395",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578"
},
{
"name": "SSRT100852",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"name": "48942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openssl.org/news/secadv_20120419.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.openssl.org/chngview?cn=22431"
},
{
"name": "1026957",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026957"
},
{
"name": "48999",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48999"
},
{
"name": "HPSBMU02776",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"name": "81223",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81223"
},
{
"name": "HPSBMU02900",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "FEDORA-2012-6403",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/KB27376"
},
{
"name": "SSRT100844",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T20:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SU-2012:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html"
},
{
"name": "SUSE-SU-2012:1149",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
},
{
"name": "SSRT101210",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "FEDORA-2012-18035",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
},
{
"name": "48899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48899"
},
{
"name": "20120419 incorrect integer conversions in OpenSSL can result in memory corruption.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html"
},
{
"name": "RHSA-2012:1308",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.openssl.org/chngview?cn=22434"
},
{
"name": "MDVSA-2012:060",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060"
},
{
"name": "RHSA-2012:1307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
},
{
"name": "18756",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18756"
},
{
"name": "RHSA-2012:0518",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html"
},
{
"name": "DSA-2454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2454"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5784"
},
{
"name": "APPLE-SA-2013-06-04-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
},
{
"name": "USN-1424-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1424-1"
},
{
"name": "48895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48895"
},
{
"name": "48847",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48847"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.openssl.org/chngview?cn=22439"
},
{
"name": "RHSA-2012:1306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
},
{
"name": "SUSE-SU-2012:0637",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html"
},
{
"name": "RHSA-2012:0522",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html"
},
{
"name": "FEDORA-2012-6343",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html"
},
{
"name": "HPSBOV02793",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"name": "57353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57353"
},
{
"name": "53158",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53158"
},
{
"name": "HPSBUX02782",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
},
{
"name": "SSRT100891",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"name": "FEDORA-2012-6395",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578"
},
{
"name": "SSRT100852",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"name": "48942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openssl.org/news/secadv_20120419.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.openssl.org/chngview?cn=22431"
},
{
"name": "1026957",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026957"
},
{
"name": "48999",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48999"
},
{
"name": "HPSBMU02776",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"name": "81223",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81223"
},
{
"name": "HPSBMU02900",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "FEDORA-2012-6403",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/KB27376"
},
{
"name": "SSRT100844",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2012:0623",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html"
},
{
"name": "SUSE-SU-2012:1149",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
},
{
"name": "SSRT101210",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "FEDORA-2012-18035",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
},
{
"name": "48899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48899"
},
{
"name": "20120419 incorrect integer conversions in OpenSSL can result in memory corruption.",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html"
},
{
"name": "RHSA-2012:1308",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
},
{
"name": "http://cvs.openssl.org/chngview?cn=22434",
"refsource": "CONFIRM",
"url": "http://cvs.openssl.org/chngview?cn=22434"
},
{
"name": "MDVSA-2012:060",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060"
},
{
"name": "RHSA-2012:1307",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
},
{
"name": "18756",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18756"
},
{
"name": "RHSA-2012:0518",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html"
},
{
"name": "DSA-2454",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2454"
},
{
"name": "http://support.apple.com/kb/HT5784",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5784"
},
{
"name": "APPLE-SA-2013-06-04-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
},
{
"name": "USN-1424-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1424-1"
},
{
"name": "48895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48895"
},
{
"name": "48847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48847"
},
{
"name": "http://cvs.openssl.org/chngview?cn=22439",
"refsource": "CONFIRM",
"url": "http://cvs.openssl.org/chngview?cn=22439"
},
{
"name": "RHSA-2012:1306",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
},
{
"name": "SUSE-SU-2012:0637",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html"
},
{
"name": "RHSA-2012:0522",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html"
},
{
"name": "FEDORA-2012-6343",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html"
},
{
"name": "HPSBOV02793",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"name": "57353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57353"
},
{
"name": "53158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53158"
},
{
"name": "HPSBUX02782",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
},
{
"name": "SSRT100891",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"name": "FEDORA-2012-6395",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html"
},
{
"name": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578",
"refsource": "CONFIRM",
"url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578"
},
{
"name": "SSRT100852",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"name": "48942",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48942"
},
{
"name": "http://www.openssl.org/news/secadv_20120419.txt",
"refsource": "CONFIRM",
"url": "http://www.openssl.org/news/secadv_20120419.txt"
},
{
"name": "http://cvs.openssl.org/chngview?cn=22431",
"refsource": "CONFIRM",
"url": "http://cvs.openssl.org/chngview?cn=22431"
},
{
"name": "1026957",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026957"
},
{
"name": "48999",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48999"
},
{
"name": "HPSBMU02776",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"name": "81223",
"refsource": "OSVDB",
"url": "http://osvdb.org/81223"
},
{
"name": "HPSBMU02900",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "FEDORA-2012-6403",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html"
},
{
"name": "https://kb.juniper.net/KB27376",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/KB27376"
},
{
"name": "SSRT100844",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2110",
"datePublished": "2012-04-19T17:00:00.000Z",
"dateReserved": "2012-04-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:07.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2131 (GCVE-0-2012-2131)
Vulnerability from cvelistv5 – Published: 2012-04-24 20:00 – Updated: 2024-08-06 19:26
VLAI
EPSS
Summary
Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
21 references
Date Public
2012-04-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2012:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html"
},
{
"name": "SUSE-SU-2012:1149",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
},
{
"name": "MDVSA-2012:064",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:064"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"name": "USN-1428-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1428-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.openssl.org/chngview?cn=22479"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openssl.org/news/secadv_20120424.txt"
},
{
"name": "DSA-2454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2454"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5784"
},
{
"name": "APPLE-SA-2013-06-04-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
},
{
"name": "48895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48895"
},
{
"name": "openssl-asn1-code-execution(75099)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75099"
},
{
"name": "48956",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48956"
},
{
"name": "[oss-security] 20120424 Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/24/1"
},
{
"name": "SUSE-SU-2012:0637",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html"
},
{
"name": "HPSBOV02793",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"name": "57353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57353"
},
{
"name": "HPSBUX02782",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
},
{
"name": "SSRT100891",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"name": "1026957",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026957"
},
{
"name": "53212",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53212"
},
{
"name": "SSRT100844",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T20:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SU-2012:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html"
},
{
"name": "SUSE-SU-2012:1149",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
},
{
"name": "MDVSA-2012:064",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:064"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"name": "USN-1428-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1428-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.openssl.org/chngview?cn=22479"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openssl.org/news/secadv_20120424.txt"
},
{
"name": "DSA-2454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2454"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5784"
},
{
"name": "APPLE-SA-2013-06-04-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
},
{
"name": "48895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48895"
},
{
"name": "openssl-asn1-code-execution(75099)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75099"
},
{
"name": "48956",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48956"
},
{
"name": "[oss-security] 20120424 Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/24/1"
},
{
"name": "SUSE-SU-2012:0637",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html"
},
{
"name": "HPSBOV02793",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"name": "57353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57353"
},
{
"name": "HPSBUX02782",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
},
{
"name": "SSRT100891",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"name": "1026957",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026957"
},
{
"name": "53212",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53212"
},
{
"name": "SSRT100844",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2012:0623",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html"
},
{
"name": "SUSE-SU-2012:1149",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
},
{
"name": "MDVSA-2012:064",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:064"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"name": "USN-1428-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1428-1"
},
{
"name": "http://cvs.openssl.org/chngview?cn=22479",
"refsource": "CONFIRM",
"url": "http://cvs.openssl.org/chngview?cn=22479"
},
{
"name": "http://www.openssl.org/news/secadv_20120424.txt",
"refsource": "CONFIRM",
"url": "http://www.openssl.org/news/secadv_20120424.txt"
},
{
"name": "DSA-2454",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2454"
},
{
"name": "http://support.apple.com/kb/HT5784",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5784"
},
{
"name": "APPLE-SA-2013-06-04-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
},
{
"name": "48895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48895"
},
{
"name": "openssl-asn1-code-execution(75099)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75099"
},
{
"name": "48956",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48956"
},
{
"name": "[oss-security] 20120424 Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/24/1"
},
{
"name": "SUSE-SU-2012:0637",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html"
},
{
"name": "HPSBOV02793",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"name": "57353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57353"
},
{
"name": "HPSBUX02782",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
},
{
"name": "SSRT100891",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"name": "1026957",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026957"
},
{
"name": "53212",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53212"
},
{
"name": "SSRT100844",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2131",
"datePublished": "2012-04-24T20:00:00.000Z",
"dateReserved": "2012-04-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:08.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2311 (GCVE-0-2012-2311)
Vulnerability from cvelistv5 – Published: 2012-05-11 10:00 – Updated: 2024-08-06 19:26
VLAI
EPSS
Summary
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2012-05-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT100856",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
},
{
"name": "SUSE-SU-2012:0604",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"
},
{
"name": "1027022",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027022"
},
{
"name": "openSUSE-SU-2012:0590",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/patch-display.php?bug_id=61910\u0026patch=cgi.diff-fix-check.patch\u0026revision=1336093719\u0026display=1"
},
{
"name": "49014",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49014"
},
{
"name": "SUSE-SU-2012:0598",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=61910"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/archive/2012.php#id2012-05-08-1"
},
{
"name": "APPLE-SA-2012-09-19-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5501"
},
{
"name": "SSRT100992",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/"
},
{
"name": "VU#520827",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/520827"
},
{
"name": "HPSBUX02791",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
},
{
"name": "DSA-2465",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2465"
},
{
"name": "49085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49085"
},
{
"name": "HPSBMU02900",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php#5.4.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the \u0027d\u0027 case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SSRT100856",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
},
{
"name": "SUSE-SU-2012:0604",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"
},
{
"name": "1027022",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027022"
},
{
"name": "openSUSE-SU-2012:0590",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/patch-display.php?bug_id=61910\u0026patch=cgi.diff-fix-check.patch\u0026revision=1336093719\u0026display=1"
},
{
"name": "49014",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49014"
},
{
"name": "SUSE-SU-2012:0598",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=61910"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/archive/2012.php#id2012-05-08-1"
},
{
"name": "APPLE-SA-2012-09-19-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5501"
},
{
"name": "SSRT100992",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/"
},
{
"name": "VU#520827",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/520827"
},
{
"name": "HPSBUX02791",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
},
{
"name": "DSA-2465",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2465"
},
{
"name": "49085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49085"
},
{
"name": "HPSBMU02900",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php#5.4.3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2311",
"datePublished": "2012-05-11T10:00:00.000Z",
"dateReserved": "2012-04-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:09.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2329 (GCVE-0-2012-2329)
Vulnerability from cvelistv5 – Published: 2012-05-11 10:00 – Updated: 2024-08-06 19:34
VLAI
EPSS
Summary
Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://bugs.php.net/bug.php?id=61807 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/49014 | third-party-advisoryx_refsource_SECUNIA |
| https://bugzilla.redhat.com/show_bug.cgi?id=820000 | x_refsource_CONFIRM |
| http://www.php.net/archive/2012.php#id2012-05-08-1 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/53455 | vdb-entryx_refsource_BID |
| https://h20564.www2.hp.com/portal/site/hpsc/publi… | vendor-advisoryx_refsource_HP |
| http://www.php.net/ChangeLog-5.php#5.4.3 | x_refsource_CONFIRM |
Date Public
2012-05-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:23.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=61807"
},
{
"name": "php-apacherequestheaders-bo(75545)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75545"
},
{
"name": "49014",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49014"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=820000"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/archive/2012.php#id2012-05-08-1"
},
{
"name": "53455",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53455"
},
{
"name": "SSRT100992",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "HPSBMU02900",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php#5.4.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=61807"
},
{
"name": "php-apacherequestheaders-bo(75545)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75545"
},
{
"name": "49014",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49014"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=820000"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/archive/2012.php#id2012-05-08-1"
},
{
"name": "53455",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53455"
},
{
"name": "SSRT100992",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "HPSBMU02900",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php#5.4.3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=61807",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=61807"
},
{
"name": "php-apacherequestheaders-bo(75545)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75545"
},
{
"name": "49014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49014"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=820000",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=820000"
},
{
"name": "http://www.php.net/archive/2012.php#id2012-05-08-1",
"refsource": "CONFIRM",
"url": "http://www.php.net/archive/2012.php#id2012-05-08-1"
},
{
"name": "53455",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53455"
},
{
"name": "SSRT100992",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "HPSBMU02900",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "http://www.php.net/ChangeLog-5.php#5.4.3",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php#5.4.3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2329",
"datePublished": "2012-05-11T10:00:00.000Z",
"dateReserved": "2012-04-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:34:23.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2337 (GCVE-0-2012-2337)
Vulnerability from cvelistv5 – Published: 2012-05-18 18:00 – Updated: 2024-08-06 19:34
VLAI
EPSS
Summary
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=820677 | x_refsource_CONFIRM |
| http://secunia.com/advisories/49219 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/49948 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/49244 | third-party-advisoryx_refsource_SECUNIA |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://secunia.com/advisories/49291 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2012/dsa-2478 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securitytracker.com/id?1027077 | vdb-entryx_refsource_SECTRACK |
| https://www.suse.com/security/cve/CVE-2012-2337/ | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.sudo.ws/sudo/alerts/netmask.html | x_refsource_CONFIRM |
Date Public
2012-05-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:24.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=820677"
},
{
"name": "49219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49219"
},
{
"name": "49948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49948"
},
{
"name": "49244",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49244"
},
{
"name": "MDVSA-2012:079",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:079"
},
{
"name": "49291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49291"
},
{
"name": "DSA-2478",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2478"
},
{
"name": "1027077",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.suse.com/security/cve/CVE-2012-2337/"
},
{
"name": "FEDORA-2012-7998",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081432.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/sudo/alerts/netmask.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T20:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=820677"
},
{
"name": "49219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49219"
},
{
"name": "49948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49948"
},
{
"name": "49244",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49244"
},
{
"name": "MDVSA-2012:079",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:079"
},
{
"name": "49291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49291"
},
{
"name": "DSA-2478",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2478"
},
{
"name": "1027077",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.suse.com/security/cve/CVE-2012-2337/"
},
{
"name": "FEDORA-2012-7998",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081432.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/sudo/alerts/netmask.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2337",
"datePublished": "2012-05-18T18:00:00.000Z",
"dateReserved": "2012-04-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:34:24.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3158 (GCVE-0-2012-3158)
Vulnerability from cvelistv5 – Published: 2012-10-16 23:00 – Updated: 2024-08-06 19:57
VLAI
EPSS
Summary
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/51177 | third-party-advisoryx_refsource_SECUNIA |
| http://rhn.redhat.com/errata/RHSA-2012-1462.html | vendor-advisoryx_refsource_REDHAT |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://secunia.com/advisories/53372 | third-party-advisoryx_refsource_SECUNIA |
| http://security.gentoo.org/glsa/glsa-201308-06.xml | vendor-advisoryx_refsource_GENTOO |
| http://www.debian.org/security/2012/dsa-2581 | vendor-advisoryx_refsource_DEBIAN |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://secunia.com/advisories/51309 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.ubuntu.com/usn/USN-1621-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
Date Public
2012-10-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:57:49.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51177"
},
{
"name": "RHSA-2012:1462",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1462.html"
},
{
"name": "MDVSA-2013:102",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "DSA-2581",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2581"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "51309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51309"
},
{
"name": "mysqlserver-protocol-cve20123158(79382)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79382"
},
{
"name": "USN-1621-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1621-1"
},
{
"name": "MDVSA-2013:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "51177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51177"
},
{
"name": "RHSA-2012:1462",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1462.html"
},
{
"name": "MDVSA-2013:102",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "DSA-2581",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2581"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "51309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51309"
},
{
"name": "mysqlserver-protocol-cve20123158(79382)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79382"
},
{
"name": "USN-1621-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1621-1"
},
{
"name": "MDVSA-2013:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-3158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51177"
},
{
"name": "RHSA-2012:1462",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1462.html"
},
{
"name": "MDVSA-2013:102",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102"
},
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "DSA-2581",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2581"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "51309",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51309"
},
{
"name": "mysqlserver-protocol-cve20123158(79382)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79382"
},
{
"name": "USN-1621-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1621-1"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2012-3158",
"datePublished": "2012-10-16T23:00:00.000Z",
"dateReserved": "2012-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:57:49.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…