Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2015-AVI-355
Vulnerability from certfr_avis - Published: 2015-08-14 - Updated: 2015-08-14
De multiples vulnérabilités ont été corrigées dans Apple OS X. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OS X Mavericks versions ant\u00e9rieures \u00e0 10.9.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X Mountain Lion versions ant\u00e9rieures \u00e0 10.8.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X Yosemite versions ant\u00e9rieures \u00e0 10.10.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-4024",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4024"
},
{
"name": "CVE-2015-3768",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3768"
},
{
"name": "CVE-2015-3799",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3799"
},
{
"name": "CVE-2015-3307",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3307"
},
{
"name": "CVE-2015-3153",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3153"
},
{
"name": "CVE-2015-4148",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4148"
},
{
"name": "CVE-2015-3789",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3789"
},
{
"name": "CVE-2015-4026",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4026"
},
{
"name": "CVE-2015-5600",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
},
{
"name": "CVE-2015-3757",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3757"
},
{
"name": "CVE-2015-5782",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5782"
},
{
"name": "CVE-2015-3773",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3773"
},
{
"name": "CVE-2014-0191",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0191"
},
{
"name": "CVE-2013-7040",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7040"
},
{
"name": "CVE-2015-3183",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3183"
},
{
"name": "CVE-2015-1791",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1791"
},
{
"name": "CVE-2014-3583",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3583"
},
{
"name": "CVE-2015-3782",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3782"
},
{
"name": "CVE-2014-3581",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3581"
},
{
"name": "CVE-2015-3805",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3805"
},
{
"name": "CVE-2015-3765",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3765"
},
{
"name": "CVE-2015-5779",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5779"
},
{
"name": "CVE-2009-5078",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5078"
},
{
"name": "CVE-2015-3766",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3766"
},
{
"name": "CVE-2015-3148",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3148"
},
{
"name": "CVE-2014-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3613"
},
{
"name": "CVE-2015-3807",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3807"
},
{
"name": "CVE-2015-3796",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3796"
},
{
"name": "CVE-2013-1775",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1775"
},
{
"name": "CVE-2014-7185",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7185"
},
{
"name": "CVE-2014-0067",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0067"
},
{
"name": "CVE-2012-6685",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6685"
},
{
"name": "CVE-2015-2787",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2787"
},
{
"name": "CVE-2015-3804",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3804"
},
{
"name": "CVE-2015-3764",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3764"
},
{
"name": "CVE-2015-5757",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5757"
},
{
"name": "CVE-2015-4025",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4025"
},
{
"name": "CVE-2015-5753",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5753"
},
{
"name": "CVE-2014-7844",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7844"
},
{
"name": "CVE-2015-5748",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5748"
},
{
"name": "CVE-2013-7422",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7422"
},
{
"name": "CVE-2015-0241",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0241"
},
{
"name": "CVE-2015-3800",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3800"
},
{
"name": "CVE-2014-8151",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8151"
},
{
"name": "CVE-2015-3185",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3185"
},
{
"name": "CVE-2015-0243",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0243"
},
{
"name": "CVE-2015-1789",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1789"
},
{
"name": "CVE-2015-0244",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0244"
},
{
"name": "CVE-2014-8150",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8150"
},
{
"name": "CVE-2014-9140",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9140"
},
{
"name": "CVE-2015-3330",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3330"
},
{
"name": "CVE-2014-3707",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3707"
},
{
"name": "CVE-2015-3776",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3776"
},
{
"name": "CVE-2009-5044",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5044"
},
{
"name": "CVE-2015-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3143"
},
{
"name": "CVE-2014-0106",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0106"
},
{
"name": "CVE-2015-5750",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5750"
},
{
"name": "CVE-2015-3787",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3787"
},
{
"name": "CVE-2015-5751",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5751"
},
{
"name": "CVE-2015-3780",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3780"
},
{
"name": "CVE-2015-3802",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3802"
},
{
"name": "CVE-2013-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7338"
},
{
"name": "CVE-2015-5781",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5781"
},
{
"name": "CVE-2014-9680",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9680"
},
{
"name": "CVE-2015-4022",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4022"
},
{
"name": "CVE-2015-3771",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3771"
},
{
"name": "CVE-2015-3806",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3806"
},
{
"name": "CVE-2015-3329",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3329"
},
{
"name": "CVE-2015-1788",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
},
{
"name": "CVE-2015-3788",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3788"
},
{
"name": "CVE-2015-1792",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1792"
},
{
"name": "CVE-2015-5778",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5778"
},
{
"name": "CVE-2015-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3803"
},
{
"name": "CVE-2015-3772",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3772"
},
{
"name": "CVE-2015-3762",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3762"
},
{
"name": "CVE-2015-3769",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3769"
},
{
"name": "CVE-2013-2776",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2776"
},
{
"name": "CVE-2015-3774",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3774"
},
{
"name": "CVE-2015-5758",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5758"
},
{
"name": "CVE-2015-5756",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5756"
},
{
"name": "CVE-2015-5761",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5761"
},
{
"name": "CVE-2015-5763",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5763"
},
{
"name": "CVE-2015-3770",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3770"
},
{
"name": "CVE-2015-3781",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3781"
},
{
"name": "CVE-2015-3145",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3145"
},
{
"name": "CVE-2013-1776",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1776"
},
{
"name": "CVE-2015-0228",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0228"
},
{
"name": "CVE-2015-3144",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3144"
},
{
"name": "CVE-2015-5783",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5783"
},
{
"name": "CVE-2015-5771",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5771"
},
{
"name": "CVE-2015-3775",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3775"
},
{
"name": "CVE-2015-3760",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3760"
},
{
"name": "CVE-2014-8161",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8161"
},
{
"name": "CVE-2015-3795",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3795"
},
{
"name": "CVE-2015-0242",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0242"
},
{
"name": "CVE-2014-8769",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8769"
},
{
"name": "CVE-2014-9365",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9365"
},
{
"name": "CVE-2015-4021",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4021"
},
{
"name": "CVE-2015-5755",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5755"
},
{
"name": "CVE-2015-3761",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3761"
},
{
"name": "CVE-2015-2783",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2783"
},
{
"name": "CVE-2015-3791",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3791"
},
{
"name": "CVE-2015-5772",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5772"
},
{
"name": "CVE-2015-5747",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5747"
},
{
"name": "CVE-2014-3620",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3620"
},
{
"name": "CVE-2015-3784",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3784"
},
{
"name": "CVE-2015-5774",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5774"
},
{
"name": "CVE-2015-0253",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0253"
},
{
"name": "CVE-2015-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3786"
},
{
"name": "CVE-2015-3792",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3792"
},
{
"name": "CVE-2015-5776",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5776"
},
{
"name": "CVE-2015-5784",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5784"
},
{
"name": "CVE-2015-5775",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5775"
},
{
"name": "CVE-2015-4147",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4147"
},
{
"name": "CVE-2015-5754",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5754"
},
{
"name": "CVE-2014-8109",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8109"
},
{
"name": "CVE-2014-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
},
{
"name": "CVE-2015-5777",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5777"
},
{
"name": "CVE-2013-2777",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2777"
},
{
"name": "CVE-2015-3783",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3783"
},
{
"name": "CVE-2015-5773",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5773"
},
{
"name": "CVE-2015-3794",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3794"
},
{
"name": "CVE-2015-3777",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3777"
},
{
"name": "CVE-2015-3797",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3797"
},
{
"name": "CVE-2014-1912",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1912"
},
{
"name": "CVE-2014-8767",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8767"
},
{
"name": "CVE-2015-3767",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3767"
},
{
"name": "CVE-2015-3790",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3790"
},
{
"name": "CVE-2015-3779",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3779"
},
{
"name": "CVE-2015-5768",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5768"
},
{
"name": "CVE-2015-3778",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3778"
},
{
"name": "CVE-2015-3798",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3798"
},
{
"name": "CVE-2015-1790",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1790"
}
],
"initial_release_date": "2015-08-14T00:00:00",
"last_revision_date": "2015-08-14T00:00:00",
"links": [],
"reference": "CERTFR-2015-AVI-355",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-08-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OS X\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nun d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OS X",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT205031 du 13 ao\u00fbt 2015",
"url": "https://support.apple.com/en-us/HT205031"
}
]
}
CVE-2014-7185 (GCVE-0-2014-7185)
Vulnerability from cvelistv5 – Published: 2014-10-08 17:00 – Updated: 2024-08-06 12:40
VLAI
EPSS
Summary
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2014-06-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140925 Re: CVE Request: Python 2.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/47"
},
{
"name": "FEDORA-2014-11559",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139663.html"
},
{
"name": "python-bufferobject-overflow(96193)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96193"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1146026"
},
{
"name": "[oss-security] 20140923 CVE Request: Python 2.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/23/5"
},
{
"name": "RHSA-2015:1064",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1064.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.python.org/issue21831"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "GLSA-201503-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201503-10"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "RHSA-2015:1330",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1330.html"
},
{
"name": "openSUSE-SU-2014:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "70089",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70089"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a \"buffer\" function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140925 Re: CVE Request: Python 2.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/47"
},
{
"name": "FEDORA-2014-11559",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139663.html"
},
{
"name": "python-bufferobject-overflow(96193)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96193"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1146026"
},
{
"name": "[oss-security] 20140923 CVE Request: Python 2.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/23/5"
},
{
"name": "RHSA-2015:1064",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1064.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.python.org/issue21831"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "GLSA-201503-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201503-10"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "RHSA-2015:1330",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1330.html"
},
{
"name": "openSUSE-SU-2014:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "70089",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70089"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a \"buffer\" function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140925 Re: CVE Request: Python 2.7",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/47"
},
{
"name": "FEDORA-2014-11559",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139663.html"
},
{
"name": "python-bufferobject-overflow(96193)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96193"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1146026",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1146026"
},
{
"name": "[oss-security] 20140923 CVE Request: Python 2.7",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/23/5"
},
{
"name": "RHSA-2015:1064",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1064.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "http://bugs.python.org/issue21831",
"refsource": "CONFIRM",
"url": "http://bugs.python.org/issue21831"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "GLSA-201503-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-10"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "RHSA-2015:1330",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1330.html"
},
{
"name": "openSUSE-SU-2014:1292",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00016.html"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "70089",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70089"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7185",
"datePublished": "2014-10-08T17:00:00.000Z",
"dateReserved": "2014-09-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:40:19.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7844 (GCVE-0-2014-7844)
Vulnerability from cvelistv5 – Published: 2020-01-14 16:13 – Updated: 2024-08-06 13:03
VLAI
EPSS
Summary
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.
Severity
No CVSS data available.
CWE
- Metacharacters
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://seclists.org/oss-sec/2014/q4/1066 | x_refsource_MISC |
| http://linux.oracle.com/errata/ELSA-2014-1999.html | x_refsource_MISC |
| http://www.debian.org/security/2014/dsa-3104 | x_refsource_MISC |
| http://www.debian.org/security/2014/dsa-3105 | x_refsource_MISC |
| http://rhn.redhat.com/errata/RHSA-2014-1999.html | x_refsource_MISC |
Date Public
2004-10-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:03:27.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q4/1066"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-1999.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3104"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3105"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mailx",
"vendor": "BSD",
"versions": [
{
"status": "affected",
"version": "8.1.2 and earlier"
}
]
}
],
"datePublic": "2004-10-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Metacharacters",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T16:13:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/oss-sec/2014/q4/1066"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-1999.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2014/dsa-3104"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2014/dsa-3105"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-7844",
"datePublished": "2020-01-14T16:13:01.000Z",
"dateReserved": "2014-10-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:03:27.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8109 (GCVE-0-2014-8109)
Vulnerability from cvelistv5 – Published: 2014-12-29 23:00 – Updated: 2024-08-06 13:10
VLAI
EPSS
Summary
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
25 references
Date Public
2014-11-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/apache/httpd/commit/3f1693d558d0758f829c8b53993f1749ddf6ffcb"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174077"
},
{
"name": "USN-2523-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2523-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "[oss-security] 20141128 CVE Request: \"LuaAuthzProvider\" in Apache HTTP Server mixes up arguments",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/11/28/5"
},
{
"name": "73040",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73040"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0011.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=57204"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "APPLE-SA-2015-09-16-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
},
{
"name": "FEDORA-2015-9216",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159352.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205219"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [9/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-06T10:11:30.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/apache/httpd/commit/3f1693d558d0758f829c8b53993f1749ddf6ffcb"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174077"
},
{
"name": "USN-2523-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2523-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "[oss-security] 20141128 CVE Request: \"LuaAuthzProvider\" in Apache HTTP Server mixes up arguments",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/11/28/5"
},
{
"name": "73040",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73040"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0011.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=57204"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "APPLE-SA-2015-09-16-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
},
{
"name": "FEDORA-2015-9216",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159352.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205219"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [9/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8109",
"datePublished": "2014-12-29T23:00:00.000Z",
"dateReserved": "2014-10-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:10:50.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8150 (GCVE-0-2014-8150)
Vulnerability from cvelistv5 – Published: 2015-01-15 15:00 – Updated: 2024-08-06 13:10
VLAI
EPSS
Summary
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
24 references
Date Public
2015-01-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62361",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62361"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10131"
},
{
"name": "FEDORA-2015-6853",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0020.html"
},
{
"name": "71964",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71964"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name": "1032768",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032768"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "FEDORA-2015-0418",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147856.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://curl.haxx.se/docs/adv_20150108B.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "RHSA-2015:1254",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1254.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743"
},
{
"name": "openSUSE-SU-2015:0248",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "FEDORA-2015-0415",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147876.html"
},
{
"name": "USN-2474-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2474-1"
},
{
"name": "GLSA-201701-47",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-47"
},
{
"name": "FEDORA-2015-6864",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html"
},
{
"name": "MDVSA-2015:021",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:021"
},
{
"name": "62075",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62075"
},
{
"name": "DSA-3122",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3122"
},
{
"name": "61925",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61925"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "62361",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62361"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10131"
},
{
"name": "FEDORA-2015-6853",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0020.html"
},
{
"name": "71964",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71964"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name": "1032768",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032768"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "FEDORA-2015-0418",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147856.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://curl.haxx.se/docs/adv_20150108B.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "RHSA-2015:1254",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1254.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743"
},
{
"name": "openSUSE-SU-2015:0248",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "FEDORA-2015-0415",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147876.html"
},
{
"name": "USN-2474-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2474-1"
},
{
"name": "GLSA-201701-47",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-47"
},
{
"name": "FEDORA-2015-6864",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html"
},
{
"name": "MDVSA-2015:021",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:021"
},
{
"name": "62075",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62075"
},
{
"name": "DSA-3122",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3122"
},
{
"name": "61925",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61925"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62361",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62361"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10131",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10131"
},
{
"name": "FEDORA-2015-6853",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0020.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0020.html"
},
{
"name": "71964",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71964"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name": "1032768",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032768"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "FEDORA-2015-0418",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147856.html"
},
{
"name": "http://curl.haxx.se/docs/adv_20150108B.html",
"refsource": "CONFIRM",
"url": "http://curl.haxx.se/docs/adv_20150108B.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "RHSA-2015:1254",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1254.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743"
},
{
"name": "openSUSE-SU-2015:0248",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00040.html"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "FEDORA-2015-0415",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147876.html"
},
{
"name": "USN-2474-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2474-1"
},
{
"name": "GLSA-201701-47",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-47"
},
{
"name": "FEDORA-2015-6864",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html"
},
{
"name": "MDVSA-2015:021",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:021"
},
{
"name": "62075",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62075"
},
{
"name": "DSA-3122",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3122"
},
{
"name": "61925",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61925"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8150",
"datePublished": "2015-01-15T15:00:00.000Z",
"dateReserved": "2014-10-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:10:50.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8151 (GCVE-0-2014-8151)
Vulnerability from cvelistv5 – Published: 2015-01-15 15:00 – Updated: 2024-08-06 13:10
VLAI
EPSS
Summary
The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://curl.haxx.se/docs/adv_20150108A.html | x_refsource_CONFIRM |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| https://support.apple.com/kb/HT205031 | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201701-47 | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/61925 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2015-01-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:51.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://curl.haxx.se/docs/adv_20150108A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "GLSA-201701-47",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-47"
},
{
"name": "61925",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61925"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://curl.haxx.se/docs/adv_20150108A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "GLSA-201701-47",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-47"
},
{
"name": "61925",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61925"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "http://curl.haxx.se/docs/adv_20150108A.html",
"refsource": "CONFIRM",
"url": "http://curl.haxx.se/docs/adv_20150108A.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "GLSA-201701-47",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-47"
},
{
"name": "61925",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61925"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8151",
"datePublished": "2015-01-15T15:00:00.000Z",
"dateReserved": "2014-10-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:10:51.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8161 (GCVE-0-2014-8161)
Vulnerability from cvelistv5 – Published: 2020-01-27 15:29 – Updated: 2024-08-06 13:10
VLAI
EPSS
Summary
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
Severity
No CVSS data available.
CWE
- Path Disclosure
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.postgresql.org/docs/9.4/static/release… | x_refsource_CONFIRM |
| http://www.postgresql.org/docs/current/static/rel… | x_refsource_CONFIRM |
| http://www.postgresql.org/docs/current/static/rel… | x_refsource_CONFIRM |
| http://www.postgresql.org/docs/current/static/rel… | x_refsource_CONFIRM |
| http://www.postgresql.org/docs/current/static/rel… | x_refsource_CONFIRM |
| http://www.postgresql.org/about/news/1569/ | x_refsource_CONFIRM |
| http://www.debian.org/security/2015/dsa-3155 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PostgreSQL Global Development Group | PostgreSQL |
Affected:
before 9.0.19
Affected: 9.1.x before 9.1.15 Affected: 9.2.x before 9.2.10 Affected: 9.3.x before 9.3.6 Affected: 9.4.x before 9.4.1 |
Date Public
2015-02-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:51.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/about/news/1569/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PostgreSQL",
"vendor": "PostgreSQL Global Development Group",
"versions": [
{
"status": "affected",
"version": "before 9.0.19"
},
{
"status": "affected",
"version": "9.1.x before 9.1.15"
},
{
"status": "affected",
"version": "9.2.x before 9.2.10"
},
{
"status": "affected",
"version": "9.3.x before 9.3.6"
},
{
"status": "affected",
"version": "9.4.x before 9.4.1"
}
]
}
],
"datePublic": "2015-02-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T15:29:21.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/about/news/1569/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.debian.org/security/2015/dsa-3155"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PostgreSQL",
"version": {
"version_data": [
{
"version_value": "before 9.0.19"
},
{
"version_value": "9.1.x before 9.1.15"
},
{
"version_value": "9.2.x before 9.2.10"
},
{
"version_value": "9.3.x before 9.3.6"
},
{
"version_value": "9.4.x before 9.4.1"
}
]
}
}
]
},
"vendor_name": "PostgreSQL Global Development Group"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"
},
{
"name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"
},
{
"name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"
},
{
"name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"
},
{
"name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"
},
{
"name": "http://www.postgresql.org/about/news/1569/",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/about/news/1569/"
},
{
"name": "http://www.debian.org/security/2015/dsa-3155",
"refsource": "CONFIRM",
"url": "http://www.debian.org/security/2015/dsa-3155"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8161",
"datePublished": "2020-01-27T15:29:21.000Z",
"dateReserved": "2014-10-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:10:51.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8767 (GCVE-0-2014-8767)
Vulnerability from cvelistv5 – Published: 2014-11-20 17:00 – Updated: 2024-08-06 13:26
VLAI
EPSS
Summary
Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2014-11-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2014:240",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:240"
},
{
"name": "MDVSA-2015:125",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:125"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129155/tcpdump-4.6.2-OSLR-Denial-Of-Service.html"
},
{
"name": "openSUSE-SU-2015:0284",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html"
},
{
"name": "tcpdump-cve20148767-dos(98765)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98765"
},
{
"name": "20141118 CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534011/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "20141118 CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/47"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "USN-2433-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2433-1"
},
{
"name": "DSA-3086",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3086"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0503.html"
},
{
"name": "71150",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71150"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2014:240",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:240"
},
{
"name": "MDVSA-2015:125",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:125"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129155/tcpdump-4.6.2-OSLR-Denial-Of-Service.html"
},
{
"name": "openSUSE-SU-2015:0284",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html"
},
{
"name": "tcpdump-cve20148767-dos(98765)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98765"
},
{
"name": "20141118 CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534011/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "20141118 CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/47"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "USN-2433-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2433-1"
},
{
"name": "DSA-3086",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3086"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0503.html"
},
{
"name": "71150",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71150"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205031"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2014:240",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:240"
},
{
"name": "MDVSA-2015:125",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:125"
},
{
"name": "http://packetstormsecurity.com/files/129155/tcpdump-4.6.2-OSLR-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129155/tcpdump-4.6.2-OSLR-Denial-Of-Service.html"
},
{
"name": "openSUSE-SU-2015:0284",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html"
},
{
"name": "tcpdump-cve20148767-dos(98765)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98765"
},
{
"name": "20141118 CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534011/100/0/threaded"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "20141118 CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/47"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "USN-2433-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2433-1"
},
{
"name": "DSA-3086",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3086"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0503.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0503.html"
},
{
"name": "71150",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71150"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8767",
"datePublished": "2014-11-20T17:00:00.000Z",
"dateReserved": "2014-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:26:02.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8769 (GCVE-0-2014-8769)
Vulnerability from cvelistv5 – Published: 2014-11-20 17:00 – Updated: 2024-08-06 13:26
VLAI
EPSS
Summary
tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2014-11-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2014:240",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:240"
},
{
"name": "MDVSA-2015:125",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:125"
},
{
"name": "openSUSE-SU-2015:0284",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "71153",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71153"
},
{
"name": "20141118 CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534009/100/0/threaded"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "tcpdump-cve20148769-dos(98764)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98764"
},
{
"name": "USN-2433-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2433-1"
},
{
"name": "DSA-3086",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3086"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0503.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129157/tcpdump-4.6.2-AOVD-Unreliable-Output.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "20141118 CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/49"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2014:240",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:240"
},
{
"name": "MDVSA-2015:125",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:125"
},
{
"name": "openSUSE-SU-2015:0284",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "71153",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71153"
},
{
"name": "20141118 CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534009/100/0/threaded"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "tcpdump-cve20148769-dos(98764)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98764"
},
{
"name": "USN-2433-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2433-1"
},
{
"name": "DSA-3086",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3086"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0503.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129157/tcpdump-4.6.2-AOVD-Unreliable-Output.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "20141118 CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/49"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2014:240",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:240"
},
{
"name": "MDVSA-2015:125",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:125"
},
{
"name": "openSUSE-SU-2015:0284",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "71153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71153"
},
{
"name": "20141118 CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534009/100/0/threaded"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "tcpdump-cve20148769-dos(98764)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98764"
},
{
"name": "USN-2433-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2433-1"
},
{
"name": "DSA-3086",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3086"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0503.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0503.html"
},
{
"name": "http://packetstormsecurity.com/files/129157/tcpdump-4.6.2-AOVD-Unreliable-Output.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129157/tcpdump-4.6.2-AOVD-Unreliable-Output.html"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "20141118 CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/49"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8769",
"datePublished": "2014-11-20T17:00:00.000Z",
"dateReserved": "2014-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:26:02.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9140 (GCVE-0-2014-9140)
Vulnerability from cvelistv5 – Published: 2014-12-05 16:00 – Updated: 2024-08-06 13:33
VLAI
EPSS
Summary
Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2014-10-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2014:240",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:240"
},
{
"name": "MDVSA-2015:125",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:125"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/0f95d441e4b5d7512cc5c326c8668a120e048eda"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "20150309 tcpdump 4.7.2 remote crashes",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534829/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0511.html"
},
{
"name": "USN-2433-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2433-1"
},
{
"name": "openSUSE-SU-2015:0616",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00084.html"
},
{
"name": "DSA-3086",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3086"
},
{
"name": "71468",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71468"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "DSA-3193",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3193"
},
{
"name": "[tcpdump] 20141124 Re: Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/tcpdump/2014/q4/72"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2014:240",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:240"
},
{
"name": "MDVSA-2015:125",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:125"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/0f95d441e4b5d7512cc5c326c8668a120e048eda"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "20150309 tcpdump 4.7.2 remote crashes",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534829/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0511.html"
},
{
"name": "USN-2433-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2433-1"
},
{
"name": "openSUSE-SU-2015:0616",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00084.html"
},
{
"name": "DSA-3086",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3086"
},
{
"name": "71468",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71468"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "DSA-3193",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3193"
},
{
"name": "[tcpdump] 20141124 Re: Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/tcpdump/2014/q4/72"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2014:240",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:240"
},
{
"name": "MDVSA-2015:125",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:125"
},
{
"name": "http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html"
},
{
"name": "https://github.com/the-tcpdump-group/tcpdump/commit/0f95d441e4b5d7512cc5c326c8668a120e048eda",
"refsource": "CONFIRM",
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/0f95d441e4b5d7512cc5c326c8668a120e048eda"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "20150309 tcpdump 4.7.2 remote crashes",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534829/100/0/threaded"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0511.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0511.html"
},
{
"name": "USN-2433-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2433-1"
},
{
"name": "openSUSE-SU-2015:0616",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00084.html"
},
{
"name": "DSA-3086",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3086"
},
{
"name": "71468",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71468"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "DSA-3193",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3193"
},
{
"name": "[tcpdump] 20141124 Re: Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769?",
"refsource": "MLIST",
"url": "http://seclists.org/tcpdump/2014/q4/72"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9140",
"datePublished": "2014-12-05T16:00:00.000Z",
"dateReserved": "2014-11-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:33:13.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9365 (GCVE-0-2014-9365)
Vulnerability from cvelistv5 – Published: 2014-12-12 11:00 – Updated: 2024-08-06 13:40
VLAI
EPSS
Summary
The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2017:1162 | vendor-advisoryx_refsource_REDHAT |
| https://www.python.org/dev/peps/pep-0476/ | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/71639 | vdb-entryx_refsource_BID |
| https://access.redhat.com/errata/RHSA-2016:1166 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2017:1868 | vendor-advisoryx_refsource_REDHAT |
| http://bugs.python.org/issue22417 | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201503-10 | vendor-advisoryx_refsource_GENTOO |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| https://www.python.org/downloads/release/python-279/ | x_refsource_CONFIRM |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2014/12/11/1 | mailing-listx_refsource_MLIST |
| https://support.apple.com/kb/HT205031 | x_refsource_CONFIRM |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
Date Public
2014-12-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:1162",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1162"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.python.org/dev/peps/pep-0476/"
},
{
"name": "71639",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71639"
},
{
"name": "RHSA-2016:1166",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1166"
},
{
"name": "RHSA-2017:1868",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1868"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.python.org/issue22417"
},
{
"name": "GLSA-201503-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201503-10"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.python.org/downloads/release/python-279/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "[oss-security] 20141211 CVE request: Python, standard library HTTP clients",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/11/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject\u0027s (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2017:1162",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1162"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.python.org/dev/peps/pep-0476/"
},
{
"name": "71639",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71639"
},
{
"name": "RHSA-2016:1166",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1166"
},
{
"name": "RHSA-2017:1868",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1868"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.python.org/issue22417"
},
{
"name": "GLSA-201503-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201503-10"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.python.org/downloads/release/python-279/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "[oss-security] 20141211 CVE request: Python, standard library HTTP clients",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/11/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject\u0027s (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1162",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1162"
},
{
"name": "https://www.python.org/dev/peps/pep-0476/",
"refsource": "CONFIRM",
"url": "https://www.python.org/dev/peps/pep-0476/"
},
{
"name": "71639",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71639"
},
{
"name": "RHSA-2016:1166",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1166"
},
{
"name": "RHSA-2017:1868",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1868"
},
{
"name": "http://bugs.python.org/issue22417",
"refsource": "CONFIRM",
"url": "http://bugs.python.org/issue22417"
},
{
"name": "GLSA-201503-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-10"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "https://www.python.org/downloads/release/python-279/",
"refsource": "CONFIRM",
"url": "https://www.python.org/downloads/release/python-279/"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "[oss-security] 20141211 CVE request: Python, standard library HTTP clients",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/12/11/1"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9365",
"datePublished": "2014-12-12T11:00:00.000Z",
"dateReserved": "2014-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:40:25.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…