Vulnerabilites related to redhat - fedora
CVE-2014-9278 (GCVE-0-2014-9278)
Vulnerability from cvelistv5
Published
2014-12-06 15:00
Modified
2024-08-06 13:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "71420",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71420"
},
{
"name": "[oss-security] 20141204 Re: CVE request: OpenSSH ~/.k5users patch (Fedora and downstreams)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/04/17"
},
{
"name": "RHSA-2015:0425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0425.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169843"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mindrot.org/show_bug.cgi?id=1867"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://thread.gmane.org/gmane.comp.encryption.kerberos.general/15855"
},
{
"name": "openssh-gssservkrb5-sec-bypass(99090)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99090"
},
{
"name": "[oss-security] 20141202 CVE request: OpenSSH ~/.k5users patch (Fedora and downstreams)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/02/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "71420",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71420"
},
{
"name": "[oss-security] 20141204 Re: CVE request: OpenSSH ~/.k5users patch (Fedora and downstreams)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/04/17"
},
{
"name": "RHSA-2015:0425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0425.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169843"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mindrot.org/show_bug.cgi?id=1867"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://thread.gmane.org/gmane.comp.encryption.kerberos.general/15855"
},
{
"name": "openssh-gssservkrb5-sec-bypass(99090)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99090"
},
{
"name": "[oss-security] 20141202 CVE request: OpenSSH ~/.k5users patch (Fedora and downstreams)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/02/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-9278",
"datePublished": "2014-12-06T15:00:00",
"dateReserved": "2014-12-04T00:00:00",
"dateUpdated": "2024-08-06T13:40:25.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3252 (GCVE-0-2008-3252)
Vulnerability from cvelistv5
Published
2008-07-21 17:00
Modified
2024-08-07 09:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "newsx-readarticle-bo(43844)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43844"
},
{
"name": "31307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31307"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=454483"
},
{
"name": "31080",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31080"
},
{
"name": "DSA-1622",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1622"
},
{
"name": "30231",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30231"
},
{
"name": "FEDORA-2008-6321",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00565.html"
},
{
"name": "FEDORA-2008-6319",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00485.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "newsx-readarticle-bo(43844)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43844"
},
{
"name": "31307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31307"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=454483"
},
{
"name": "31080",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31080"
},
{
"name": "DSA-1622",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1622"
},
{
"name": "30231",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30231"
},
{
"name": "FEDORA-2008-6321",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00565.html"
},
{
"name": "FEDORA-2008-6319",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00485.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "newsx-readarticle-bo(43844)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43844"
},
{
"name": "31307",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31307"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=454483",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=454483"
},
{
"name": "31080",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31080"
},
{
"name": "DSA-1622",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1622"
},
{
"name": "30231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30231"
},
{
"name": "FEDORA-2008-6321",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00565.html"
},
{
"name": "FEDORA-2008-6319",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00485.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3252",
"datePublished": "2008-07-21T17:00:00",
"dateReserved": "2008-07-21T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6284 (GCVE-0-2007-6284)
Vulnerability from cvelistv5
Published
2008-01-12 02:00
Modified
2024-08-07 16:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28439",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28439"
},
{
"name": "GLSA-200801-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-20.xml"
},
{
"name": "28466",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28466"
},
{
"name": "ADV-2008-1033",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1033/references"
},
{
"name": "103201",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103201-1"
},
{
"name": "DSA-1461",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1461"
},
{
"name": "USN-569-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/569-1/"
},
{
"name": "SUSE-SR:2008:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
},
{
"name": "20080329 VMSA-2008-0006 Updated libxml2 service console package",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490306/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:5216",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5216"
},
{
"name": "27248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27248"
},
{
"name": "28444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28444"
},
{
"name": "MDVSA-2008:010",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:010"
},
{
"name": "ADV-2008-0117",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0117"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.xmlsoft.org/news.html"
},
{
"name": "28716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28716"
},
{
"name": "28740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28740"
},
{
"name": "[xml] 20080111 Security flaw affecting all previous libxml2 releases",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/xml/2008-January/msg00036.html"
},
{
"name": "FEDORA-2008-0462",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00379.html"
},
{
"name": "28475",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28475"
},
{
"name": "oval:org.mitre.oval:def:11594",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11594"
},
{
"name": "20080115 rPSA-2008-0017-1 libxml2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486410/100/0/threaded"
},
{
"name": "APPLE-SA-2008-07-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-047.htm"
},
{
"name": "ADV-2008-0144",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0144"
},
{
"name": "28458",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28458"
},
{
"name": "29591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29591"
},
{
"name": "ADV-2008-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"name": "28636",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28636"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-050.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2121"
},
{
"name": "[Security-announce] 20080328 VMSA-2008-0006 Updated libxml2 service console package",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000009.html"
},
{
"name": "RHSA-2008:0032",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0032.html"
},
{
"name": "FEDORA-2008-0477",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00396.html"
},
{
"name": "28470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28470"
},
{
"name": "201514",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201514-1"
},
{
"name": "28450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28450"
},
{
"name": "31074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31074"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=425927"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=202628"
},
{
"name": "28452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28452"
},
{
"name": "1019181",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019181"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "28439",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28439"
},
{
"name": "GLSA-200801-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-20.xml"
},
{
"name": "28466",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28466"
},
{
"name": "ADV-2008-1033",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1033/references"
},
{
"name": "103201",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103201-1"
},
{
"name": "DSA-1461",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1461"
},
{
"name": "USN-569-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/569-1/"
},
{
"name": "SUSE-SR:2008:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
},
{
"name": "20080329 VMSA-2008-0006 Updated libxml2 service console package",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490306/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:5216",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5216"
},
{
"name": "27248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27248"
},
{
"name": "28444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28444"
},
{
"name": "MDVSA-2008:010",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:010"
},
{
"name": "ADV-2008-0117",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0117"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.xmlsoft.org/news.html"
},
{
"name": "28716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28716"
},
{
"name": "28740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28740"
},
{
"name": "[xml] 20080111 Security flaw affecting all previous libxml2 releases",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.gnome.org/archives/xml/2008-January/msg00036.html"
},
{
"name": "FEDORA-2008-0462",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00379.html"
},
{
"name": "28475",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28475"
},
{
"name": "oval:org.mitre.oval:def:11594",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11594"
},
{
"name": "20080115 rPSA-2008-0017-1 libxml2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486410/100/0/threaded"
},
{
"name": "APPLE-SA-2008-07-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-047.htm"
},
{
"name": "ADV-2008-0144",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0144"
},
{
"name": "28458",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28458"
},
{
"name": "29591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29591"
},
{
"name": "ADV-2008-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"name": "28636",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28636"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-050.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2121"
},
{
"name": "[Security-announce] 20080328 VMSA-2008-0006 Updated libxml2 service console package",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000009.html"
},
{
"name": "RHSA-2008:0032",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0032.html"
},
{
"name": "FEDORA-2008-0477",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00396.html"
},
{
"name": "28470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28470"
},
{
"name": "201514",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201514-1"
},
{
"name": "28450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28450"
},
{
"name": "31074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31074"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=425927"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=202628"
},
{
"name": "28452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28452"
},
{
"name": "1019181",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019181"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-6284",
"datePublished": "2008-01-12T02:00:00",
"dateReserved": "2007-12-10T00:00:00",
"dateUpdated": "2024-08-07T16:02:36.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1291 (GCVE-0-2008-1291)
Vulnerability from cvelistv5
Published
2008-03-24 17:00
Modified
2024-08-07 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:33.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200803-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml"
},
{
"name": "29460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29460"
},
{
"name": "29176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29176"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380"
},
{
"name": "ADV-2008-0734",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0734/references"
},
{
"name": "28055",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28055"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-08-20T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200803-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml"
},
{
"name": "29460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29460"
},
{
"name": "29176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29176"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380"
},
{
"name": "ADV-2008-0734",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0734/references"
},
{
"name": "28055",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28055"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200803-29",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml"
},
{
"name": "29460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29460"
},
{
"name": "29176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29176"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380"
},
{
"name": "ADV-2008-0734",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0734/references"
},
{
"name": "28055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28055"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=212288",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288"
},
{
"name": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1291",
"datePublished": "2008-03-24T17:00:00",
"dateReserved": "2008-03-12T00:00:00",
"dateUpdated": "2024-08-07T08:17:33.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6560 (GCVE-0-2008-6560)
Vulnerability from cvelistv5
Published
2009-03-31 10:00
Modified
2024-08-07 11:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cman-clusterconf-dos(49832)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49832"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.fedorahosted.org/git/cluster.git?p=cluster.git%3Ba=commitdiff%3Bh=67fee9128e54c6c3fc3eae306b5b501f3029c3be"
},
{
"name": "FEDORA-2008-9458",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html"
},
{
"name": "USN-875-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-875-1"
},
{
"name": "FEDORA-2008-9458",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=468966"
},
{
"name": "FEDORA-2008-9458",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cman-clusterconf-dos(49832)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49832"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.fedorahosted.org/git/cluster.git?p=cluster.git%3Ba=commitdiff%3Bh=67fee9128e54c6c3fc3eae306b5b501f3029c3be"
},
{
"name": "FEDORA-2008-9458",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html"
},
{
"name": "USN-875-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-875-1"
},
{
"name": "FEDORA-2008-9458",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=468966"
},
{
"name": "FEDORA-2008-9458",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cman-clusterconf-dos(49832)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49832"
},
{
"name": "http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=67fee9128e54c6c3fc3eae306b5b501f3029c3be",
"refsource": "CONFIRM",
"url": "http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=67fee9128e54c6c3fc3eae306b5b501f3029c3be"
},
{
"name": "FEDORA-2008-9458",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html"
},
{
"name": "USN-875-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-875-1"
},
{
"name": "FEDORA-2008-9458",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=468966",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=468966"
},
{
"name": "FEDORA-2008-9458",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6560",
"datePublished": "2009-03-31T10:00:00",
"dateReserved": "2009-03-30T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1292 (GCVE-0-2008-1292)
Vulnerability from cvelistv5
Published
2008-03-24 17:00
Modified
2024-08-07 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200803-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml"
},
{
"name": "29460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29460"
},
{
"name": "29176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29176"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380"
},
{
"name": "ADV-2008-0734",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0734/references"
},
{
"name": "28055",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28055"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-08-20T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200803-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml"
},
{
"name": "29460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29460"
},
{
"name": "29176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29176"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380"
},
{
"name": "ADV-2008-0734",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0734/references"
},
{
"name": "28055",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28055"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200803-29",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml"
},
{
"name": "29460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29460"
},
{
"name": "29176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29176"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380"
},
{
"name": "ADV-2008-0734",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0734/references"
},
{
"name": "28055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28055"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=212288",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288"
},
{
"name": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1292",
"datePublished": "2008-03-24T17:00:00",
"dateReserved": "2008-03-12T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5962 (GCVE-0-2007-5962)
Vulnerability from cvelistv5
Published
2008-05-22 10:00
Modified
2024-08-07 15:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0185"
},
{
"name": "FEDORA-2008-4347",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00681.html"
},
{
"name": "30341",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30341"
},
{
"name": "5814",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5814"
},
{
"name": "30354",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30354"
},
{
"name": "RHSA-2008:0295",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0295.html"
},
{
"name": "FEDORA-2008-4362",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00691.html"
},
{
"name": "[oss-security] 20080521 Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/21/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=397011"
},
{
"name": "vsftpd-denyfile-dos(42593)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42593"
},
{
"name": "FEDORA-2008-4373",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00699.html"
},
{
"name": "ADV-2008-1600",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1600"
},
{
"name": "[oss-security] 20080521 Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/21/12"
},
{
"name": "29322",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29322"
},
{
"name": "oval:org.mitre.oval:def:8850",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8850"
},
{
"name": "[oss-security] 20080521 vsftpd CVE-2007-5962 (Red Hat / Fedora specific)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/21/8"
},
{
"name": "20080606 rPSA-2008-0185-1 vsftpd",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493167/100/0/threaded"
},
{
"name": "1020079",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020079"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0185"
},
{
"name": "FEDORA-2008-4347",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00681.html"
},
{
"name": "30341",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30341"
},
{
"name": "5814",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5814"
},
{
"name": "30354",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30354"
},
{
"name": "RHSA-2008:0295",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0295.html"
},
{
"name": "FEDORA-2008-4362",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00691.html"
},
{
"name": "[oss-security] 20080521 Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/21/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=397011"
},
{
"name": "vsftpd-denyfile-dos(42593)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42593"
},
{
"name": "FEDORA-2008-4373",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00699.html"
},
{
"name": "ADV-2008-1600",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1600"
},
{
"name": "[oss-security] 20080521 Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/21/12"
},
{
"name": "29322",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29322"
},
{
"name": "oval:org.mitre.oval:def:8850",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8850"
},
{
"name": "[oss-security] 20080521 vsftpd CVE-2007-5962 (Red Hat / Fedora specific)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/21/8"
},
{
"name": "20080606 rPSA-2008-0185-1 vsftpd",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493167/100/0/threaded"
},
{
"name": "1020079",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020079"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-5962",
"datePublished": "2008-05-22T10:00:00",
"dateReserved": "2007-11-14T00:00:00",
"dateUpdated": "2024-08-07T15:47:00.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0008 (GCVE-0-2008-0008)
Vulnerability from cvelistv5
Published
2008-01-28 23:00
Modified
2024-08-07 07:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:23.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:027",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:027"
},
{
"name": "27449",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27449"
},
{
"name": "28623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28623"
},
{
"name": "[pulseaudio-discuss] 20080124 [ANNOUNCE] PulseAudio 0.9.9",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pulseaudio.org/changeset/2100"
},
{
"name": "ADV-2008-0283",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0283"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207214"
},
{
"name": "DSA-1476",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1476"
},
{
"name": "FEDORA-2008-0963",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=425481"
},
{
"name": "GLSA-200802-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-07.xml"
},
{
"name": "FEDORA-2008-0994",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html"
},
{
"name": "28738",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28738"
},
{
"name": "pulseaudio-padroproot-privilege-escalation(39992)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39992"
},
{
"name": "USN-573-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-573-1"
},
{
"name": "28952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28952"
},
{
"name": "28608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28608"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=347822"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2008:027",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:027"
},
{
"name": "27449",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27449"
},
{
"name": "28623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28623"
},
{
"name": "[pulseaudio-discuss] 20080124 [ANNOUNCE] PulseAudio 0.9.9",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pulseaudio.org/changeset/2100"
},
{
"name": "ADV-2008-0283",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0283"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207214"
},
{
"name": "DSA-1476",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1476"
},
{
"name": "FEDORA-2008-0963",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=425481"
},
{
"name": "GLSA-200802-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-07.xml"
},
{
"name": "FEDORA-2008-0994",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html"
},
{
"name": "28738",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28738"
},
{
"name": "pulseaudio-padroproot-privilege-escalation(39992)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39992"
},
{
"name": "USN-573-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-573-1"
},
{
"name": "28952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28952"
},
{
"name": "28608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28608"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=347822"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-0008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2008:027",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:027"
},
{
"name": "27449",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27449"
},
{
"name": "28623",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28623"
},
{
"name": "[pulseaudio-discuss] 20080124 [ANNOUNCE] PulseAudio 0.9.9",
"refsource": "MLIST",
"url": "https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html"
},
{
"name": "http://pulseaudio.org/changeset/2100",
"refsource": "CONFIRM",
"url": "http://pulseaudio.org/changeset/2100"
},
{
"name": "ADV-2008-0283",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0283"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=207214",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207214"
},
{
"name": "DSA-1476",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1476"
},
{
"name": "FEDORA-2008-0963",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=425481",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=425481"
},
{
"name": "GLSA-200802-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200802-07.xml"
},
{
"name": "FEDORA-2008-0994",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html"
},
{
"name": "28738",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28738"
},
{
"name": "pulseaudio-padroproot-privilege-escalation(39992)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39992"
},
{
"name": "USN-573-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-573-1"
},
{
"name": "28952",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28952"
},
{
"name": "28608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28608"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=347822",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=347822"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-0008",
"datePublished": "2008-01-28T23:00:00",
"dateReserved": "2007-12-03T00:00:00",
"dateUpdated": "2024-08-07T07:32:23.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3080 (GCVE-0-2009-3080)
Vulnerability from cvelistv5
Published
2009-11-20 17:00
Modified
2024-08-07 06:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:55.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38276"
},
{
"name": "MDVSA-2010:030",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:030"
},
{
"name": "SUSE-SA:2009:061",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
},
{
"name": "USN-864-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-864-1"
},
{
"name": "SUSE-SA:2010:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
},
{
"name": "37435",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37435"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/css/P8/documents/100073666"
},
{
"name": "37720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37720"
},
{
"name": "37909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37909"
},
{
"name": "RHSA-2010:0882",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0882.html"
},
{
"name": "MDVSA-2011:051",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051"
},
{
"name": "SUSE-SA:2009:064",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8"
},
{
"name": "oval:org.mitre.oval:def:7101",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7101"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
},
{
"name": "SUSE-SA:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html"
},
{
"name": "37068",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37068"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "SUSE-SA:2010:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
},
{
"name": "RHSA-2010:0046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
},
{
"name": "oval:org.mitre.oval:def:12862",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12862"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=690e744869f3262855b83b4fb59199cf142765b0"
},
{
"name": "DSA-2005",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2005"
},
{
"name": "FEDORA-2009-13098",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00777.html"
},
{
"name": "oval:org.mitre.oval:def:10989",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10989"
},
{
"name": "RHSA-2010:0041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0041.html"
},
{
"name": "38017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "38276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38276"
},
{
"name": "MDVSA-2010:030",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:030"
},
{
"name": "SUSE-SA:2009:061",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
},
{
"name": "USN-864-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-864-1"
},
{
"name": "SUSE-SA:2010:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
},
{
"name": "37435",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37435"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/css/P8/documents/100073666"
},
{
"name": "37720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37720"
},
{
"name": "37909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37909"
},
{
"name": "RHSA-2010:0882",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0882.html"
},
{
"name": "MDVSA-2011:051",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051"
},
{
"name": "SUSE-SA:2009:064",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8"
},
{
"name": "oval:org.mitre.oval:def:7101",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7101"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
},
{
"name": "SUSE-SA:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html"
},
{
"name": "37068",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37068"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "SUSE-SA:2010:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
},
{
"name": "RHSA-2010:0046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
},
{
"name": "oval:org.mitre.oval:def:12862",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12862"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=690e744869f3262855b83b4fb59199cf142765b0"
},
{
"name": "DSA-2005",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2005"
},
{
"name": "FEDORA-2009-13098",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00777.html"
},
{
"name": "oval:org.mitre.oval:def:10989",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10989"
},
{
"name": "RHSA-2010:0041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0041.html"
},
{
"name": "38017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38017"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3080",
"datePublished": "2009-11-20T17:00:00",
"dateReserved": "2009-09-04T00:00:00",
"dateUpdated": "2024-08-07T06:14:55.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19139 (GCVE-0-2018-19139)
Vulnerability from cvelistv5
Published
2018-11-09 21:00
Modified
2024-08-05 11:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190102 [SECURITY] [DLA 1628-1] jasper security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mdadams/jasper/issues/188"
},
{
"name": "105956",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105956"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "openSUSE-SU-2020:1517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html"
},
{
"name": "openSUSE-SU-2020:1523",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T11:06:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20190102 [SECURITY] [DLA 1628-1] jasper security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mdadams/jasper/issues/188"
},
{
"name": "105956",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105956"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "openSUSE-SU-2020:1517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html"
},
{
"name": "openSUSE-SU-2020:1523",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190102 [SECURITY] [DLA 1628-1] jasper security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html"
},
{
"name": "https://github.com/mdadams/jasper/issues/188",
"refsource": "MISC",
"url": "https://github.com/mdadams/jasper/issues/188"
},
{
"name": "105956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105956"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "openSUSE-SU-2020:1517",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html"
},
{
"name": "openSUSE-SU-2020:1523",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19139",
"datePublished": "2018-11-09T21:00:00",
"dateReserved": "2018-11-09T00:00:00",
"dateUpdated": "2024-08-05T11:30:04.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6755 (GCVE-0-2008-6755)
Vulnerability from cvelistv5
Published
2009-04-27 22:00
Modified
2024-08-07 11:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2008-11484",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00204.html"
},
{
"name": "zoneminder-etczmconf-security-bypass(50324)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50324"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=476529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2008-11484",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00204.html"
},
{
"name": "zoneminder-etczmconf-security-bypass(50324)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50324"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=476529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2008-11484",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00204.html"
},
{
"name": "zoneminder-etczmconf-security-bypass(50324)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50324"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=476529",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=476529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6755",
"datePublished": "2009-04-27T22:00:00",
"dateReserved": "2009-04-27T00:00:00",
"dateUpdated": "2024-08-07T11:42:00.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0932 (GCVE-0-2008-0932)
Vulnerability from cvelistv5
Published
2008-02-25 21:00
Modified
2024-08-07 08:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2008-1922",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00769.html"
},
{
"name": "FEDORA-2008-1951",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00806.html"
},
{
"name": "DSA-1508",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1508"
},
{
"name": "27874",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27874"
},
{
"name": "29012",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29012"
},
{
"name": "29115",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29115"
},
{
"name": "ADV-2008-0670",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0670/references"
},
{
"name": "GLSA-200803-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449"
},
{
"name": "29181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29181"
},
{
"name": "25400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25400"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=433723"
},
{
"name": "27987",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27987"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-29T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2008-1922",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00769.html"
},
{
"name": "FEDORA-2008-1951",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00806.html"
},
{
"name": "DSA-1508",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1508"
},
{
"name": "27874",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27874"
},
{
"name": "29012",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29012"
},
{
"name": "29115",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29115"
},
{
"name": "ADV-2008-0670",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0670/references"
},
{
"name": "GLSA-200803-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449"
},
{
"name": "29181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29181"
},
{
"name": "25400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25400"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=433723"
},
{
"name": "27987",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27987"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2008-1922",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00769.html"
},
{
"name": "FEDORA-2008-1951",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00806.html"
},
{
"name": "DSA-1508",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1508"
},
{
"name": "27874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27874"
},
{
"name": "29012",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29012"
},
{
"name": "29115",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29115"
},
{
"name": "ADV-2008-0670",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0670/references"
},
{
"name": "GLSA-200803-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-06.xml"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449"
},
{
"name": "29181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29181"
},
{
"name": "25400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25400"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=433723",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=433723"
},
{
"name": "27987",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27987"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0932",
"datePublished": "2008-02-25T21:00:00",
"dateReserved": "2008-02-25T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1011 (GCVE-0-2011-1011)
Vulnerability from cvelistv5
Published
2011-02-24 20:00
Modified
2024-08-06 22:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:26.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=633544"
},
{
"name": "44034",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44034"
},
{
"name": "20110222 Developers should not rely on the stickiness of /tmp on Red Hat Linux",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0585.html"
},
{
"name": "1025291",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025291"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git%3Ba=blob%3Bf=policycoreutils-rhat.patch%3Bh=d4db5bc06027de23d12a4b3f18fa6f9b1517df27%3Bhb=HEAD#l2197"
},
{
"name": "policycoreutils-seunshare-symlink(65641)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65641"
},
{
"name": "43844",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43844"
},
{
"name": "ADV-2011-0701",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0701"
},
{
"name": "FEDORA-2011-3043",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056227.html"
},
{
"name": "RHSA-2011:0414",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0414.html"
},
{
"name": "ADV-2011-0864",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0864"
},
{
"name": "46510",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46510"
},
{
"name": "[oss-security] 20110222 CVE Request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/23/1"
},
{
"name": "43415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43415"
},
{
"name": "[oss-security] 20110223 Re: CVE Request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/23/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=633544"
},
{
"name": "44034",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44034"
},
{
"name": "20110222 Developers should not rely on the stickiness of /tmp on Red Hat Linux",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0585.html"
},
{
"name": "1025291",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025291"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git%3Ba=blob%3Bf=policycoreutils-rhat.patch%3Bh=d4db5bc06027de23d12a4b3f18fa6f9b1517df27%3Bhb=HEAD#l2197"
},
{
"name": "policycoreutils-seunshare-symlink(65641)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65641"
},
{
"name": "43844",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43844"
},
{
"name": "ADV-2011-0701",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0701"
},
{
"name": "FEDORA-2011-3043",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056227.html"
},
{
"name": "RHSA-2011:0414",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0414.html"
},
{
"name": "ADV-2011-0864",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0864"
},
{
"name": "46510",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46510"
},
{
"name": "[oss-security] 20110222 CVE Request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/23/1"
},
{
"name": "43415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43415"
},
{
"name": "[oss-security] 20110223 Re: CVE Request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/23/2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1011",
"datePublished": "2011-02-24T20:00:00",
"dateReserved": "2011-02-14T00:00:00",
"dateUpdated": "2024-08-06T22:14:26.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1796 (GCVE-0-2008-1796)
Vulnerability from cvelistv5
Published
2008-04-15 17:00
Modified
2024-08-07 08:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200804-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-29.xml"
},
{
"name": "FEDORA-2008-2981",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html"
},
{
"name": "comix-temporary-directories-dos(41854)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41854"
},
{
"name": "FEDORA-2008-2993",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html"
},
{
"name": "29956",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29956"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200804-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-29.xml"
},
{
"name": "FEDORA-2008-2981",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html"
},
{
"name": "comix-temporary-directories-dos(41854)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41854"
},
{
"name": "FEDORA-2008-2993",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html"
},
{
"name": "29956",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29956"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200804-29",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-29.xml"
},
{
"name": "FEDORA-2008-2981",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html"
},
{
"name": "comix-temporary-directories-dos(41854)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41854"
},
{
"name": "FEDORA-2008-2993",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html"
},
{
"name": "29956",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29956"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1796",
"datePublished": "2008-04-15T17:00:00",
"dateReserved": "2008-04-15T00:00:00",
"dateUpdated": "2024-08-07T08:32:01.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0008 (GCVE-0-2011-0008)
Vulnerability from cvelistv5
Published
2011-01-20 18:00
Modified
2024-08-06 21:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:02.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2011:018",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:018"
},
{
"name": "FEDORA-2011-0470",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html"
},
{
"name": "ADV-2011-0199",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0199"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=668843"
},
{
"name": "sudo-parse-privilege-escalation(64965)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64965"
},
{
"name": "FEDORA-2011-0455",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html"
},
{
"name": "ADV-2011-0195",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0195"
},
{
"name": "42968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42968"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2011:018",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:018"
},
{
"name": "FEDORA-2011-0470",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html"
},
{
"name": "ADV-2011-0199",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0199"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=668843"
},
{
"name": "sudo-parse-privilege-escalation(64965)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64965"
},
{
"name": "FEDORA-2011-0455",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html"
},
{
"name": "ADV-2011-0195",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0195"
},
{
"name": "42968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42968"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0008",
"datePublished": "2011-01-20T18:00:00",
"dateReserved": "2010-12-07T00:00:00",
"dateUpdated": "2024-08-06T21:36:02.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3524 (GCVE-0-2008-3524)
Vulnerability from cvelistv5
Published
2008-09-29 17:00
Modified
2024-08-07 09:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:18.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31385",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31385"
},
{
"name": "FEDORA-2008-7667",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01135.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458504"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458652"
},
{
"name": "initscripts-rcsysinit-symlink(45402)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45402"
},
{
"name": "32710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32710"
},
{
"name": "32037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32037"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2857"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0318"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "31385",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31385"
},
{
"name": "FEDORA-2008-7667",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01135.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458504"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458652"
},
{
"name": "initscripts-rcsysinit-symlink(45402)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45402"
},
{
"name": "32710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32710"
},
{
"name": "32037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32037"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2857"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0318"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-3524",
"datePublished": "2008-09-29T17:00:00",
"dateReserved": "2008-08-07T00:00:00",
"dateUpdated": "2024-08-07T09:45:18.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0668 (GCVE-0-2008-0668)
Vulnerability from cvelistv5
Published
2008-02-11 20:00
Modified
2024-08-07 07:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:22.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-0462",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0462"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gnome.org/projects/gnumeric/announcements/1.8/gnumeric-1.8.1.shtml"
},
{
"name": "28948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28948"
},
{
"name": "FEDORA-2008-1313",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00114.html"
},
{
"name": "USN-604-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-604-1"
},
{
"name": "MDVSA-2008:056",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:056"
},
{
"name": "SUSE-SR:2008:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html"
},
{
"name": "DSA-1546",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1546"
},
{
"name": "27536",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27536"
},
{
"name": "29896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29896"
},
{
"name": "29702",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29702"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=505330"
},
{
"name": "28799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28799"
},
{
"name": "FEDORA-2008-1403",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00227.html"
},
{
"name": "GLSA-200802-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-05.xml"
},
{
"name": "28725",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28725/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=208356"
},
{
"name": "31339",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31339"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-0462",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0462"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gnome.org/projects/gnumeric/announcements/1.8/gnumeric-1.8.1.shtml"
},
{
"name": "28948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28948"
},
{
"name": "FEDORA-2008-1313",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00114.html"
},
{
"name": "USN-604-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-604-1"
},
{
"name": "MDVSA-2008:056",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:056"
},
{
"name": "SUSE-SR:2008:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html"
},
{
"name": "DSA-1546",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1546"
},
{
"name": "27536",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27536"
},
{
"name": "29896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29896"
},
{
"name": "29702",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29702"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=505330"
},
{
"name": "28799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28799"
},
{
"name": "FEDORA-2008-1403",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00227.html"
},
{
"name": "GLSA-200802-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-05.xml"
},
{
"name": "28725",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28725/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=208356"
},
{
"name": "31339",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31339"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0462",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0462"
},
{
"name": "http://www.gnome.org/projects/gnumeric/announcements/1.8/gnumeric-1.8.1.shtml",
"refsource": "CONFIRM",
"url": "http://www.gnome.org/projects/gnumeric/announcements/1.8/gnumeric-1.8.1.shtml"
},
{
"name": "28948",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28948"
},
{
"name": "FEDORA-2008-1313",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00114.html"
},
{
"name": "USN-604-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-604-1"
},
{
"name": "MDVSA-2008:056",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:056"
},
{
"name": "SUSE-SR:2008:016",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html"
},
{
"name": "DSA-1546",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1546"
},
{
"name": "27536",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27536"
},
{
"name": "29896",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29896"
},
{
"name": "29702",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29702"
},
{
"name": "http://bugzilla.gnome.org/show_bug.cgi?id=505330",
"refsource": "CONFIRM",
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=505330"
},
{
"name": "28799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28799"
},
{
"name": "FEDORA-2008-1403",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00227.html"
},
{
"name": "GLSA-200802-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200802-05.xml"
},
{
"name": "28725",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28725/"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=208356",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=208356"
},
{
"name": "31339",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31339"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0668",
"datePublished": "2008-02-11T20:00:00",
"dateReserved": "2008-02-11T00:00:00",
"dateUpdated": "2024-08-07T07:54:22.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4695 (GCVE-0-2010-4695)
Vulnerability from cvelistv5
Published
2011-01-14 17:00
Modified
2024-08-07 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png_2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote attackers to create PNG files in unintended directories via a crafted command-line argument, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:34.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201203-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-15.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras\u0026r1=1.1\u0026r2=1.2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=547515"
},
{
"name": "gif2png-pathname-file-creation(64819)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64819"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras\u0026view=log"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978"
},
{
"name": "45920",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45920"
},
{
"name": "FEDORA-2010-0358",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png_2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote attackers to create PNG files in unintended directories via a crafted command-line argument, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201203-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-15.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras\u0026r1=1.1\u0026r2=1.2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=547515"
},
{
"name": "gif2png-pathname-file-creation(64819)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64819"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras\u0026view=log"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978"
},
{
"name": "45920",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45920"
},
{
"name": "FEDORA-2010-0358",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png_2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote attackers to create PNG files in unintended directories via a crafted command-line argument, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201203-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201203-15.xml"
},
{
"name": "http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras\u0026r1=1.1\u0026r2=1.2",
"refsource": "CONFIRM",
"url": "http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras\u0026r1=1.1\u0026r2=1.2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=547515",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=547515"
},
{
"name": "gif2png-pathname-file-creation(64819)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64819"
},
{
"name": "http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras\u0026view=log",
"refsource": "CONFIRM",
"url": "http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras\u0026view=log"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978"
},
{
"name": "45920",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45920"
},
{
"name": "FEDORA-2010-0358",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4695",
"datePublished": "2011-01-14T17:00:00",
"dateReserved": "2011-01-14T00:00:00",
"dateUpdated": "2024-08-07T03:55:34.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0180 (GCVE-0-2009-0180)
Vulnerability from cvelistv5
Published
2009-01-20 16:00
Modified
2024-08-07 04:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedora 9, and before 1.1.4-6.fc10 on Fedora 10, omit TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions, possibly a related issue to CVE-2008-1376.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=477864"
},
{
"name": "33294",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33294"
},
{
"name": "nfsutils-tcpwrapper-security-bypass(48058)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48058"
},
{
"name": "FEDORA-2009-0297",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00526.html"
},
{
"name": "FEDORA-2009-0266",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00376.html"
},
{
"name": "33545",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33545"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedora 9, and before 1.1.4-6.fc10 on Fedora 10, omit TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions, possibly a related issue to CVE-2008-1376."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=477864"
},
{
"name": "33294",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33294"
},
{
"name": "nfsutils-tcpwrapper-security-bypass(48058)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48058"
},
{
"name": "FEDORA-2009-0297",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00526.html"
},
{
"name": "FEDORA-2009-0266",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00376.html"
},
{
"name": "33545",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33545"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedora 9, and before 1.1.4-6.fc10 on Fedora 10, omit TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions, possibly a related issue to CVE-2008-1376."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=477864",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=477864"
},
{
"name": "33294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33294"
},
{
"name": "nfsutils-tcpwrapper-security-bypass(48058)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48058"
},
{
"name": "FEDORA-2009-0297",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00526.html"
},
{
"name": "FEDORA-2009-0266",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00376.html"
},
{
"name": "33545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33545"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0180",
"datePublished": "2009-01-20T16:00:00",
"dateReserved": "2009-01-20T00:00:00",
"dateUpdated": "2024-08-07T04:24:18.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1552 (GCVE-0-2008-1552)
Vulnerability from cvelistv5
Published
2008-03-31 17:00
Modified
2024-08-07 08:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.749Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29465",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29465"
},
{
"name": "29622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29622"
},
{
"name": "SUSE-SR:2008:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"name": "1019690",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019690"
},
{
"name": "GLSA-200804-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-27.xml"
},
{
"name": "3795",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3795"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://silcnet.org/general/news/?item=server_20080320_1"
},
{
"name": "20080325 CORE-2007-1212: SILC pkcs_decode buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490069/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://silcnet.org/general/news/?item=toolkit_20080320_1"
},
{
"name": "29463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29463"
},
{
"name": "FEDORA-2008-2641",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00538.html"
},
{
"name": "ADV-2008-0974",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0974/references"
},
{
"name": "29946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29946"
},
{
"name": "28373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28373"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2206"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://silcnet.org/general/news/?item=client_20080320_1"
},
{
"name": "MDVSA-2008:158",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:158"
},
{
"name": "silc-silcpkcs1decode-bo(41474)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41474"
},
{
"name": "FEDORA-2008-2616",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00513.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the \"underflow\" term in cases of wraparound from unsigned subtraction."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29465",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29465"
},
{
"name": "29622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29622"
},
{
"name": "SUSE-SR:2008:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"name": "1019690",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019690"
},
{
"name": "GLSA-200804-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-27.xml"
},
{
"name": "3795",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3795"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://silcnet.org/general/news/?item=server_20080320_1"
},
{
"name": "20080325 CORE-2007-1212: SILC pkcs_decode buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490069/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://silcnet.org/general/news/?item=toolkit_20080320_1"
},
{
"name": "29463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29463"
},
{
"name": "FEDORA-2008-2641",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00538.html"
},
{
"name": "ADV-2008-0974",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0974/references"
},
{
"name": "29946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29946"
},
{
"name": "28373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28373"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2206"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://silcnet.org/general/news/?item=client_20080320_1"
},
{
"name": "MDVSA-2008:158",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:158"
},
{
"name": "silc-silcpkcs1decode-bo(41474)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41474"
},
{
"name": "FEDORA-2008-2616",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00513.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the \"underflow\" term in cases of wraparound from unsigned subtraction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29465",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29465"
},
{
"name": "29622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29622"
},
{
"name": "SUSE-SR:2008:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"name": "1019690",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019690"
},
{
"name": "GLSA-200804-27",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-27.xml"
},
{
"name": "3795",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3795"
},
{
"name": "http://silcnet.org/general/news/?item=server_20080320_1",
"refsource": "CONFIRM",
"url": "http://silcnet.org/general/news/?item=server_20080320_1"
},
{
"name": "20080325 CORE-2007-1212: SILC pkcs_decode buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490069/100/0/threaded"
},
{
"name": "http://silcnet.org/general/news/?item=toolkit_20080320_1",
"refsource": "CONFIRM",
"url": "http://silcnet.org/general/news/?item=toolkit_20080320_1"
},
{
"name": "29463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29463"
},
{
"name": "FEDORA-2008-2641",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00538.html"
},
{
"name": "ADV-2008-0974",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0974/references"
},
{
"name": "29946",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29946"
},
{
"name": "28373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28373"
},
{
"name": "http://www.coresecurity.com/?action=item\u0026id=2206",
"refsource": "MISC",
"url": "http://www.coresecurity.com/?action=item\u0026id=2206"
},
{
"name": "http://silcnet.org/general/news/?item=client_20080320_1",
"refsource": "CONFIRM",
"url": "http://silcnet.org/general/news/?item=client_20080320_1"
},
{
"name": "MDVSA-2008:158",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:158"
},
{
"name": "silc-silcpkcs1decode-bo(41474)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41474"
},
{
"name": "FEDORA-2008-2616",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00513.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1552",
"datePublished": "2008-03-31T17:00:00",
"dateReserved": "2008-03-31T00:00:00",
"dateUpdated": "2024-08-07T08:24:42.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4134 (GCVE-0-2007-4134)
Vulnerability from cvelistv5
Published
2007-08-30 22:00
Modified
2024-08-07 14:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200710-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200710-23.xml"
},
{
"name": "26626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26626"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-414.htm"
},
{
"name": "26673",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26673"
},
{
"name": "20070907 FLEA-2007-0051-1 star",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/478797/100/200/threaded"
},
{
"name": "oval:org.mitre.oval:def:11098",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11098"
},
{
"name": "RHSA-2007:0873",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0873.html"
},
{
"name": "26857",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26857"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1669"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=189690"
},
{
"name": "1018646",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018646"
},
{
"name": "20070901-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc"
},
{
"name": "26672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26672"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.berlios.de/pub/star/alpha/AN-1.5a84"
},
{
"name": "FEDORA-2007-1852",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-package-announce/2007-August/msg00425.html"
},
{
"name": "27544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27544"
},
{
"name": "27318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27318"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-200710-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200710-23.xml"
},
{
"name": "26626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26626"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-414.htm"
},
{
"name": "26673",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26673"
},
{
"name": "20070907 FLEA-2007-0051-1 star",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/478797/100/200/threaded"
},
{
"name": "oval:org.mitre.oval:def:11098",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11098"
},
{
"name": "RHSA-2007:0873",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0873.html"
},
{
"name": "26857",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26857"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1669"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=189690"
},
{
"name": "1018646",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018646"
},
{
"name": "20070901-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc"
},
{
"name": "26672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26672"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.berlios.de/pub/star/alpha/AN-1.5a84"
},
{
"name": "FEDORA-2007-1852",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-package-announce/2007-August/msg00425.html"
},
{
"name": "27544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27544"
},
{
"name": "27318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27318"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-4134",
"datePublished": "2007-08-30T22:00:00",
"dateReserved": "2007-08-02T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5159 (GCVE-0-2007-5159)
Vulnerability from cvelistv5
Published
2007-10-01 00:00
Modified
2024-09-16 18:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2007-2295",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00368.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=298651"
},
{
"name": "[fedora-desktop-list] 20070918 Re: fuse (Was Re: early-gdm redux)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-desktop-list/2007-September/msg00163.html"
},
{
"name": "26938",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26938"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-01T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2007-2295",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00368.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=298651"
},
{
"name": "[fedora-desktop-list] 20070918 Re: fuse (Was Re: early-gdm redux)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.redhat.com/archives/fedora-desktop-list/2007-September/msg00163.html"
},
{
"name": "26938",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26938"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2007-2295",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00368.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=298651",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=298651"
},
{
"name": "[fedora-desktop-list] 20070918 Re: fuse (Was Re: early-gdm redux)",
"refsource": "MLIST",
"url": "https://www.redhat.com/archives/fedora-desktop-list/2007-September/msg00163.html"
},
{
"name": "26938",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26938"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5159",
"datePublished": "2007-10-01T00:00:00Z",
"dateReserved": "2007-09-30T00:00:00Z",
"dateUpdated": "2024-09-16T18:24:53.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3832 (GCVE-0-2008-3832)
Vulnerability from cvelistv5
Published
2008-10-03 17:18
Modified
2024-08-07 09:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31536",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31536"
},
{
"name": "[oss-security] 20081002 CVE-2008-3832 kernel: null pointer dereference in utrace_control",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/02/1"
},
{
"name": "fedora-utracecontrol-dos(45644)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45644"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kerneloops.org/oops.php?number=56705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=464883"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "31536",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31536"
},
{
"name": "[oss-security] 20081002 CVE-2008-3832 kernel: null pointer dereference in utrace_control",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/02/1"
},
{
"name": "fedora-utracecontrol-dos(45644)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45644"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kerneloops.org/oops.php?number=56705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=464883"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-3832",
"datePublished": "2008-10-03T17:18:00",
"dateReserved": "2008-08-27T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1573 (GCVE-0-2009-1573)
Vulnerability from cvelistv5
Published
2009-05-06 17:00
Modified
2024-08-07 05:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:34.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20090505 CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/05/2"
},
{
"name": "[oss-security] 20090505 Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/05/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678"
},
{
"name": "39834",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39834"
},
{
"name": "34828",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34828"
},
{
"name": "xvfbrun-magiccookie-info-disclosure(50348)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50348"
},
{
"name": "ADV-2010-1185",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1185"
},
{
"name": "USN-939-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-939-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20090505 CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/05/2"
},
{
"name": "[oss-security] 20090505 Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/05/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678"
},
{
"name": "39834",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39834"
},
{
"name": "34828",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34828"
},
{
"name": "xvfbrun-magiccookie-info-disclosure(50348)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50348"
},
{
"name": "ADV-2010-1185",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1185"
},
{
"name": "USN-939-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-939-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090505 CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/05/05/2"
},
{
"name": "[oss-security] 20090505 Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/05/05/4"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678"
},
{
"name": "39834",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39834"
},
{
"name": "34828",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34828"
},
{
"name": "xvfbrun-magiccookie-info-disclosure(50348)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50348"
},
{
"name": "ADV-2010-1185",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1185"
},
{
"name": "USN-939-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-939-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1573",
"datePublished": "2009-05-06T17:00:00",
"dateReserved": "2009-05-06T00:00:00",
"dateUpdated": "2024-08-07T05:20:34.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0073 (GCVE-0-2008-0073)
Vulnerability from cvelistv5
Published
2008-03-24 22:00
Modified
2024-08-07 07:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:23.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2008-10/"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "GLSA-200808-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-01.xml"
},
{
"name": "SSA:2008-089-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.392408"
},
{
"name": "28312",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28312"
},
{
"name": "xinelib-sdpplinparse-bo(41339)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41339"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "FEDORA-2008-2945",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html"
},
{
"name": "SUSE-SR:2008:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"name": "29392",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29392"
},
{
"name": "FEDORA-2008-2569",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=585488\u0026group_id=9655"
},
{
"name": "28694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28694"
},
{
"name": "29740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29740"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "31393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31393"
},
{
"name": "SUSE-SR:2008:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xinehq.de/index.php/news"
},
{
"name": "29601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29601"
},
{
"name": "MDVSA-2008:178",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "ADV-2008-0923",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0923"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "MDVSA-2008:219",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:219"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29766"
},
{
"name": "1019682",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019682"
},
{
"name": "29503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29503"
},
{
"name": "29472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29472"
},
{
"name": "DSA-1536",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1536"
},
{
"name": "29578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29578"
},
{
"name": "ADV-2008-0985",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"name": "31372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31372"
},
{
"name": "USN-635-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"name": "30581",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2008-10/"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "GLSA-200808-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-01.xml"
},
{
"name": "SSA:2008-089-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.392408"
},
{
"name": "28312",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28312"
},
{
"name": "xinelib-sdpplinparse-bo(41339)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41339"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "FEDORA-2008-2945",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html"
},
{
"name": "SUSE-SR:2008:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"name": "29392",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29392"
},
{
"name": "FEDORA-2008-2569",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=585488\u0026group_id=9655"
},
{
"name": "28694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28694"
},
{
"name": "29740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29740"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "31393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31393"
},
{
"name": "SUSE-SR:2008:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xinehq.de/index.php/news"
},
{
"name": "29601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29601"
},
{
"name": "MDVSA-2008:178",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "ADV-2008-0923",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0923"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "MDVSA-2008:219",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:219"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29766"
},
{
"name": "1019682",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019682"
},
{
"name": "29503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29503"
},
{
"name": "29472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29472"
},
{
"name": "DSA-1536",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1536"
},
{
"name": "29578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29578"
},
{
"name": "ADV-2008-0985",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"name": "31372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31372"
},
{
"name": "USN-635-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"name": "30581",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2008-0073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/secunia_research/2008-10/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-10/"
},
{
"name": "DSA-1543",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "GLSA-200808-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-01.xml"
},
{
"name": "SSA:2008-089-03",
"refsource": "SLACKWARE",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.392408"
},
{
"name": "28312",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28312"
},
{
"name": "xinelib-sdpplinparse-bo(41339)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41339"
},
{
"name": "http://www.videolan.org/security/sa0803.php",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "FEDORA-2008-2945",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html"
},
{
"name": "SUSE-SR:2008:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"name": "29392",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29392"
},
{
"name": "FEDORA-2008-2569",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=585488\u0026group_id=9655",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=585488\u0026group_id=9655"
},
{
"name": "28694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28694"
},
{
"name": "29740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29740"
},
{
"name": "GLSA-200804-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "31393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31393"
},
{
"name": "SUSE-SR:2008:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html"
},
{
"name": "http://xinehq.de/index.php/news",
"refsource": "CONFIRM",
"url": "http://xinehq.de/index.php/news"
},
{
"name": "29601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29601"
},
{
"name": "MDVSA-2008:178",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"name": "http://wiki.videolan.org/Changelog/0.8.6f",
"refsource": "CONFIRM",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "ADV-2008-0923",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0923"
},
{
"name": "29800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29800"
},
{
"name": "MDVSA-2008:219",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:219"
},
{
"name": "29766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29766"
},
{
"name": "1019682",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019682"
},
{
"name": "29503",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29503"
},
{
"name": "29472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29472"
},
{
"name": "DSA-1536",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1536"
},
{
"name": "29578",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29578"
},
{
"name": "ADV-2008-0985",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"name": "31372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31372"
},
{
"name": "USN-635-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"name": "30581",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2008-0073",
"datePublished": "2008-03-24T22:00:00",
"dateReserved": "2008-01-03T00:00:00",
"dateUpdated": "2024-08-07T07:32:23.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1290 (GCVE-0-2008-1290)
Vulnerability from cvelistv5
Published
2008-03-24 17:00
Modified
2024-08-07 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:33.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200803-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml"
},
{
"name": "29460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29460"
},
{
"name": "29176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29176"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380"
},
{
"name": "ADV-2008-0734",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0734/references"
},
{
"name": "28055",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28055"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ViewVC before 1.0.5 includes \"all-forbidden\" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-08-20T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200803-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml"
},
{
"name": "29460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29460"
},
{
"name": "29176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29176"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380"
},
{
"name": "ADV-2008-0734",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0734/references"
},
{
"name": "28055",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28055"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ViewVC before 1.0.5 includes \"all-forbidden\" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200803-29",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml"
},
{
"name": "29460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29460"
},
{
"name": "29176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29176"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380"
},
{
"name": "ADV-2008-0734",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0734/references"
},
{
"name": "28055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28055"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=212288",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288"
},
{
"name": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1290",
"datePublished": "2008-03-24T17:00:00",
"dateReserved": "2008-03-12T00:00:00",
"dateUpdated": "2024-08-07T08:17:33.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2808 (GCVE-0-2008-2808)
Vulnerability from cvelistv5
Published
2008-07-07 23:00
Modified
2024-08-07 09:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:14.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SA:2008:034",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html"
},
{
"name": "RHSA-2008:0549",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html"
},
{
"name": "DSA-1697",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1697"
},
{
"name": "31021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31021"
},
{
"name": "oval:org.mitre.oval:def:9668",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9668"
},
{
"name": "30898",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30898"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2646"
},
{
"name": "30949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30949"
},
{
"name": "SSA:2008-191-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.383152"
},
{
"name": "ADV-2009-0977",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0977"
},
{
"name": "31069",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31069"
},
{
"name": "31008",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31008"
},
{
"name": "31377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31377"
},
{
"name": "RHSA-2008:0616",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html"
},
{
"name": "ADV-2008-1993",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1993/references"
},
{
"name": "31023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31023"
},
{
"name": "30038",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30038"
},
{
"name": "DSA-1607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1607"
},
{
"name": "GLSA-200808-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
},
{
"name": "31005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31005"
},
{
"name": "33433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33433"
},
{
"name": "FEDORA-2008-6127",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html"
},
{
"name": "1020419",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020419"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15"
},
{
"name": "31183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31183"
},
{
"name": "30903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30903"
},
{
"name": "RHSA-2008:0547",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html"
},
{
"name": "FEDORA-2008-6193",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html"
},
{
"name": "256408",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"name": "SSA:2008-191",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.384911"
},
{
"name": "DSA-1615",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1615"
},
{
"name": "31195",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31195"
},
{
"name": "31076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31076"
},
{
"name": "USN-619-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-619-1"
},
{
"name": "30911",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30911"
},
{
"name": "RHSA-2008:0569",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html"
},
{
"name": "30878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30878"
},
{
"name": "20080708 rPSA-2008-0216-1 firefox",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-30.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=411433"
},
{
"name": "FEDORA-2008-6196",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html"
},
{
"name": "34501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34501"
},
{
"name": "MDVSA-2008:136",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SA:2008:034",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html"
},
{
"name": "RHSA-2008:0549",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html"
},
{
"name": "DSA-1697",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1697"
},
{
"name": "31021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31021"
},
{
"name": "oval:org.mitre.oval:def:9668",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9668"
},
{
"name": "30898",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30898"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2646"
},
{
"name": "30949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30949"
},
{
"name": "SSA:2008-191-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.383152"
},
{
"name": "ADV-2009-0977",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0977"
},
{
"name": "31069",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31069"
},
{
"name": "31008",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31008"
},
{
"name": "31377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31377"
},
{
"name": "RHSA-2008:0616",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html"
},
{
"name": "ADV-2008-1993",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1993/references"
},
{
"name": "31023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31023"
},
{
"name": "30038",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30038"
},
{
"name": "DSA-1607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1607"
},
{
"name": "GLSA-200808-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
},
{
"name": "31005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31005"
},
{
"name": "33433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33433"
},
{
"name": "FEDORA-2008-6127",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html"
},
{
"name": "1020419",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020419"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15"
},
{
"name": "31183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31183"
},
{
"name": "30903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30903"
},
{
"name": "RHSA-2008:0547",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html"
},
{
"name": "FEDORA-2008-6193",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html"
},
{
"name": "256408",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"name": "SSA:2008-191",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.384911"
},
{
"name": "DSA-1615",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1615"
},
{
"name": "31195",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31195"
},
{
"name": "31076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31076"
},
{
"name": "USN-619-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-619-1"
},
{
"name": "30911",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30911"
},
{
"name": "RHSA-2008:0569",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html"
},
{
"name": "30878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30878"
},
{
"name": "20080708 rPSA-2008-0216-1 firefox",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-30.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=411433"
},
{
"name": "FEDORA-2008-6196",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html"
},
{
"name": "34501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34501"
},
{
"name": "MDVSA-2008:136",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-2808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2008:034",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html"
},
{
"name": "RHSA-2008:0549",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html"
},
{
"name": "DSA-1697",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1697"
},
{
"name": "31021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31021"
},
{
"name": "oval:org.mitre.oval:def:9668",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9668"
},
{
"name": "30898",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30898"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0216",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216"
},
{
"name": "https://issues.rpath.com/browse/RPL-2646",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2646"
},
{
"name": "30949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30949"
},
{
"name": "SSA:2008-191-03",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.383152"
},
{
"name": "ADV-2009-0977",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0977"
},
{
"name": "31069",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31069"
},
{
"name": "31008",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31008"
},
{
"name": "31377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31377"
},
{
"name": "RHSA-2008:0616",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html"
},
{
"name": "ADV-2008-1993",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1993/references"
},
{
"name": "31023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31023"
},
{
"name": "30038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30038"
},
{
"name": "DSA-1607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1607"
},
{
"name": "GLSA-200808-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
},
{
"name": "31005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31005"
},
{
"name": "33433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33433"
},
{
"name": "FEDORA-2008-6127",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html"
},
{
"name": "1020419",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020419"
},
{
"name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15"
},
{
"name": "31183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31183"
},
{
"name": "30903",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30903"
},
{
"name": "RHSA-2008:0547",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html"
},
{
"name": "FEDORA-2008-6193",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html"
},
{
"name": "256408",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"name": "SSA:2008-191",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.384911"
},
{
"name": "DSA-1615",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1615"
},
{
"name": "31195",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31195"
},
{
"name": "31076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31076"
},
{
"name": "USN-619-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-619-1"
},
{
"name": "30911",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30911"
},
{
"name": "RHSA-2008:0569",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html"
},
{
"name": "30878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30878"
},
{
"name": "20080708 rPSA-2008-0216-1 firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded"
},
{
"name": "http://www.mozilla.org/security/announce/2008/mfsa2008-30.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-30.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=411433",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=411433"
},
{
"name": "FEDORA-2008-6196",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html"
},
{
"name": "34501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34501"
},
{
"name": "MDVSA-2008:136",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-2808",
"datePublished": "2008-07-07T23:00:00",
"dateReserved": "2008-06-20T00:00:00",
"dateUpdated": "2024-08-07T09:14:14.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2011-01-14 18:00
Modified
2025-04-11 00:51
Severity ?
Summary
A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png_2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote attackers to create PNG files in unintended directories via a crafted command-line argument, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978 | ||
| cve@mitre.org | http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&r1=1.1&r2=1.2 | Exploit, Patch | |
| cve@mitre.org | http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=log | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201203-15.xml | ||
| cve@mitre.org | http://www.securityfocus.com/bid/45920 | ||
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=547515 | Exploit | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/64819 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&r1=1.1&r2=1.2 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=log | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201203-15.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/45920 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=547515 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/64819 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:catb:gif2png:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C80ECBF4-91B6-4F26-987D-96EEEB7FEAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:catb:gif2png:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7483924E-DA57-4875-BE41-5CA5E58BE2BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7B30CD4-008C-4452-843C-EB5DB15FA7A2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:fedora:12:*:*:*:*:*:*:*",
"matchCriteriaId": "3854B743-1636-4334-8786-A450A3E81363",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png_2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote attackers to create PNG files in unintended directories via a crafted command-line argument, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018."
},
{
"lang": "es",
"value": "Un parche de Fedora para gif2png.c en gif2png v2.5.1 y v2.5.2, tal y como se distribuye en gif2png-2.5.1-1200.fc12 pata Fedora 12 y gif2png_2.5.2 1-en para Debian GNU/Linux, trunca una ruta GIF especificada en la l\u00ednea de comandos, lo que podr\u00eda permitir a atacantes remotos crear archivos PNG en directorios no deseados a trav\u00e9s de un argumento de l\u00ednea de comandos debidamente modificado, como lo demuestra un programa CGI que lanza gif2png, una vulnerabilidad diferente a CVE-2009-5018."
}
],
"id": "CVE-2010-4695",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-14T18:00:01.560",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras\u0026r1=1.1\u0026r2=1.2"
},
{
"source": "cve@mitre.org",
"url": "http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras\u0026view=log"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201203-15.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/45920"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=547515"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras\u0026r1=1.1\u0026r2=1.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras\u0026view=log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201203-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=547515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64819"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-29 00:00
Modified
2025-04-09 00:30
Severity ?
Summary
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://bugs.gentoo.org/show_bug.cgi?id=207214 | Third Party Advisory | |
| secalert@redhat.com | http://pulseaudio.org/changeset/2100 | Exploit | |
| secalert@redhat.com | http://secunia.com/advisories/28608 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/28623 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/28738 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/28952 | Vendor Advisory | |
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200802-07.xml | Third Party Advisory | |
| secalert@redhat.com | http://www.debian.org/security/2008/dsa-1476 | Third Party Advisory | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2008:027 | Third Party Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/27449 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.ubuntu.com/usn/usn-573-1 | Third Party Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2008/0283 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.novell.com/show_bug.cgi?id=347822 | Issue Tracking | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=425481 | Issue Tracking | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/39992 | VDB Entry | |
| secalert@redhat.com | https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html | Broken Link | |
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html | Third Party Advisory | |
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=207214 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://pulseaudio.org/changeset/2100 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28608 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28623 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28738 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28952 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200802-07.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1476 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:027 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/27449 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-573-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0283 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.novell.com/show_bug.cgi?id=347822 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=425481 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/39992 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mandrakesoft | mandrake_linux | 2007.1 | |
| mandrakesoft | mandrake_linux | 2007.1 | |
| mandrakesoft | mandrake_linux | 2008.0 | |
| mandrakesoft | mandrake_linux | 2008.0 | |
| redhat | fedora | 7 | |
| redhat | fedora | 8 | |
| pulseaudio | pulseaudio | 0.9.6 | |
| pulseaudio | pulseaudio | 0.9.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19D64247-F0A0-4984-84EA-B63FC901F002",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "316AA6EB-7191-479E-99D5-40DA79E340E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7AD2F3-451D-4F37-A6F3-DE676804BBA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "5FE8C9E7-15C3-4F89-8E54-C9691FAD4E4C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*",
"matchCriteriaId": "EE2027FA-357A-4BE3-9043-6DE8307C040A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E8256F-3FB6-45B2-8F03-02A61C10FAF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E8B62F-B9DE-4209-9531-8FA6C4869295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "21A099DF-9D09-4698-96FC-00D188FD9E36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion."
},
{
"lang": "es",
"value": "La funci\u00f3n pa_drop_root en PulseAudio versi\u00f3n 0.9.8, y una cierta build 0.9.9, no comprueba los valores de retorno de llamadas (1) setresuid, (2) setreuid, (3) setuid y (4) seteuid, cuando intenta perder privilegios, lo que podr\u00eda permitir a usuarios locales alcanzar privilegios causando que esas llamadas fallen por ataques tales como el agotamiento de recursos."
}
],
"id": "CVE-2008-0008",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-29T00:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207214"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://pulseaudio.org/changeset/2100"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28608"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28623"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28738"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28952"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-07.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1476"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:027"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/27449"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-573-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0283"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=347822"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=425481"
},
{
"source": "secalert@redhat.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39992"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://pulseaudio.org/changeset/2100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/27449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-573-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=347822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=425481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-03 17:41
Modified
2025-04-09 00:30
Severity ?
Summary
A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://kerneloops.org/oops.php?number=56705 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2008/10/02/1 | Exploit | |
| secalert@redhat.com | http://www.securityfocus.com/bid/31536 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=464883 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/45644 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://kerneloops.org/oops.php?number=56705 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2008/10/02/1 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/31536 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=464883 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/45644 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | fedora | 8 | |
| linux | linux_kernel | * | |
| linux | linux_kernel | 2.2.27 | |
| linux | linux_kernel | 2.4.36 | |
| linux | linux_kernel | 2.4.36.1 | |
| linux | linux_kernel | 2.4.36.2 | |
| linux | linux_kernel | 2.4.36.3 | |
| linux | linux_kernel | 2.4.36.4 | |
| linux | linux_kernel | 2.4.36.5 | |
| linux | linux_kernel | 2.4.36.6 | |
| linux | linux_kernel | 2.6 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.19.4 | |
| linux | linux_kernel | 2.6.19.5 | |
| linux | linux_kernel | 2.6.19.6 | |
| linux | linux_kernel | 2.6.19.7 | |
| linux | linux_kernel | 2.6.20.16 | |
| linux | linux_kernel | 2.6.20.17 | |
| linux | linux_kernel | 2.6.20.18 | |
| linux | linux_kernel | 2.6.20.19 | |
| linux | linux_kernel | 2.6.20.20 | |
| linux | linux_kernel | 2.6.20.21 | |
| linux | linux_kernel | 2.6.21.5 | |
| linux | linux_kernel | 2.6.21.6 | |
| linux | linux_kernel | 2.6.21.7 | |
| linux | linux_kernel | 2.6.22 | |
| linux | linux_kernel | 2.6.22.1 | |
| linux | linux_kernel | 2.6.22.2 | |
| linux | linux_kernel | 2.6.22.8 | |
| linux | linux_kernel | 2.6.22.9 | |
| linux | linux_kernel | 2.6.22.10 | |
| linux | linux_kernel | 2.6.22.11 | |
| linux | linux_kernel | 2.6.22.12 | |
| linux | linux_kernel | 2.6.22.13 | |
| linux | linux_kernel | 2.6.22.14 | |
| linux | linux_kernel | 2.6.22.15 | |
| linux | linux_kernel | 2.6.22.17 | |
| linux | linux_kernel | 2.6.22.18 | |
| linux | linux_kernel | 2.6.22.19 | |
| linux | linux_kernel | 2.6.22.20 | |
| linux | linux_kernel | 2.6.22.21 | |
| linux | linux_kernel | 2.6.22.22 | |
| linux | linux_kernel | 2.6.22_rc1 | |
| linux | linux_kernel | 2.6.22_rc7 | |
| linux | linux_kernel | 2.6.23 | |
| linux | linux_kernel | 2.6.24 | |
| linux | linux_kernel | 2.6.25 | |
| linux | linux_kernel | 2.6.26 | |
| linux | linux_kernel | 2.6.26.1 | |
| linux | linux_kernel | 2.6.26.2 | |
| linux | linux_kernel | 2.6.26.3 | |
| redhat | fedora | 9 | |
| linux | linux_kernel | * | |
| linux | linux_kernel | 2.2.27 | |
| linux | linux_kernel | 2.4.36 | |
| linux | linux_kernel | 2.4.36.1 | |
| linux | linux_kernel | 2.4.36.2 | |
| linux | linux_kernel | 2.4.36.3 | |
| linux | linux_kernel | 2.4.36.4 | |
| linux | linux_kernel | 2.4.36.5 | |
| linux | linux_kernel | 2.4.36.6 | |
| linux | linux_kernel | 2.6 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.19.4 | |
| linux | linux_kernel | 2.6.19.5 | |
| linux | linux_kernel | 2.6.19.6 | |
| linux | linux_kernel | 2.6.19.7 | |
| linux | linux_kernel | 2.6.20.16 | |
| linux | linux_kernel | 2.6.20.17 | |
| linux | linux_kernel | 2.6.20.18 | |
| linux | linux_kernel | 2.6.20.19 | |
| linux | linux_kernel | 2.6.20.20 | |
| linux | linux_kernel | 2.6.20.21 | |
| linux | linux_kernel | 2.6.21.5 | |
| linux | linux_kernel | 2.6.21.6 | |
| linux | linux_kernel | 2.6.21.7 | |
| linux | linux_kernel | 2.6.22 | |
| linux | linux_kernel | 2.6.22.1 | |
| linux | linux_kernel | 2.6.22.2 | |
| linux | linux_kernel | 2.6.22.8 | |
| linux | linux_kernel | 2.6.22.9 | |
| linux | linux_kernel | 2.6.22.10 | |
| linux | linux_kernel | 2.6.22.11 | |
| linux | linux_kernel | 2.6.22.12 | |
| linux | linux_kernel | 2.6.22.13 | |
| linux | linux_kernel | 2.6.22.14 | |
| linux | linux_kernel | 2.6.22.15 | |
| linux | linux_kernel | 2.6.22.17 | |
| linux | linux_kernel | 2.6.22.18 | |
| linux | linux_kernel | 2.6.22.19 | |
| linux | linux_kernel | 2.6.22.20 | |
| linux | linux_kernel | 2.6.22.21 | |
| linux | linux_kernel | 2.6.22.22 | |
| linux | linux_kernel | 2.6.22_rc1 | |
| linux | linux_kernel | 2.6.22_rc7 | |
| linux | linux_kernel | 2.6.23 | |
| linux | linux_kernel | 2.6.23.8 | |
| linux | linux_kernel | 2.6.23.9 | |
| linux | linux_kernel | 2.6.23.10 | |
| linux | linux_kernel | 2.6.23.11 | |
| linux | linux_kernel | 2.6.23.12 | |
| linux | linux_kernel | 2.6.23.13 | |
| linux | linux_kernel | 2.6.23.15 | |
| linux | linux_kernel | 2.6.23.16 | |
| linux | linux_kernel | 2.6.23.17 | |
| linux | linux_kernel | 2.6.24 | |
| linux | linux_kernel | 2.6.25 | |
| linux | linux_kernel | 2.6.26.1 | |
| linux | linux_kernel | 2.6.26.2 | |
| linux | linux_kernel | 2.6.26.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E8256F-3FB6-45B2-8F03-02A61C10FAF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC4F5B5A-0545-4238-BF3A-F6458C977992",
"versionEndIncluding": "2.6.26.4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "43F9DBB0-8AF7-42CA-95DD-68A344E9D549",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36:*:*:*:*:*:*:*",
"matchCriteriaId": "BA39D4CE-22F0-46A2-B8CF-4599675E7D3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD00664-A27C-4514-A2A4-079E8F9B0251",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E336C792-B7A1-4318-8050-DE9F03474CEF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7228AE50-BACB-4AB8-9CE5-17DB0CD661AF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D260FD-E55E-4A95-AB7F-B880DBE37BAD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E36D0159-1A05-4628-9C1C-360DED0F438C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3E6654B9-42EB-4C2C-8F71-710D50556180",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC560CC-F785-42D5-A25B-1BA02E7AC464",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C06F0037-DE20-4B4A-977F-BFCFAB026517",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1817C772-D367-4ABE-B835-466D31A6DC89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C667B8E4-64EB-4A05-84FF-B2243DEF757D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9484B41A-DFB6-4481-80D8-440C711CEA53",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc4:*:*:*:*:*:*",
"matchCriteriaId": "53D373AF-DE6B-428E-9F0F-F1D220900A4D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc5:*:*:*:*:*:*",
"matchCriteriaId": "F2975DF7-F916-456C-BF7C-2694559E5282",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc6:*:*:*:*:*:*",
"matchCriteriaId": "6D156EFF-D2E5-4F42-B6E7-954DE6CD90B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc7:*:*:*:*:*:*",
"matchCriteriaId": "784EB96E-2FD3-4F77-8DB6-4D6C7A928946",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86A98A70-51E3-4556-8DC4-DD09CF370D1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.5:*:*:*:*:*:*:*",
"matchCriteriaId": "469EE3B0-3CC2-4AC2-86A0-2DF34205E707",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FCFECB2B-6482-45F2-B3BB-EDDEDA0948A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC547EB-9308-4477-8256-A0E04B42D6DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F55A024-9F8E-44F8-A0D8-696BC232524A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.17:*:*:*:*:*:*:*",
"matchCriteriaId": "84595143-3B04-4CE8-81C0-28EEEC58CD0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.18:*:*:*:*:*:*:*",
"matchCriteriaId": "32EE2B49-DDEB-4B49-A5F0-CAA161095A5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C3ABFA33-8FA1-488E-A9BD-1593F495F595",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.20:*:*:*:*:*:*:*",
"matchCriteriaId": "62F6DE3A-E6CC-4D7E-BD08-E43DC4182200",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A9A29C44-EBE5-42B0-AFAD-C5A8F6EEF2F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.5:*:*:*:*:*:*:*",
"matchCriteriaId": "96A43C95-8569-40BE-9E5B-F9B3D0B9D188",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD70B2B-9827-4DBB-B82D-0B70C2D4AB1F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99662904-E5E3-4E81-B199-39707EAEB652",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "615BDD1D-36AA-4976-909B-F0F66BF1090C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8A26D6-1BDA-45F0-8F7C-F95986050E32",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "61A3EDF2-09D7-4116-AE46-D86E4B9602AC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.8:*:*:*:*:*:*:*",
"matchCriteriaId": "12A55028-B8F9-4AD2-AE57-A80D561F3C79",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0C4E641C-67D4-4599-8EFB-0B2F8D81D68C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.10:*:*:*:*:*:*:*",
"matchCriteriaId": "70460F6C-D6C0-4C1A-B13E-368705EAF223",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3F26BA18-08AD-45FE-9F83-25CCB2E27270",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBFF148-3EDA-4216-910B-8930D8C443C2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.13:*:*:*:*:*:*:*",
"matchCriteriaId": "648C63F7-EA1D-4F2E-B8AF-1F380C83E542",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1697B855-4834-4633-A5C8-C1F7F13ACE0D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.15:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBAE75F-9145-4B9A-A6D8-E488C5326145",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5990C6C2-2F66-4C4D-8224-74163865F410",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3A45A9B9-4B19-4A5B-BC95-BCBC4EF00F12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C23AD176-3B99-4593-BCBD-13C1E579A13E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.20:*:*:*:*:*:*:*",
"matchCriteriaId": "034DFD7F-8919-4245-8480-7B272F591271",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.21:*:*:*:*:*:*:*",
"matchCriteriaId": "4CEBC606-6488-48CE-8AA8-5B8CC724D5D0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A83C60AF-50A9-480E-860D-45E80AC0A6B7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FDF616-E410-4540-B377-98D1FB88CE35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22_rc7:*:*:*:*:*:*:*",
"matchCriteriaId": "5313B736-9904-442A-84D6-8FC7B9AC2059",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6A3A30-FEA4-40B6-98A9-1840BB4E8CBE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:*:*:*:*:*:*:*",
"matchCriteriaId": "13673DF5-09B1-40C8-AC54-A447DE8AB01E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "71295664-89EC-4BB3-9F86-B1DDA20FAC5A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E45F4429-5A9C-4E8B-96EE-CCF19776CABF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EFCAF09-BB20-424C-8648-014C0F71F8A9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.26.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A74970C-5EEA-47A7-A62D-AF98F4D1228F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.26.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA56669-B09E-42C2-9591-245C46909A2F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:fedora:9:*:*:*:*:*:*:*",
"matchCriteriaId": "D32A30CD-EA21-4AA6-868F-3448AA50B70D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC4F5B5A-0545-4238-BF3A-F6458C977992",
"versionEndIncluding": "2.6.26.4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "43F9DBB0-8AF7-42CA-95DD-68A344E9D549",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36:*:*:*:*:*:*:*",
"matchCriteriaId": "BA39D4CE-22F0-46A2-B8CF-4599675E7D3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD00664-A27C-4514-A2A4-079E8F9B0251",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E336C792-B7A1-4318-8050-DE9F03474CEF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7228AE50-BACB-4AB8-9CE5-17DB0CD661AF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D260FD-E55E-4A95-AB7F-B880DBE37BAD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E36D0159-1A05-4628-9C1C-360DED0F438C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3E6654B9-42EB-4C2C-8F71-710D50556180",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC560CC-F785-42D5-A25B-1BA02E7AC464",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C06F0037-DE20-4B4A-977F-BFCFAB026517",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1817C772-D367-4ABE-B835-466D31A6DC89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C667B8E4-64EB-4A05-84FF-B2243DEF757D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9484B41A-DFB6-4481-80D8-440C711CEA53",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc4:*:*:*:*:*:*",
"matchCriteriaId": "53D373AF-DE6B-428E-9F0F-F1D220900A4D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc5:*:*:*:*:*:*",
"matchCriteriaId": "F2975DF7-F916-456C-BF7C-2694559E5282",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc6:*:*:*:*:*:*",
"matchCriteriaId": "6D156EFF-D2E5-4F42-B6E7-954DE6CD90B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc7:*:*:*:*:*:*",
"matchCriteriaId": "784EB96E-2FD3-4F77-8DB6-4D6C7A928946",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86A98A70-51E3-4556-8DC4-DD09CF370D1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.5:*:*:*:*:*:*:*",
"matchCriteriaId": "469EE3B0-3CC2-4AC2-86A0-2DF34205E707",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FCFECB2B-6482-45F2-B3BB-EDDEDA0948A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC547EB-9308-4477-8256-A0E04B42D6DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F55A024-9F8E-44F8-A0D8-696BC232524A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.17:*:*:*:*:*:*:*",
"matchCriteriaId": "84595143-3B04-4CE8-81C0-28EEEC58CD0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.18:*:*:*:*:*:*:*",
"matchCriteriaId": "32EE2B49-DDEB-4B49-A5F0-CAA161095A5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C3ABFA33-8FA1-488E-A9BD-1593F495F595",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.20:*:*:*:*:*:*:*",
"matchCriteriaId": "62F6DE3A-E6CC-4D7E-BD08-E43DC4182200",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A9A29C44-EBE5-42B0-AFAD-C5A8F6EEF2F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.5:*:*:*:*:*:*:*",
"matchCriteriaId": "96A43C95-8569-40BE-9E5B-F9B3D0B9D188",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD70B2B-9827-4DBB-B82D-0B70C2D4AB1F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99662904-E5E3-4E81-B199-39707EAEB652",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "615BDD1D-36AA-4976-909B-F0F66BF1090C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8A26D6-1BDA-45F0-8F7C-F95986050E32",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "61A3EDF2-09D7-4116-AE46-D86E4B9602AC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.8:*:*:*:*:*:*:*",
"matchCriteriaId": "12A55028-B8F9-4AD2-AE57-A80D561F3C79",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0C4E641C-67D4-4599-8EFB-0B2F8D81D68C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.10:*:*:*:*:*:*:*",
"matchCriteriaId": "70460F6C-D6C0-4C1A-B13E-368705EAF223",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3F26BA18-08AD-45FE-9F83-25CCB2E27270",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBFF148-3EDA-4216-910B-8930D8C443C2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.13:*:*:*:*:*:*:*",
"matchCriteriaId": "648C63F7-EA1D-4F2E-B8AF-1F380C83E542",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1697B855-4834-4633-A5C8-C1F7F13ACE0D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.15:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBAE75F-9145-4B9A-A6D8-E488C5326145",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5990C6C2-2F66-4C4D-8224-74163865F410",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3A45A9B9-4B19-4A5B-BC95-BCBC4EF00F12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C23AD176-3B99-4593-BCBD-13C1E579A13E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.20:*:*:*:*:*:*:*",
"matchCriteriaId": "034DFD7F-8919-4245-8480-7B272F591271",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.21:*:*:*:*:*:*:*",
"matchCriteriaId": "4CEBC606-6488-48CE-8AA8-5B8CC724D5D0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A83C60AF-50A9-480E-860D-45E80AC0A6B7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FDF616-E410-4540-B377-98D1FB88CE35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22_rc7:*:*:*:*:*:*:*",
"matchCriteriaId": "5313B736-9904-442A-84D6-8FC7B9AC2059",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6A3A30-FEA4-40B6-98A9-1840BB4E8CBE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CE87D1BC-A72D-42D2-A93C-67A5823BEB14",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5AAC2E9D-0E82-4866-9046-ADD448418198",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.10:*:*:*:*:*:*:*",
"matchCriteriaId": "760FB32D-9795-4B29-B79A-A32B5E70F7EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0DFF67E9-B0C2-48D5-BB3A-CF21D10010FF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5881A78C-D162-4DE5-8353-2BB1EC1F428B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B13D81D2-1A89-4E61-A90C-5E8BB880310B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.15:*:*:*:*:*:*:*",
"matchCriteriaId": "80F9887E-2466-4C73-A8E1-2117492F9EC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDE5B27-2EF0-464E-8F14-5E809D84D389",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.17:*:*:*:*:*:*:*",
"matchCriteriaId": "815B2EE8-136F-44E4-997D-5F93A54775DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:*:*:*:*:*:*:*",
"matchCriteriaId": "13673DF5-09B1-40C8-AC54-A447DE8AB01E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "71295664-89EC-4BB3-9F86-B1DDA20FAC5A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EFCAF09-BB20-424C-8648-014C0F71F8A9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.26.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A74970C-5EEA-47A7-A62D-AF98F4D1228F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.26.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA56669-B09E-42C2-9591-245C46909A2F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function."
},
{
"lang": "es",
"value": "Cierto parche de Fedora en el subsistema utrace de Linux Kernel versiones anteriores a v2.6.26.5-28 de Fedora 8, y versiones anteriores a v2.6.26.5-45 de Fedora 9, permite a usuarios locales provocar una denegaci\u00f3n de servicio (puntero de referencia NULL y ca\u00edda o cuelgue del sistema) a trav\u00e9s de la llamada a la funci\u00f3n utrace_control."
}
],
"id": "CVE-2008-3832",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-03T17:41:40.367",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://kerneloops.org/oops.php?number=56705"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/02/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/31536"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=464883"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kerneloops.org/oops.php?number=56705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/02/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=464883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45644"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the version of utrace as shipped with the Red Hat Enterprise Linux 5 kernel.",
"lastModified": "2017-08-07T21:32:11.843",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-24 22:44
Modified
2025-04-09 00:30
Severity ?
Summary
Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| PSIRT-CNA@flexerasoftware.com | http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html | ||
| PSIRT-CNA@flexerasoftware.com | http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/28694 | Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/29392 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/29472 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/29503 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/29578 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/29601 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/29740 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/29766 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/29800 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/30581 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/31372 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/31393 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/secunia_research/2008-10/ | Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | http://security.gentoo.org/glsa/glsa-200804-25.xml | ||
| PSIRT-CNA@flexerasoftware.com | http://security.gentoo.org/glsa/glsa-200808-01.xml | ||
| PSIRT-CNA@flexerasoftware.com | http://sourceforge.net/project/shownotes.php?release_id=585488&group_id=9655 | Patch | |
| PSIRT-CNA@flexerasoftware.com | http://wiki.videolan.org/Changelog/0.8.6f | ||
| PSIRT-CNA@flexerasoftware.com | http://www.debian.org/security/2008/dsa-1536 | ||
| PSIRT-CNA@flexerasoftware.com | http://www.debian.org/security/2008/dsa-1543 | ||
| PSIRT-CNA@flexerasoftware.com | http://www.mandriva.com/security/advisories?name=MDVSA-2008:178 | ||
| PSIRT-CNA@flexerasoftware.com | http://www.mandriva.com/security/advisories?name=MDVSA-2008:219 | ||
| PSIRT-CNA@flexerasoftware.com | http://www.securityfocus.com/bid/28312 | ||
| PSIRT-CNA@flexerasoftware.com | http://www.securitytracker.com/id?1019682 | ||
| PSIRT-CNA@flexerasoftware.com | http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.392408 | ||
| PSIRT-CNA@flexerasoftware.com | http://www.ubuntu.com/usn/usn-635-1 | ||
| PSIRT-CNA@flexerasoftware.com | http://www.videolan.org/security/sa0803.php | ||
| PSIRT-CNA@flexerasoftware.com | http://www.vupen.com/english/advisories/2008/0923 | ||
| PSIRT-CNA@flexerasoftware.com | http://www.vupen.com/english/advisories/2008/0985 | ||
| PSIRT-CNA@flexerasoftware.com | http://xinehq.de/index.php/news | Patch | |
| PSIRT-CNA@flexerasoftware.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/41339 | ||
| PSIRT-CNA@flexerasoftware.com | https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html | ||
| PSIRT-CNA@flexerasoftware.com | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28694 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29392 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29472 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29503 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29578 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29601 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29740 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29766 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29800 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30581 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31372 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31393 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/secunia_research/2008-10/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200804-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200808-01.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/project/shownotes.php?release_id=585488&group_id=9655 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.videolan.org/Changelog/0.8.6f | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1536 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1543 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:178 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:219 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28312 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1019682 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.392408 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-635-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.videolan.org/security/sa0803.php | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0923 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0985 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://xinehq.de/index.php/news | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/41339 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E8256F-3FB6-45B2-8F03-02A61C10FAF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter."
},
{
"lang": "es",
"value": "Error de \u00edndice de array en la funci\u00f3n sdpplin_parse de input/libreal/sdpplin.c en xine-lib 1.1.10.1 permite a servidores RTSP remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un par\u00e1metro streamid SDP grande."
}
],
"id": "CVE-2008-0073",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-03-24T22:44:00.000",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28694"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/29392"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/29472"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/29503"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/29578"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/29601"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/29740"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/29766"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/29800"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/30581"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/31372"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/31393"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2008-10/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://security.gentoo.org/glsa/glsa-200808-01.xml"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=585488\u0026group_id=9655"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.debian.org/security/2008/dsa-1536"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:219"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/28312"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1019682"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.392408"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2008/0923"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://xinehq.de/index.php/news"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41339"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2008-10/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200808-01.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=585488\u0026group_id=9655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.392408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://xinehq.de/index.php/news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-24 17:44
Modified
2025-04-09 00:30
Severity ?
Summary
ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380 | ||
| cve@mitre.org | http://bugs.gentoo.org/show_bug.cgi?id=212288 | ||
| cve@mitre.org | http://secunia.com/advisories/29176 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/29460 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200803-29.xml | ||
| cve@mitre.org | http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD | ||
| cve@mitre.org | http://www.securityfocus.com/bid/28055 | Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0734/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=212288 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29176 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29460 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200803-29.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28055 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0734/references |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*",
"matchCriteriaId": "EE2027FA-357A-4BE3-9043-6DE8307C040A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E8256F-3FB6-45B2-8F03-02A61C10FAF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:viewvc:viewvc:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "793F6DB3-A6C2-4813-BD2D-AF34D85F6CCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:viewvc:viewvc:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6F2BC5-D099-427C-9513-75551ABF1997",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ViewVC before 1.0.5 includes \"all-forbidden\" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information."
},
{
"lang": "es",
"value": "ViewVC antes de 1.0.5 incluye archivos \"all-forbidden\" (todo prohibido) dentro de resultados de b\u00fasqueda que listan asignaciones CVS o Subversion (SVN), lo que permite a atacantes remotos obtener informaci\u00f3n sensible."
}
],
"id": "CVE-2008-1290",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-24T17:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29176"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29460"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml"
},
{
"source": "cve@mitre.org",
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28055"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0734/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0734/references"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-27 22:30
Modified
2025-04-09 00:30
Severity ?
Summary
ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=476529 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/50324 | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00204.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=476529 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/50324 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00204.html | Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoneminder | zoneminder | 1.23.3 | |
| redhat | fedora | 10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoneminder:zoneminder:1.23.3:*:*:*:*:*:*:*",
"matchCriteriaId": "07DFFF95-A7C4-4C99-A9FE-640AD078B872",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:fedora:10:*:*:*:*:*:*:*",
"matchCriteriaId": "BA70E035-8475-4046-ABD7-5AE59F874EBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script."
},
{
"lang": "es",
"value": "ZoneMinder v1.23.3 en Fedora 10 establece la propiedad de /etc/zm.conf a la cuenta de usuario de apache, y establece los permisos a 0600, lo cual facilita a los atacantes remotos la modificaci\u00f3n de este archivo para acceder a \u00e9l a trav\u00e9s de un archivo de secuencias de comandos PHP (1) o CGI (2)."
}
],
"id": "CVE-2008-6755",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-27T22:30:00.217",
"references": [
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=476529"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50324"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00204.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=476529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00204.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-21 17:41
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/31080 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31307 | ||
| cve@mitre.org | http://www.debian.org/security/2008/dsa-1622 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/30231 | ||
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=454483 | Patch | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/43844 | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00485.html | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00565.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31080 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31307 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1622 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30231 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=454483 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/43844 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00485.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00565.html |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E8256F-3FB6-45B2-8F03-02A61C10FAF0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:fedora:9:*:*:*:*:*:*:*",
"matchCriteriaId": "D32A30CD-EA21-4AA6-868F-3448AA50B70D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedora:newsx:1.6:8.fc8:*:*:*:*:*:*",
"matchCriteriaId": "AAFFE142-DC63-4F3B-90B6-F48F150714FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedora:newsx:1.6:9.fc9:*:*:*:*:*:*",
"matchCriteriaId": "B2890FFB-A98E-477C-8780-E93379756BB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n read_article en getarticle.c en newsx 1.6, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un art\u00edculo de noticias que contiene un gran n\u00famero de l\u00edneas que empiezan con un per\u00edodo."
}
],
"id": "CVE-2008-3252",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-21T17:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31080"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31307"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1622"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30231"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=454483"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43844"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00485.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00565.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=454483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00485.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00565.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-15 17:05
Modified
2025-04-09 00:30
Severity ?
Summary
Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/29956 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200804-29.xml | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/41854 | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29956 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200804-29.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/41854 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*",
"matchCriteriaId": "EE2027FA-357A-4BE3-9043-6DE8307C040A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E8256F-3FB6-45B2-8F03-02A61C10FAF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:comix:comix:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "170E6C1D-73AC-4EA4-AA6B-2542090630E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service."
},
{
"lang": "es",
"value": "Comix 3.6.4 crea directorios temporales con nombres previsibles, lo cual permite a usuarios locales provocar una denegaci\u00f3n de servicio no especificada."
}
],
"id": "CVE-2008-1796",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-15T17:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29956"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200804-29.xml"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41854"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200804-29.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-07 23:41
Modified
2025-04-09 00:30
Severity ?
Summary
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2008-0616.html | ||
| secalert@redhat.com | http://secunia.com/advisories/30878 | ||
| secalert@redhat.com | http://secunia.com/advisories/30898 | ||
| secalert@redhat.com | http://secunia.com/advisories/30903 | ||
| secalert@redhat.com | http://secunia.com/advisories/30911 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/30949 | ||
| secalert@redhat.com | http://secunia.com/advisories/31005 | ||
| secalert@redhat.com | http://secunia.com/advisories/31008 | ||
| secalert@redhat.com | http://secunia.com/advisories/31021 | ||
| secalert@redhat.com | http://secunia.com/advisories/31023 | ||
| secalert@redhat.com | http://secunia.com/advisories/31069 | ||
| secalert@redhat.com | http://secunia.com/advisories/31076 | ||
| secalert@redhat.com | http://secunia.com/advisories/31183 | ||
| secalert@redhat.com | http://secunia.com/advisories/31195 | ||
| secalert@redhat.com | http://secunia.com/advisories/31377 | ||
| secalert@redhat.com | http://secunia.com/advisories/33433 | ||
| secalert@redhat.com | http://secunia.com/advisories/34501 | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200808-03.xml | ||
| secalert@redhat.com | http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152 | ||
| secalert@redhat.com | http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911 | ||
| secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 | ||
| secalert@redhat.com | http://wiki.rpath.com/Advisories:rPSA-2008-0216 | ||
| secalert@redhat.com | http://www.debian.org/security/2008/dsa-1607 | ||
| secalert@redhat.com | http://www.debian.org/security/2008/dsa-1615 | ||
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1697 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2008:136 | ||
| secalert@redhat.com | http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15 | ||
| secalert@redhat.com | http://www.mozilla.org/security/announce/2008/mfsa2008-30.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2008-0547.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2008-0549.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2008-0569.html | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/494080/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/30038 | ||
| secalert@redhat.com | http://www.securitytracker.com/id?1020419 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/usn-619-1 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2008/1993/references | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/0977 | ||
| secalert@redhat.com | https://bugzilla.mozilla.org/show_bug.cgi?id=411433 | ||
| secalert@redhat.com | https://issues.rpath.com/browse/RPL-2646 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9668 | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2008-0616.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30878 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30898 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30903 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30911 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30949 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31005 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31008 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31021 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31023 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31069 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31076 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31183 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31195 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31377 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33433 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34501 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200808-03.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/Advisories:rPSA-2008-0216 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1607 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1615 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1697 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:136 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mozilla.org/security/announce/2008/mfsa2008-30.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2008-0547.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2008-0549.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2008-0569.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/494080/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30038 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1020419 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-619-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1993/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0977 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/show_bug.cgi?id=411433 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-2646 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9668 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | advanced_workstation_for_the_itanium_processor | 2.1 | |
| redhat | desktop | 3.0 | |
| redhat | desktop | 4.0 | |
| redhat | enterprise_linux | 5_server | |
| redhat | enterprise_linux | as_2.1 | |
| redhat | enterprise_linux | as_3 | |
| redhat | enterprise_linux | as_4 | |
| redhat | enterprise_linux | es_2.1 | |
| redhat | enterprise_linux | es_3 | |
| redhat | enterprise_linux | es_4 | |
| redhat | enterprise_linux | ws_2.1 | |
| redhat | enterprise_linux | ws_3 | |
| redhat | enterprise_linux | ws_4 | |
| redhat | enterprise_linux_desktop | 5_client | |
| redhat | enterprise_linux_desktop_workstation | 5_client | |
| redhat | fedora | 8 | |
| ubuntu | ubuntu_linux | 6.06 | |
| ubuntu | ubuntu_linux | 6.06 | |
| ubuntu | ubuntu_linux | 6.06 | |
| ubuntu | ubuntu_linux | 6.06 | |
| ubuntu | ubuntu_linux | 7.04 | |
| ubuntu | ubuntu_linux | 7.04 | |
| ubuntu | ubuntu_linux | 7.04 | |
| ubuntu | ubuntu_linux | 7.04 | |
| ubuntu | ubuntu_linux | 7.10 | |
| ubuntu | ubuntu_linux | 7.10 | |
| ubuntu | ubuntu_linux | 7.10 | |
| ubuntu | ubuntu_linux | 7.10 | |
| ubuntu | ubuntu_linux | 7.10 | |
| mozilla | firefox | 2.0 | |
| mozilla | firefox | 2.0 | |
| mozilla | firefox | 2.0 | |
| mozilla | firefox | 2.0 | |
| mozilla | firefox | 2.0.0.2 | |
| mozilla | firefox | 2.0.0.3 | |
| mozilla | firefox | 2.0.0.11 | |
| mozilla | firefox | 2.0.0.12 | |
| mozilla | firefox | 2.0.0.13 | |
| mozilla | firefox | 2.0.0.14 | |
| mozilla | firefox | 2.0_.1 | |
| mozilla | firefox | 2.0_.4 | |
| mozilla | firefox | 2.0_.5 | |
| mozilla | firefox | 2.0_.6 | |
| mozilla | firefox | 2.0_.9 | |
| mozilla | firefox | 2.0_.10 | |
| mozilla | firefox | 2.0_8 | |
| mozilla | seamonkey | 1.1 | |
| mozilla | seamonkey | 1.1.1 | |
| mozilla | seamonkey | 1.1.2 | |
| mozilla | seamonkey | 1.1.3 | |
| mozilla | seamonkey | 1.1.4 | |
| mozilla | seamonkey | 1.1.5 | |
| mozilla | seamonkey | 1.1.6 | |
| mozilla | seamonkey | 1.1.7 | |
| mozilla | seamonkey | 1.1.8 | |
| mozilla | seamonkey | 1.1.9 | |
| mozilla | thunderbird | 2.0_.4 | |
| mozilla | thunderbird | 2.0_.5 | |
| mozilla | thunderbird | 2.0_.6 | |
| mozilla | thunderbird | 2.0_.9 | |
| mozilla | thunderbird | 2.0_.12 | |
| mozilla | thunderbird | 2.0_.13 | |
| mozilla | thunderbird | 2.0_.14 | |
| mozilla | thunderbird | 2.0_8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:advanced_workstation_for_the_itanium_processor:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D34CFC7-5112-45FA-A550-07C1174819CE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:desktop:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C8CB34E-02FE-4F90-9642-B56D3B3ACEF6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:desktop:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AB2579A-2BC9-4E16-9641-248222301660",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5_server:*:*:*:*:*:*:*",
"matchCriteriaId": "4089D3E3-C845-46F4-B4FC-8556D025704E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:as_2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF3EAB41-5B36-4D27-B319-17687D89868E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:as_3:*:*:*:*:*:*:*",
"matchCriteriaId": "421C0021-66EB-4F4C-9D79-6366A4702CC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:as_4:*:*:*:*:*:*:*",
"matchCriteriaId": "F23BD8DF-6E8E-4DF2-A700-8E050D967547",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:es_2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "627D828A-A35B-4072-AFBA-1D26C68506F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:es_3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0FE33D-756C-449F-B54C-8677C9AD002D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:es_4:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF1F027-C9FF-4583-AB40-E0B757F9EE41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:ws_2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB10F52-FF81-4297-A4D3-D3298273D894",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:ws_3:*:*:*:*:*:*:*",
"matchCriteriaId": "6EA8914F-DB6D-4C21-A727-8B94BE0424BF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:ws_4:*:*:*:*:*:*:*",
"matchCriteriaId": "B18EBE6E-482D-435D-851C-73EC301F0A26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5_client:*:*:*:*:*:*:*",
"matchCriteriaId": "7C1E0CDD-78D0-4156-8572-6D430EF5499E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop_workstation:5_client:*:*:*:*:*:*:*",
"matchCriteriaId": "043A85D0-7F3E-4EC9-9065-3F996B9A0A94",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E8256F-3FB6-45B2-8F03-02A61C10FAF0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:lts_amd64:*:*:*:*:*",
"matchCriteriaId": "3107F20F-386F-4BF0-814F-4D7CAF0A2CBA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:lts_i386:*:*:*:*:*",
"matchCriteriaId": "C027333C-8364-407A-B6D6-7B328C384632",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:lts_powerpc:*:*:*:*:*",
"matchCriteriaId": "B608D1D1-F05D-4F1B-BDED-A47EEC0E37FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:lts_sparc:*:*:*:*:*",
"matchCriteriaId": "64E79B04-2A84-4A5D-90F3-D4F02FDBA09D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.04:*:amd64:*:*:*:*:*",
"matchCriteriaId": "7BD79C43-2615-47DE-A100-D21482D866F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.04:*:i386:*:*:*:*:*",
"matchCriteriaId": "1856594D-7D84-4830-A8A7-2C9D4C2D61FD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.04:*:powerpc:*:*:*:*:*",
"matchCriteriaId": "0B20DDF0-2FAB-4EB0-B62D-2351514B2808",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.04:*:sparc:*:*:*:*:*",
"matchCriteriaId": "B7748895-CE00-4BB8-BFCD-A5559BA15869",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:amd64:*:*:*:*:*",
"matchCriteriaId": "FB928CC9-0BC3-4AE1-B20B-A58A4C4AAE24",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:i386:*:*:*:*:*",
"matchCriteriaId": "BB850565-A800-44A6-945E-CB235531C5DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:lpia:*:*:*:*:*",
"matchCriteriaId": "A1BB8BDA-3F7A-408F-97FC-CBE422A09CCA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:powerpc:*:*:*:*:*",
"matchCriteriaId": "3F37A796-E028-4247-A5E6-66B89A583F87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:sparc:*:*:*:*:*",
"matchCriteriaId": "61DA44B7-FE1A-4452-843E-EAF1404B86F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3487FA64-BE04-42CA-861E-3DAC097D7D32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "F61EA4A1-1916-48A5-8196-E3CDEF3108F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F5AA254D-D41E-464F-9E2A-A950F08C6946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B05D2655-6641-42BE-9793-30005AC9D40D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57E2C7E7-56C0-466C-BB08-5EB43922C4F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "462E135A-5616-46CC-A9C0-5A7A0526ACC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1E391619-0967-43E1-8CBC-4D54F72A85C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0544D626-E269-4677-9B05-7DAB23BD103B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C95F7B2C-80FC-4DF2-9680-F74634DCE3E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "863C140E-DC15-4A88-AB8A-8AEF9F4B8164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23D609B2-F66C-40F1-B7D9-965189F875A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "327D8879-0B61-4681-886D-C53BE251E0ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0_.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59017F18-6C4E-4803-8A65-DB2A849C3197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0_.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF006282-943B-4885-B523-6E575D664059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0_.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC11707-DF87-4046-964D-40CF22385A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0_.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F73F1171-E34D-4AC0-BF8B-3DB38AA13EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0_8:*:*:*:*:*:*:*",
"matchCriteriaId": "0422C796-ECC4-42C1-9580-1CE22A096244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "D58B704B-F06E-44C1-BBD1-A090D1E6583A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40270FBD-744A-49D9-9FFA-1DCD897210D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20E01097-F60A-4FB2-BA47-84A267EE87D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F65732F-317B-49A2-B9B0-FA1102B8B45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DB430F19-069A-43FD-9097-586D4449D327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "76AD0439-3BFB-4AD1-8E2C-99D0B099FA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1E6D7528-E591-48A6-8165-BE42F8EBF6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BA710423-0075-44B8-9DCB-6380FA974486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C5521DA3-E6AF-4350-B971-10B4A1C9B1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DDD15752-A253-47B1-BCE0-B55B84B47C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:2.0_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "63AF48A9-C161-4603-82F0-5D2DE1EBA498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:2.0_.5:*:*:*:*:*:*:*",
"matchCriteriaId": "821E46E8-B084-4762-86F0-002CA288B522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:2.0_.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A084C258-7D78-4F6D-8E24-00BE9608EBFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:2.0_.9:*:*:*:*:*:*:*",
"matchCriteriaId": "893FD2C8-C8EF-4ED3-9B7C-82D8DA9A1C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:2.0_.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F9FEA455-E605-4CE3-A951-760D59091C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:2.0_.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F1758117-4865-42A4-8110-2250924E21FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:2.0_.14:*:*:*:*:*:*:*",
"matchCriteriaId": "81AF4BFB-EC89-454B-89DF-FC8F6102E28C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:2.0_8:*:*:*:*:*:*:*",
"matchCriteriaId": "8013986B-DCAF-44A1-BA63-5BBA6762720F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename."
},
{
"lang": "es",
"value": "Mozilla Firefox anterior a 2.0.0.15 y SeaMonkey anterior a 1.1.10 no escapan correctamente el HTML en listados de directorios file:// URLs, lo que permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) o tener otros impactos no especificados mediante un nombre de archivo modificado."
}
],
"id": "CVE-2008-2808",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-07-07T23:41:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30878"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30898"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30903"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30911"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30949"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31005"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31008"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31021"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31023"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31069"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31076"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31183"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31195"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31377"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/33433"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34501"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.383152"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.384911"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2008/dsa-1607"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2008/dsa-1615"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2009/dsa-1697"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-30.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/30038"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1020419"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-619-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/1993/references"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/0977"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=411433"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-2646"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9668"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.383152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.384911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-30.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-619-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1993/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=411433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-2646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-06 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678 | Exploit, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/39834 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2009/05/05/2 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2009/05/05/4 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/34828 | ||
| cve@mitre.org | http://www.ubuntu.com/usn/USN-939-1 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/1185 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/50348 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39834 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2009/05/05/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2009/05/05/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34828 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-939-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1185 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/50348 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | * | |
| redhat | fedora | 10 | |
| ubuntu | linux | * | |
| branden_robinson | xvfb-run | 1.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C8919F1-CD33-437E-9627-69352B276BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:fedora:10:*:*:*:*:*:*:*",
"matchCriteriaId": "BA70E035-8475-4046-ABD7-5AE59F874EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ubuntu:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84BB6CD8-43ED-4998-8D68-6934B93EA833",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:branden_robinson:xvfb-run:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4D5938-DC01-4CA6-A493-A34FB2EEEA14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments."
},
{
"lang": "es",
"value": "xvfb-run v1.6.1 en Debian GNU/Linux, Ubuntu, Fedora 10 y posiblemente otros sistemas operativos, ubican la magic cookie (MCOOKIE) en la l\u00ednea de comandos, lo que permite a usuarios locales obtener privilegios listando los procesos y sus argumentos."
}
],
"id": "CVE-2009-1573",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-05-06T17:30:09.797",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/39834"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/05/05/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/05/05/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34828"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-939-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/1185"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/05/05/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/05/05/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-939-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50348"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-09 21:29
Modified
2024-11-21 03:57
Severity ?
Summary
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/105956 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/mdadams/jasper/issues/188 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuapr2020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105956 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mdadams/jasper/issues/188 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2020.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jasper_project | jasper | 2.0.14 | |
| redhat | fedora | - | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jasper_project:jasper:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB314A7-DB3A-487E-8B8D-466B20DFB92F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:fedora:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD318004-D3D4-41BA-B645-DBF86D4A9DBB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c."
},
{
"lang": "es",
"value": "Se ha detectado un problema en JasPer 2.0.14. Hay una fuga de memoria en jas_malloc.c cuando se le llama desde jpc_unk_getparms en jpc_cs.c."
}
],
"id": "CVE-2018-19139",
"lastModified": "2024-11-21T03:57:24.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-09T21:29:00.340",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105956"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/mdadams/jasper/issues/188"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/mdadams/jasper/issues/188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-20 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedora 9, and before 1.1.4-6.fc10 on Fedora 10, omit TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions, possibly a related issue to CVE-2008-1376.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/33545 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/33294 | ||
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=477864 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/48058 | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00376.html | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00526.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33545 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/33294 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=477864 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/48058 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00376.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00526.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nfs | nfs-utils | * | |
| nfs | nfs-utils | 0.2 | |
| nfs | nfs-utils | 0.2.1 | |
| nfs | nfs-utils | 0.3.1 | |
| nfs | nfs-utils | 0.3.3 | |
| nfs | nfs-utils | 1.0 | |
| nfs | nfs-utils | 1.0.1 | |
| nfs | nfs-utils | 1.0.2 | |
| nfs | nfs-utils | 1.0.3 | |
| nfs | nfs-utils | 1.0.4 | |
| nfs | nfs-utils | 1.0.6 | |
| nfs | nfs-utils | 1.0.7 | |
| nfs | nfs-utils | 1.0.7 | |
| nfs | nfs-utils | 1.0.7 | |
| nfs | nfs-utils | 1.0.8 | |
| nfs | nfs-utils | 1.0.8 | |
| nfs | nfs-utils | 1.0.8 | |
| nfs | nfs-utils | 1.0.8 | |
| nfs | nfs-utils | 1.0.8 | |
| nfs | nfs-utils | 1.0.9 | |
| nfs | nfs-utils | 1.0.10 | |
| nfs | nfs-utils | 1.0.11 | |
| nfs | nfs-utils | 1.0.12 | |
| nfs | nfs-utils | 1.1.0 | |
| nfs | nfs-utils | 1.1.0 | |
| nfs | nfs-utils | 1.1.1 | |
| redhat | fedora | 9 | |
| nfs | nfs-utils | * | |
| nfs | nfs-utils | 0.2 | |
| nfs | nfs-utils | 0.2.1 | |
| nfs | nfs-utils | 0.3.1 | |
| nfs | nfs-utils | 0.3.3 | |
| nfs | nfs-utils | 1.0 | |
| nfs | nfs-utils | 1.0.1 | |
| nfs | nfs-utils | 1.0.2 | |
| nfs | nfs-utils | 1.0.3 | |
| nfs | nfs-utils | 1.0.4 | |
| nfs | nfs-utils | 1.0.6 | |
| nfs | nfs-utils | 1.0.7 | |
| nfs | nfs-utils | 1.0.7 | |
| nfs | nfs-utils | 1.0.7 | |
| nfs | nfs-utils | 1.0.8 | |
| nfs | nfs-utils | 1.0.8 | |
| nfs | nfs-utils | 1.0.8 | |
| nfs | nfs-utils | 1.0.8 | |
| nfs | nfs-utils | 1.0.8 | |
| nfs | nfs-utils | 1.0.9 | |
| nfs | nfs-utils | 1.0.10 | |
| nfs | nfs-utils | 1.0.11 | |
| nfs | nfs-utils | 1.0.12 | |
| nfs | nfs-utils | 1.1.0 | |
| nfs | nfs-utils | 1.1.0 | |
| nfs | nfs-utils | 1.1.1 | |
| nfs | nfs-utils | 1.1.2 | |
| nfs | nfs-utils | 1.1.3 | |
| redhat | fedora | 10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45AEA724-343E-4806-ACCE-2AA5F8F8BAAA",
"versionEndIncluding": "1.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025FEFFD-12DD-4D29-A0FA-93DF96AFCFF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "474B82D5-5D48-41ED-B2C1-68907A27491F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69A6C9CB-446C-4ACF-B2CA-41A1BD5F229A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3E68D7A7-DCEA-417D-AA56-D7B2EB410CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "813B76CA-5083-4697-A484-435113B7FF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0964EDA2-D86C-4189-9B03-61A292601649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F83865C7-D7A1-4357-8C15-9865BDECD98C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFD8CFB-A24A-49F0-856C-4B985E203C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D4645DF7-A5C2-4E8D-A07F-22F77670D68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8616115-30AC-4160-B196-D417AF32C7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1234E468-8DC6-4474-8B3D-DB550AA801B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.7:pre-1:*:*:*:*:*:*",
"matchCriteriaId": "58FA0EE6-7DBD-4105-B70A-1E04E0CC4FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.7:pre-2:*:*:*:*:*:*",
"matchCriteriaId": "63515439-6FCC-43D7-B8DD-D14DD4D7878E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "38E96A1E-5A28-4177-A26F-F19573A17775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.8:rc-1:*:*:*:*:*:*",
"matchCriteriaId": "8A54F7D1-A1CD-4804-B962-BC536602F6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.8:rc-2:*:*:*:*:*:*",
"matchCriteriaId": "2D1E56AB-B263-42AF-9034-D20AD604E50D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.8:rc-3:*:*:*:*:*:*",
"matchCriteriaId": "0D76C312-3E5D-4176-8691-DD8C21C6A5E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.8:rc-4:*:*:*:*:*:*",
"matchCriteriaId": "D39D0EDE-8D14-42F7-BAEF-A64D559DE495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9BDF2DB8-0570-43C1-9206-14CDD027EBFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D18EC9F4-50E7-4974-906E-09533BC7722C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3A4A1D1B-639F-467E-BE62-1BDDDCC9671A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8A54C8D7-D142-4DB5-8453-57E8612BFFC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4CED17F-B9CE-46D2-8F00-8419451E51FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.1.0:rc-1:*:*:*:*:*:*",
"matchCriteriaId": "D0571302-7EC5-41D3-BBAE-821657A56BED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E6F15C5-4D7E-499C-84F3-777F8C4C0B49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:fedora:9:*:*:*:*:*:*:*",
"matchCriteriaId": "D32A30CD-EA21-4AA6-868F-3448AA50B70D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7165E8-FC10-4A4F-9B58-49CA830D2DA8",
"versionEndIncluding": "1.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025FEFFD-12DD-4D29-A0FA-93DF96AFCFF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "474B82D5-5D48-41ED-B2C1-68907A27491F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69A6C9CB-446C-4ACF-B2CA-41A1BD5F229A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3E68D7A7-DCEA-417D-AA56-D7B2EB410CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "813B76CA-5083-4697-A484-435113B7FF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0964EDA2-D86C-4189-9B03-61A292601649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F83865C7-D7A1-4357-8C15-9865BDECD98C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFD8CFB-A24A-49F0-856C-4B985E203C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D4645DF7-A5C2-4E8D-A07F-22F77670D68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8616115-30AC-4160-B196-D417AF32C7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1234E468-8DC6-4474-8B3D-DB550AA801B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.7:pre-1:*:*:*:*:*:*",
"matchCriteriaId": "58FA0EE6-7DBD-4105-B70A-1E04E0CC4FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.7:pre-2:*:*:*:*:*:*",
"matchCriteriaId": "63515439-6FCC-43D7-B8DD-D14DD4D7878E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "38E96A1E-5A28-4177-A26F-F19573A17775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.8:rc-1:*:*:*:*:*:*",
"matchCriteriaId": "8A54F7D1-A1CD-4804-B962-BC536602F6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.8:rc-2:*:*:*:*:*:*",
"matchCriteriaId": "2D1E56AB-B263-42AF-9034-D20AD604E50D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.8:rc-3:*:*:*:*:*:*",
"matchCriteriaId": "0D76C312-3E5D-4176-8691-DD8C21C6A5E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.8:rc-4:*:*:*:*:*:*",
"matchCriteriaId": "D39D0EDE-8D14-42F7-BAEF-A64D559DE495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9BDF2DB8-0570-43C1-9206-14CDD027EBFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D18EC9F4-50E7-4974-906E-09533BC7722C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3A4A1D1B-639F-467E-BE62-1BDDDCC9671A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8A54C8D7-D142-4DB5-8453-57E8612BFFC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4CED17F-B9CE-46D2-8F00-8419451E51FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.1.0:rc-1:*:*:*:*:*:*",
"matchCriteriaId": "D0571302-7EC5-41D3-BBAE-821657A56BED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E6F15C5-4D7E-499C-84F3-777F8C4C0B49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F202B0A0-9EDE-4311-88E5-DC4411034457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nfs:nfs-utils:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F632663-FAAF-4780-9225-DEF175B803FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:fedora:10:*:*:*:*:*:*:*",
"matchCriteriaId": "BA70E035-8475-4046-ABD7-5AE59F874EBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedora 9, and before 1.1.4-6.fc10 on Fedora 10, omit TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions, possibly a related issue to CVE-2008-1376."
},
{
"lang": "es",
"value": "Algunos Fedora crean secuencias de comando para nfs-utils anteriores a v1.1.2-9.fc9 en Fedora 9, y anteriores a v1.1.4-6.fc10 en Fedora 10, no da soporte a TCP Wrapper, lo que podr\u00eda permitir a atacantes remotos evitar \r\nlas restricciones de acceso previstas, posiblemente est\u00e9 relacionado con el caso CVE-2008-1376."
}
],
"id": "CVE-2009-0180",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-20T16:30:00.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33545"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/33294"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=477864"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48058"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00376.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00526.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=477864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00376.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00526.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-25 21:44
Modified
2025-04-09 00:30
Severity ?
Summary
diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449 | ||
| cve@mitre.org | http://secunia.com/advisories/25400 | ||
| cve@mitre.org | http://secunia.com/advisories/29012 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/29115 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/29181 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200803-06.xml | ||
| cve@mitre.org | http://www.debian.org/security/2008/dsa-1508 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/27874 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/27987 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0670/references | ||
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=433723 | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00769.html | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00806.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25400 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29012 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29115 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29181 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200803-06.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1508 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/27874 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/27987 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0670/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=433723 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00769.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00806.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| redhat | fedora | 7 | |
| redhat | fedora | 8 | |
| the_sword_project | diatheke_front_end | * | |
| the_sword_project | sword | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*",
"matchCriteriaId": "5BF84240-1881-4EFB-BB2F-F9CE8AD09C7B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*",
"matchCriteriaId": "AF8AE8C4-810F-41AB-A251-5A2D4DD6884D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*",
"matchCriteriaId": "5EACF214-FA27-44FF-A431-927AB79377A1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*",
"matchCriteriaId": "E2B58895-0E2A-4466-9CB2-0083349A83B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*",
"matchCriteriaId": "03F8220A-9B1C-40AA-AEAB-F9A93225FBD5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*",
"matchCriteriaId": "2311919C-7864-469D-B0F6-9B11D8D0A1C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*",
"matchCriteriaId": "19876495-4C1A-487C-955A-C5AA46362A1F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*",
"matchCriteriaId": "D75286DD-50BC-4B72-8AC8-E20730124DC2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*",
"matchCriteriaId": "1998C972-497E-4916-B50E-FB32303EEA8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*",
"matchCriteriaId": "A6CD3DD9-3A8A-4716-A2D1-136A790AFF94",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*",
"matchCriteriaId": "6CE2020A-4FB2-4FCD-8561-7BD147CD95EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*",
"matchCriteriaId": "08E90AFA-C262-46D0-B60E-26B67C9602D5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "E3047C7D-E114-4CF2-A42E-A660C8DB22AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*",
"matchCriteriaId": "F5114DA3-FBB9-47C4-857B-3212404DAD4E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*",
"matchCriteriaId": "4D5F5A52-285E-4E7E-83B8-508079DBCEAE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*",
"matchCriteriaId": "674BE2D9-009B-46C5-A071-CB10368B8D48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*",
"matchCriteriaId": "703486E5-906B-4BDB-A046-28D4D73E3F03",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*",
"matchCriteriaId": "ABB5AC0D-2358-4C8E-99B5-2CE0A678F549",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*",
"matchCriteriaId": "38B37184-BA88-44F1-AC9E-8B60C2419111",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*",
"matchCriteriaId": "0D8C9247-3E18-4DD9-AF5B-B2996C76443F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*",
"matchCriteriaId": "0EEA2CDD-7FCD-461E-90FC-CDB3C3992A32",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*",
"matchCriteriaId": "D7B877A8-5318-402E-8AE1-753E7419060F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*",
"matchCriteriaId": "A3938420-087D-4D92-A2F8-EAE54D9837EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:s-390:*:*:*:*:*",
"matchCriteriaId": "EFB8DE9F-2130-49E9-85EE-6793ED9FBEED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*",
"matchCriteriaId": "10F42CF8-FB98-4AFC-96C5-FD7D442B0FA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*",
"matchCriteriaId": "EE2027FA-357A-4BE3-9043-6DE8307C040A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E8256F-3FB6-45B2-8F03-02A61C10FAF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:the_sword_project:diatheke_front_end:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE74DCC9-9A81-48D6-A0AC-72DDD360F5B4",
"versionEndIncluding": "1.5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:the_sword_project:sword:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB8909D-8B4C-4075-9788-71E5FB1F8970",
"versionEndIncluding": "1.5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter."
},
{
"lang": "es",
"value": "El archivo diatheke.pl en SWORD Project Diatheke versi\u00f3n 1.5.9 y anteriores, permite a los atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres shell en el par\u00e1metro range."
}
],
"id": "CVE-2008-0932",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-02-25T21:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25400"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29012"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29115"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29181"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200803-06.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1508"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27874"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27987"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0670/references"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=433723"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00769.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00806.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200803-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0670/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=433723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00769.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00806.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-20 19:00
Modified
2025-04-11 00:51
Severity ?
Summary
A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html | ||
| secalert@redhat.com | http://secunia.com/advisories/42968 | Vendor Advisory | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:018 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/0195 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/0199 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=668843 | Patch | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/64965 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42968 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:018 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0195 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0199 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=668843 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/64965 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| todd_miller | sudo | * | |
| todd_miller | sudo | 1.3.1 | |
| todd_miller | sudo | 1.5 | |
| todd_miller | sudo | 1.5.2 | |
| todd_miller | sudo | 1.5.3 | |
| todd_miller | sudo | 1.5.6 | |
| todd_miller | sudo | 1.5.7 | |
| todd_miller | sudo | 1.5.8 | |
| todd_miller | sudo | 1.5.9 | |
| todd_miller | sudo | 1.6 | |
| todd_miller | sudo | 1.6.1 | |
| todd_miller | sudo | 1.6.2 | |
| todd_miller | sudo | 1.6.2p1 | |
| todd_miller | sudo | 1.6.2p2 | |
| todd_miller | sudo | 1.6.2p3 | |
| todd_miller | sudo | 1.6.3 | |
| todd_miller | sudo | 1.6.3_p1 | |
| todd_miller | sudo | 1.6.3_p2 | |
| todd_miller | sudo | 1.6.3_p3 | |
| todd_miller | sudo | 1.6.3_p4 | |
| todd_miller | sudo | 1.6.3_p5 | |
| todd_miller | sudo | 1.6.3_p6 | |
| todd_miller | sudo | 1.6.3_p7 | |
| todd_miller | sudo | 1.6.3p1 | |
| todd_miller | sudo | 1.6.3p2 | |
| todd_miller | sudo | 1.6.3p3 | |
| todd_miller | sudo | 1.6.3p4 | |
| todd_miller | sudo | 1.6.3p5 | |
| todd_miller | sudo | 1.6.3p6 | |
| todd_miller | sudo | 1.6.3p7 | |
| todd_miller | sudo | 1.6.4 | |
| todd_miller | sudo | 1.6.4_p1 | |
| todd_miller | sudo | 1.6.4_p2 | |
| todd_miller | sudo | 1.6.4p1 | |
| todd_miller | sudo | 1.6.4p2 | |
| todd_miller | sudo | 1.6.5 | |
| todd_miller | sudo | 1.6.5_p1 | |
| todd_miller | sudo | 1.6.5_p2 | |
| todd_miller | sudo | 1.6.5p1 | |
| todd_miller | sudo | 1.6.5p2 | |
| todd_miller | sudo | 1.6.6 | |
| todd_miller | sudo | 1.6.7 | |
| todd_miller | sudo | 1.6.7_p5 | |
| todd_miller | sudo | 1.6.7p1 | |
| todd_miller | sudo | 1.6.7p2 | |
| todd_miller | sudo | 1.6.7p3 | |
| todd_miller | sudo | 1.6.7p4 | |
| todd_miller | sudo | 1.6.7p5 | |
| todd_miller | sudo | 1.6.8 | |
| todd_miller | sudo | 1.6.8_p1 | |
| todd_miller | sudo | 1.6.8_p2 | |
| todd_miller | sudo | 1.6.8_p5 | |
| todd_miller | sudo | 1.6.8_p7 | |
| todd_miller | sudo | 1.6.8_p8 | |
| todd_miller | sudo | 1.6.8_p9 | |
| todd_miller | sudo | 1.6.8_p12 | |
| todd_miller | sudo | 1.6.8p1 | |
| todd_miller | sudo | 1.6.8p2 | |
| todd_miller | sudo | 1.6.8p3 | |
| todd_miller | sudo | 1.6.8p4 | |
| todd_miller | sudo | 1.6.8p5 | |
| todd_miller | sudo | 1.6.8p6 | |
| todd_miller | sudo | 1.6.8p7 | |
| todd_miller | sudo | 1.6.8p8 | |
| todd_miller | sudo | 1.6.8p9 | |
| todd_miller | sudo | 1.6.8p10 | |
| todd_miller | sudo | 1.6.8p11 | |
| todd_miller | sudo | 1.6.8p12 | |
| todd_miller | sudo | 1.6.9 | |
| todd_miller | sudo | 1.6.9_p17 | |
| todd_miller | sudo | 1.6.9_p18 | |
| todd_miller | sudo | 1.6.9_p19 | |
| todd_miller | sudo | 1.6.9_p20 | |
| todd_miller | sudo | 1.6.9_p21 | |
| todd_miller | sudo | 1.6.9_p22 | |
| todd_miller | sudo | 1.6.9p1 | |
| todd_miller | sudo | 1.6.9p2 | |
| todd_miller | sudo | 1.6.9p3 | |
| todd_miller | sudo | 1.6.9p4 | |
| todd_miller | sudo | 1.6.9p5 | |
| todd_miller | sudo | 1.6.9p6 | |
| todd_miller | sudo | 1.6.9p7 | |
| todd_miller | sudo | 1.6.9p8 | |
| todd_miller | sudo | 1.6.9p9 | |
| todd_miller | sudo | 1.6.9p10 | |
| todd_miller | sudo | 1.6.9p11 | |
| todd_miller | sudo | 1.6.9p12 | |
| todd_miller | sudo | 1.6.9p13 | |
| todd_miller | sudo | 1.6.9p14 | |
| todd_miller | sudo | 1.6.9p15 | |
| todd_miller | sudo | 1.6.9p16 | |
| todd_miller | sudo | 1.6.9p17 | |
| todd_miller | sudo | 1.6.9p18 | |
| todd_miller | sudo | 1.6.9p19 | |
| todd_miller | sudo | 1.6.9p20 | |
| todd_miller | sudo | 1.6.9p21 | |
| todd_miller | sudo | 1.6.9p22 | |
| todd_miller | sudo | 1.6.9p23 | |
| todd_miller | sudo | 1.7.0 | |
| todd_miller | sudo | 1.7.1 | |
| todd_miller | sudo | 1.7.2 | |
| todd_miller | sudo | 1.7.2p1 | |
| todd_miller | sudo | 1.7.2p2 | |
| todd_miller | sudo | 1.7.2p3 | |
| todd_miller | sudo | 1.7.2p4 | |
| todd_miller | sudo | 1.7.2p5 | |
| todd_miller | sudo | 1.7.2p6 | |
| todd_miller | sudo | 1.7.2p7 | |
| todd_miller | sudo | 1.7.3b1 | |
| todd_miller | sudo | 1.7.4 | |
| todd_miller | sudo | 1.7.4p1 | |
| todd_miller | sudo | 1.7.4p2 | |
| todd_miller | sudo | 1.7.4p3 | |
| todd_miller | sudo | 1.7.4p4 | |
| redhat | fedora | 14 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:todd_miller:sudo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F2C9DDD-1AD3-4103-BA68-DB0BAB1595FE",
"versionEndIncluding": "1.7.4p5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7FE987-2B49-4FD5-A5A0-35129D4E60C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D796959-61D2-42D5-BF93-1A93AE1392BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "61D6855B-2B49-4695-9C8F-38CBE95E115A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E8D768E6-6B55-448E-B6B6-58391971CA86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6060C8CB-1592-479E-86AD-AC180F855BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DAA88C-BADD-405A-9E66-5B0839595A70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "04D5E3B7-5377-4CA8-BA0D-056870CB717E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "22C11931-B594-43EC-9698-7152B1DF8CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "976B5923-1BCC-4DE6-A904-930DD833B937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5452DF1-0270-452D-90EB-45E9A084B94C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFD12E6-F92E-4371-ADA7-BCD41E4C9014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE57443E-CFAA-4023-B2B0-FA0B660D7643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2p2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6343C1-FBC8-43E7-A8DA-EB240B958015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2p3:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF4CB38-4033-46A1-9155-DC348261CAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "67FDF4FB-06FA-4A10-A3CF-F52169BC8072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B29018-B495-482A-8FF7-66821A178F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*",
"matchCriteriaId": "38718561-70C7-4E0D-9313-87A5E82ED338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*",
"matchCriteriaId": "D057064A-9B34-4224-97BA-4D5840A92BE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3C297DC-69B1-4BE6-A5EF-D320BD0CA968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*",
"matchCriteriaId": "2F4C1FFB-F6AA-4DED-9C54-DCB274F59A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*",
"matchCriteriaId": "338A92AC-92D2-40BF-9FAC-884AF6F74D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DB5610-03CE-425E-8855-70D5787029FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6848519-57E8-4636-BE10-A0AF06787B20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p2:*:*:*:*:*:*:*",
"matchCriteriaId": "A458EA77-772C-4641-A08A-5733FA386974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p3:*:*:*:*:*:*:*",
"matchCriteriaId": "57B7415D-FE7F-4F67-8384-016BD6044015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p4:*:*:*:*:*:*:*",
"matchCriteriaId": "09429504-327B-44B3-A651-E933EADA0300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p5:*:*:*:*:*:*:*",
"matchCriteriaId": "7889BA46-0FAA-4D62-B2BB-B895060F5585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p6:*:*:*:*:*:*:*",
"matchCriteriaId": "84FD9DD4-A6D0-40F4-9A8E-8E0017BE349C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p7:*:*:*:*:*:*:*",
"matchCriteriaId": "B02CEAA5-8409-42AF-A4AE-58D9D16F007F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFC86C-7743-4F27-BC10-170F04C23D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5170421-BA0C-4365-9CD6-BD232EA08680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*",
"matchCriteriaId": "5909AAA4-4AF9-4D23-87C5-5D7787909B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3E4716-6D11-46DD-9378-3C733BBDCD8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:*",
"matchCriteriaId": "55799ECB-CEB1-4839-8053-4C1F071D1526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2170CFD0-2594-45FB-B68F-0A75114F00A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "03C07744-CAE8-44C6-965E-2A09BAE1F36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*",
"matchCriteriaId": "B17E0E59-C928-49AB-BAA7-4AE638B376D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F99CB6-E185-4CE0-9E43-C5AE9017717B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5p2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F6F9C6-85B6-450F-9165-B23C2BF83EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "294FC65B-4225-475A-B49A-758823CEDECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6156B085-AA17-458C-AED1-D658275E43B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*",
"matchCriteriaId": "1C898BE7-506D-49DA-8619-F86C7A9FE902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7p1:*:*:*:*:*:*:*",
"matchCriteriaId": "147D459A-A9F2-46EF-A413-BABDBA854CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7p2:*:*:*:*:*:*:*",
"matchCriteriaId": "59310EB2-D33B-408E-87DA-31769211A3E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7p3:*:*:*:*:*:*:*",
"matchCriteriaId": "A23B0A74-F3D6-4993-B69C-72A3DE828E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7p4:*:*:*:*:*:*:*",
"matchCriteriaId": "32CE5850-4B1D-41E0-AAAE-EE2F5C1BC14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7p5:*:*:*:*:*:*:*",
"matchCriteriaId": "85AA3DDA-BEC4-422D-8542-3FF5C6F5FA38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B6419309-385F-4525-AD4B-C73B1A3ED935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "51F7E821-2908-47F1-9665-E9D68ECC242F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p2:*:*:*:*:*:*:*",
"matchCriteriaId": "C90D0AB4-F8A8-4301-99B5-757254FA999A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*",
"matchCriteriaId": "A79C7098-37D0-4E6E-A22C-3C771D81956F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*",
"matchCriteriaId": "BB7D2832-B654-406E-AA34-B3BD1D6F0A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*",
"matchCriteriaId": "D5688D95-89EF-4D2E-9728-2316CAC3CBE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*",
"matchCriteriaId": "B69E49B2-1B3C-4434-ACF1-CF4F519E3C32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*",
"matchCriteriaId": "31B2C299-5D0B-44DA-91FD-4B1146BE9A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p1:*:*:*:*:*:*:*",
"matchCriteriaId": "8BED4713-FC6E-4AC7-B100-8344AF4E2D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p2:*:*:*:*:*:*:*",
"matchCriteriaId": "81B76073-DEA4-4D62-A9FD-07D3306CCCD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DD679B-25C5-4A78-8004-F073403E4431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95437FF-83F7-443B-9F25-8BE81884C595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p5:*:*:*:*:*:*:*",
"matchCriteriaId": "821B0A1A-707F-4F4A-A110-3C808C275B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D735BC1-3E87-4286-9F7D-3181064FF2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p7:*:*:*:*:*:*:*",
"matchCriteriaId": "B570E525-A024-4D41-9600-1134433786DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p8:*:*:*:*:*:*:*",
"matchCriteriaId": "0C00A0AF-985D-4046-893B-FE96F21C7B91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p9:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9772A9-0C70-4539-A7B8-51288D0E1B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p10:*:*:*:*:*:*:*",
"matchCriteriaId": "758916CE-80D8-442E-AAE0-A128FCD69046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p11:*:*:*:*:*:*:*",
"matchCriteriaId": "FCE213B0-7046-4813-8E63-D767A8E1E0C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p12:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3604EC-3109-41AF-9068-60C639557BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EE103608-6BCB-4EC0-8EB1-110A80829592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9_p17:*:*:*:*:*:*:*",
"matchCriteriaId": "471284F9-21EF-4ED6-860F-AB86154CCDF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9_p18:*:*:*:*:*:*:*",
"matchCriteriaId": "7C91FEB5-CEF5-4C66-A8D2-AE80EA32B10D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9_p19:*:*:*:*:*:*:*",
"matchCriteriaId": "E106EBA5-14B3-48F7-BE00-9F0ABD57C33B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9_p20:*:*:*:*:*:*:*",
"matchCriteriaId": "215B0725-5314-49E6-8A96-2106860F4304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9_p21:*:*:*:*:*:*:*",
"matchCriteriaId": "E35B5C93-D197-4ADE-88F3-679311B083B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9_p22:*:*:*:*:*:*:*",
"matchCriteriaId": "99854E9D-4D84-44D9-AB68-175A3048EA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FFE8FBC-9182-49CC-B151-EE39FA4176F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1CF6EE-3926-4A2A-BD09-84C0AA025C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p3:*:*:*:*:*:*:*",
"matchCriteriaId": "05E8BBC5-1D4A-47F8-AEC6-0A4C22E09AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p4:*:*:*:*:*:*:*",
"matchCriteriaId": "D741DD28-B32B-4A4D-8D73-5F2E2B17B142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p5:*:*:*:*:*:*:*",
"matchCriteriaId": "553C9803-F6E7-491D-AD16-9809AD010DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p6:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B05317-F43C-4F0A-8A15-6B6CD1413E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF164040-2392-4E37-B9D3-5634322C908C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p8:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D94302-8A20-4678-8B54-E448ED34674D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p9:*:*:*:*:*:*:*",
"matchCriteriaId": "72FC2554-57A2-44D2-B3B0-F4781B4087D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p10:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA72389-8D02-4827-9AC1-594DF3815F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p11:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE457DB-D4F9-4F7D-8D52-2D226F288A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p12:*:*:*:*:*:*:*",
"matchCriteriaId": "91A84956-0A2C-48F8-964B-3C3CE1F4B304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p13:*:*:*:*:*:*:*",
"matchCriteriaId": "0869E8D1-4345-4373-AE39-541A818296FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p14:*:*:*:*:*:*:*",
"matchCriteriaId": "89DFC1E9-730F-49A5-A351-9140B89BBCBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p15:*:*:*:*:*:*:*",
"matchCriteriaId": "521E83C8-F708-493B-9CFF-80747700B783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p16:*:*:*:*:*:*:*",
"matchCriteriaId": "1949F9F8-2267-48FF-88DA-4E7F57AFB740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p17:*:*:*:*:*:*:*",
"matchCriteriaId": "1F9EF929-C19F-488C-ACCA-57C712C8F72E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p18:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD54E9C-3E81-4CB0-843E-A31F55DCB7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p19:*:*:*:*:*:*:*",
"matchCriteriaId": "B218C163-E5E3-482F-BDBD-C55E55163416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p20:*:*:*:*:*:*:*",
"matchCriteriaId": "2F03EF9C-D90D-425E-AC35-8DD02B7C03F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p21:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC8D478-8554-4947-926A-8B1B27DD122D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p22:*:*:*:*:*:*:*",
"matchCriteriaId": "64435258-4639-438E-825F-E6AA82D41745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p23:*:*:*:*:*:*:*",
"matchCriteriaId": "C33BC128-A782-465A-8AF0-860EBC8388EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "643ABD1F-83E1-4B71-AA59-8CF8B4018A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8967DE4C-3D41-4BCE-97B0-469FCFBCE332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0D8CB9-3156-4F7F-A616-59EF530540D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C91B0A-44B6-4B33-A0ED-295C56D97546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*",
"matchCriteriaId": "07945224-A955-4A33-B54B-11D128FCA0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*",
"matchCriteriaId": "41F70C45-9522-4F49-A5B9-62E03410F03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEAE0BA2-D9AC-40A3-A4DC-1E33DEE7200C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*",
"matchCriteriaId": "4FEF4FBB-E045-43CE-A9F9-3FF7F9FE3400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*",
"matchCriteriaId": "68372F8A-9AFD-45DE-A9B8-4CDF3154E349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*",
"matchCriteriaId": "77DC6C6B-4585-401D-B02E-E70E6157DBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*",
"matchCriteriaId": "55788B87-B41B-43F4-BA54-5208A4233500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "837DD56D-267D-4AAA-9DB3-4B42FAE6E10C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "444B3D9E-51F6-4CED-9265-576DBDE40897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB7063-441C-445B-9C2E-BF92C8F3F43D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4170A7-4824-4108-A8CA-988F0E3F3747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p4:*:*:*:*:*:*:*",
"matchCriteriaId": "93EB0CA9-CE51-4AA3-AF29-4F201EB1A45D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:fedora:14:*:*:*:*:*:*:*",
"matchCriteriaId": "BA03548F-0C09-403E-B3B4-6E0DB094D47E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression."
},
{
"lang": "es",
"value": "Un parche en Fedora para parse.c en sudo anterior a v1.7.4p5-1.fc14 en Fedora 14 no interpreta correctamente un system group (tambi\u00e9n conocido como el %group) en el fichero sudoers en las decisiones de autorizaci\u00f3n para un usuario que pertenece a ese grupo, permitiendo a usuarios locales aprovecharse de un fichero sudoers y obtener privilegios de root a trav\u00e9s de un comando sudo. NOTA: esta vulnerabilidad existe debido a la vulnerabilidad CVE-2009-0034."
}
],
"id": "CVE-2011-0008",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-20T19:00:07.443",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42968"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:018"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0195"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0199"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=668843"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=668843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64965"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-20 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=690e744869f3262855b83b4fb59199cf142765b0 | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37435 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/37720 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/37909 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/38017 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/38276 | Broken Link | |
| secalert@redhat.com | http://support.avaya.com/css/P8/documents/100073666 | Third Party Advisory | |
| secalert@redhat.com | http://www.debian.org/security/2010/dsa-2005 | Third Party Advisory | |
| secalert@redhat.com | http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8 | Broken Link | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2010:030 | Broken Link | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 | Broken Link | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2010-0041.html | Broken Link | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2010-0882.html | Broken Link | |
| secalert@redhat.com | http://www.securityfocus.com/bid/37068 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.ubuntu.com/usn/usn-864-1 | Third Party Advisory | |
| secalert@redhat.com | http://www.vmware.com/security/advisories/VMSA-2011-0009.html | Third Party Advisory | |
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10989 | Third Party Advisory | |
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12862 | Third Party Advisory | |
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7101 | Third Party Advisory | |
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2010-0046.html | Third Party Advisory | |
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2010-0095.html | Third Party Advisory | |
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00777.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=690e744869f3262855b83b4fb59199cf142765b0 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37435 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37720 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37909 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/38017 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/38276 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/css/P8/documents/100073666 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2005 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:030 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2010-0041.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2010-0882.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/37068 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-864-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2011-0009.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10989 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12862 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7101 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2010-0046.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2010-0095.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00777.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | 2.6.32 | |
| linux | linux_kernel | 2.6.32 | |
| linux | linux_kernel | 2.6.32 | |
| linux | linux_kernel | 2.6.32 | |
| linux | linux_kernel | 2.6.32 | |
| opensuse | opensuse | 11.1 | |
| opensuse | opensuse | 11.2 | |
| suse | linux_enterprise_desktop | 10 | |
| suse | linux_enterprise_desktop | 10 | |
| suse | linux_enterprise_server | 10 | |
| suse | linux_enterprise_server | 10 | |
| debian | debian_linux | 4.0 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 8.10 | |
| canonical | ubuntu_linux | 9.04 | |
| canonical | ubuntu_linux | 9.10 | |
| vmware | esx | 3.5 | |
| redhat | virtualization | 5.0 | |
| redhat | enterprise_linux_desktop | 5.0 | |
| redhat | enterprise_linux_eus | 5.4 | |
| redhat | enterprise_linux_server | 5.0 | |
| redhat | enterprise_linux_server_workstation | 5.0 | |
| redhat | fedora | 10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8373D74A-0480-4E80-9758-1F35F4904C7E",
"versionEndIncluding": "2.6.31.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:-:*:*:*:*:*:*",
"matchCriteriaId": "37B2E2B1-3E39-4DBA-817D-08F34D9F6E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C85D4E0A-14DA-4884-AF6F-A0F54304430F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc3:*:*:*:*:*:*",
"matchCriteriaId": "218DE1D1-3843-4076-9AE4-70AA0FD99B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2677114B-AF05-42EB-BBC8-FA85CD631C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc5:*:*:*:*:*:*",
"matchCriteriaId": "FA8D64E1-A700-4D9E-9063-EC3CFC1A6D98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*",
"matchCriteriaId": "513797E6-FCE6-4E84-9B66-202541F9601E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*",
"matchCriteriaId": "1E496249-23A8-42FC-A109-634A54B5600F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:-:*:*:*",
"matchCriteriaId": "105187A7-2AFE-46F9-B0A9-F09C7E10BFBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*",
"matchCriteriaId": "79A35457-EAA3-4BF9-A4DA-B2E414A75A02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF29100-E124-4416-95CF-18B4246D43F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:virtualization:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCFEF451-4B77-4259-8000-B252E699A950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4DD6917D-FE03-487F-9F2C-A79B5FCFBC5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A550C079-C887-481A-B706-7EB35C400C98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:fedora:10:*:*:*:*:*:*:*",
"matchCriteriaId": "BA70E035-8475-4046-ABD7-5AE59F874EBA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request."
},
{
"lang": "es",
"value": "Error de indice de matriz en la funci\u00f3n gdth_read_event en drivers/scsi/gdth.c en el kernel de Linux antes de v2.6.32-RC8 permite a usuarios locales provocar una denegaci\u00f3n de servicio o posiblemente obtener privilegios a trav\u00e9s de un \u00edndice de evento negativo en una solicitud IOCTL."
}
],
"id": "CVE-2009-3080",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-20T17:30:00.420",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=690e744869f3262855b83b4fb59199cf142765b0"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37435"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37720"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37909"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38017"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38276"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/css/P8/documents/100073666"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2010/dsa-2005"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:030"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0041.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0882.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/37068"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-864-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10989"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12862"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7101"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00777.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=690e744869f3262855b83b4fb59199cf142765b0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/css/P8/documents/100073666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2010/dsa-2005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0882.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/37068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-864-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00777.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-129"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-22 13:09
Modified
2025-04-09 00:30
Severity ?
Summary
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://secunia.com/advisories/30341 | ||
| secalert@redhat.com | http://secunia.com/advisories/30354 | ||
| secalert@redhat.com | http://securitytracker.com/id?1020079 | ||
| secalert@redhat.com | http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0185 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2008/05/21/10 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2008/05/21/12 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2008/05/21/8 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2008-0295.html | Patch | |
| secalert@redhat.com | http://www.securityfocus.com/archive/1/493167/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/29322 | Exploit | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2008/1600 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=397011 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/42593 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8850 | ||
| secalert@redhat.com | https://www.exploit-db.com/exploits/5814 | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00681.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00691.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00699.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30341 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30354 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1020079 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0185 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2008/05/21/10 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2008/05/21/12 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2008/05/21/8 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2008-0295.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/493167/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/29322 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1600 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=397011 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/42593 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8850 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/5814 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00681.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00691.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00699.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_linux | 5.0 | |
| redhat | fedora | 6 | |
| redhat | fedora | 7 | |
| redhat | fedora | 8 | |
| foresight_linux | appliances | * | |
| rpath | appliance_platform_agent | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:fedora:6:*:*:*:*:*:*:*",
"matchCriteriaId": "FE785318-36E2-4865-918F-CCCDD0995C68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*",
"matchCriteriaId": "EE2027FA-357A-4BE3-9043-6DE8307C040A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E8256F-3FB6-45B2-8F03-02A61C10FAF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:foresight_linux:appliances:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD8CF33-C113-49FA-8FB4-C81DE4D70468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rpath:appliance_platform_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F332836-94B6-469E-9207-439A48CF06C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option."
},
{
"lang": "es",
"value": "Filtrado de memoria en cierto parche de Red Hat, aplicado a vsftpd 2.0.5 vsftpd 2.0.5 sobre Red Hat Enterprise Linux (RHEL) 5, Fedora 6 a la 8, Foresight Linux y aplicaciones rPath, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (Consumo de memoria) a trav\u00e9s una un gran n\u00famero de comandos CWD, como se ha demostrado mediante un ataque al demonio con la opci\u00f3n de configuraci\u00f3n deny_file."
}
],
"id": "CVE-2007-5962",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-05-22T13:09:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30341"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30354"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1020079"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0185"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2008/05/21/10"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2008/05/21/12"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2008/05/21/8"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0295.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/493167/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/29322"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/1600"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=397011"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42593"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8850"
},
{
"source": "secalert@redhat.com",
"url": "https://www.exploit-db.com/exploits/5814"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00681.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00691.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00699.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1020079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/05/21/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/05/21/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/05/21/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0295.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/493167/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/29322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=397011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00681.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00691.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00699.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-06 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2015-0425.html | ||
| secalert@redhat.com | http://thread.gmane.org/gmane.comp.encryption.kerberos.general/15855 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2014/12/02/3 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2014/12/04/17 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/71420 | ||
| secalert@redhat.com | https://bugzilla.mindrot.org/show_bug.cgi?id=1867 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1169843 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/99090 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2015-0425.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://thread.gmane.org/gmane.comp.encryption.kerberos.general/15855 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2014/12/02/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2014/12/04/17 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/71420 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mindrot.org/show_bug.cgi?id=1867 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1169843 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/99090 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB9B2AD-A04E-4C93-9FAF-5DC02F69690B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*",
"matchCriteriaId": "EE2027FA-357A-4BE3-9043-6DE8307C040A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login."
},
{
"lang": "es",
"value": "El servidor OpenSSH, utilizado en Fedora y Red Hat Enterprise Linux 7 y cuando funciona en un entorno Kerberos, permite a usuarios remotos autenticados iniciar sesi\u00f3n como otro usuario cuando est\u00e1n listados en el fichero .k5users de ese usuario, lo que podr\u00eda evadir los requisitos de autenticaci\u00f3n que forzar\u00eda un inicio de sesi\u00f3n local."
}
],
"id": "CVE-2014-9278",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-06T15:59:07.920",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0425.html"
},
{
"source": "secalert@redhat.com",
"url": "http://thread.gmane.org/gmane.comp.encryption.kerberos.general/15855"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2014/12/02/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2014/12/04/17"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/71420"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.mindrot.org/show_bug.cgi?id=1867"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169843"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0425.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://thread.gmane.org/gmane.comp.encryption.kerberos.general/15855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/12/02/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/12/04/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.mindrot.org/show_bug.cgi?id=1867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99090"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-12 02:46
Modified
2025-04-09 00:30
Severity ?
Summary
The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://bugs.gentoo.org/show_bug.cgi?id=202628 | ||
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html | ||
| secalert@redhat.com | http://lists.vmware.com/pipermail/security-announce/2008/000009.html | ||
| secalert@redhat.com | http://mail.gnome.org/archives/xml/2008-January/msg00036.html | ||
| secalert@redhat.com | http://secunia.com/advisories/28439 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/28444 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/28450 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/28452 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/28458 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/28466 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/28470 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/28475 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/28636 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/28716 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/28740 | ||
| secalert@redhat.com | http://secunia.com/advisories/29591 | ||
| secalert@redhat.com | http://secunia.com/advisories/31074 | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200801-20.xml | ||
| secalert@redhat.com | http://securitytracker.com/id?1019181 | ||
| secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-26-103201-1 | ||
| secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-66-201514-1 | ||
| secalert@redhat.com | http://support.avaya.com/elmodocs2/security/ASA-2008-047.htm | ||
| secalert@redhat.com | http://support.avaya.com/elmodocs2/security/ASA-2008-050.htm | ||
| secalert@redhat.com | http://www.debian.org/security/2008/dsa-1461 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2008:010 | ||
| secalert@redhat.com | http://www.novell.com/linux/security/advisories/suse_security_summary_report.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2008-0032.html | Patch | |
| secalert@redhat.com | http://www.securityfocus.com/archive/1/486410/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/490306/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/27248 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2008/0117 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2008/0144 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2008/1033/references | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2008/2094/references | ||
| secalert@redhat.com | http://www.xmlsoft.org/news.html | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=425927 | ||
| secalert@redhat.com | https://issues.rpath.com/browse/RPL-2121 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11594 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5216 | ||
| secalert@redhat.com | https://usn.ubuntu.com/569-1/ | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00379.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00396.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=202628 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2008/000009.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://mail.gnome.org/archives/xml/2008-January/msg00036.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28439 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28444 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28450 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28452 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28458 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28466 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28470 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28475 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28636 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28716 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28740 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29591 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31074 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-20.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1019181 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-26-103201-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-66-201514-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2008-047.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2008-050.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1461 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:010 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/suse_security_summary_report.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2008-0032.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/486410/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/490306/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/27248 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0117 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0144 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1033/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2094/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.xmlsoft.org/news.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=425927 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-2121 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11594 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5216 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/569-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00379.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00396.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| mandrakesoft | mandrake_linux | 2007 | |
| mandrakesoft | mandrake_linux | 2007 | |
| mandrakesoft | mandrake_linux | 2007.1 | |
| mandrakesoft | mandrake_linux | 2007.1 | |
| mandrakesoft | mandrake_linux | 2008.0 | |
| mandrakesoft | mandrake_linux | 2008.0 | |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 | |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 | |
| mandrakesoft | mandrake_linux_corporate_server | 4.0 | |
| mandrakesoft | mandrake_linux_corporate_server | 4.0 | |
| redhat | fedora | 7 | |
| redhat | fedora | 8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*",
"matchCriteriaId": "5BF84240-1881-4EFB-BB2F-F9CE8AD09C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*",
"matchCriteriaId": "AF8AE8C4-810F-41AB-A251-5A2D4DD6884D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*",
"matchCriteriaId": "5EACF214-FA27-44FF-A431-927AB79377A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*",
"matchCriteriaId": "E2B58895-0E2A-4466-9CB2-0083349A83B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*",
"matchCriteriaId": "03F8220A-9B1C-40AA-AEAB-F9A93225FBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*",
"matchCriteriaId": "2311919C-7864-469D-B0F6-9B11D8D0A1C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*",
"matchCriteriaId": "19876495-4C1A-487C-955A-C5AA46362A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*",
"matchCriteriaId": "D75286DD-50BC-4B72-8AC8-E20730124DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*",
"matchCriteriaId": "1998C972-497E-4916-B50E-FB32303EEA8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*",
"matchCriteriaId": "A6CD3DD9-3A8A-4716-A2D1-136A790AFF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*",
"matchCriteriaId": "6CE2020A-4FB2-4FCD-8561-7BD147CD95EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*",
"matchCriteriaId": "08E90AFA-C262-46D0-B60E-26B67C9602D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*",
"matchCriteriaId": "F5114DA3-FBB9-47C4-857B-3212404DAD4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*",
"matchCriteriaId": "4D5F5A52-285E-4E7E-83B8-508079DBCEAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*",
"matchCriteriaId": "674BE2D9-009B-46C5-A071-CB10368B8D48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*",
"matchCriteriaId": "703486E5-906B-4BDB-A046-28D4D73E3F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*",
"matchCriteriaId": "ABB5AC0D-2358-4C8E-99B5-2CE0A678F549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*",
"matchCriteriaId": "38B37184-BA88-44F1-AC9E-8B60C2419111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*",
"matchCriteriaId": "0D8C9247-3E18-4DD9-AF5B-B2996C76443F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*",
"matchCriteriaId": "0EEA2CDD-7FCD-461E-90FC-CDB3C3992A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*",
"matchCriteriaId": "D7B877A8-5318-402E-8AE1-753E7419060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*",
"matchCriteriaId": "A3938420-087D-4D92-A2F8-EAE54D9837EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:s-390:*:*:*:*:*",
"matchCriteriaId": "EFB8DE9F-2130-49E9-85EE-6793ED9FBEED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*",
"matchCriteriaId": "10F42CF8-FB98-4AFC-96C5-FD7D442B0FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "02362C25-B373-4FB1-AF4A-2AFC7F7D4387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "19AD5F8D-6EB9-4E4B-9E82-FFBAB68797E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19D64247-F0A0-4984-84EA-B63FC901F002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "316AA6EB-7191-479E-99D5-40DA79E340E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7AD2F3-451D-4F37-A6F3-DE676804BBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "5FE8C9E7-15C3-4F89-8E54-C9691FAD4E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB0B27C-04EA-426F-9016-7406BACD91DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "BB2B1BA5-8370-4281-B5C9-3D4FE6C70FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94F65351-C2DA-41C0-A3F9-1AE951E4386E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "1B795F9F-AFB3-4A2A-ABC6-9246906800DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*",
"matchCriteriaId": "EE2027FA-357A-4BE3-9043-6DE8307C040A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E8256F-3FB6-45B2-8F03-02A61C10FAF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences."
},
{
"lang": "es",
"value": "La funci\u00f3n xmlCurrentChar de libxml2, en versiones anteriores a la 2.6.31, permite que algunos atacantes, dependiendo del contexto, provoquen denegaci\u00f3n de servicio (por bucle infinito) usando un XML que contenga secuencias no v\u00e1lidas de UTF-8.\r\n\r\n"
}
],
"id": "CVE-2007-6284",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-12T02:46:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=202628"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000009.html"
},
{
"source": "secalert@redhat.com",
"url": "http://mail.gnome.org/archives/xml/2008-January/msg00036.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28439"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28444"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28450"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28452"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28458"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28466"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28470"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28475"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28636"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28716"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28740"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/29591"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31074"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200801-20.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1019181"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103201-1"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201514-1"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-047.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-050.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2008/dsa-1461"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:010"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0032.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/486410/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/490306/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/27248"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/0117"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/0144"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/1033/references"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"source": "secalert@redhat.com",
"url": "http://www.xmlsoft.org/news.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=425927"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-2121"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11594"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5216"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/569-1/"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00379.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00396.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=202628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.gnome.org/archives/xml/2008-January/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-20.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103201-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201514-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-047.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-050.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/486410/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/490306/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1033/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.xmlsoft.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=425927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-2121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/569-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00379.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00396.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-31 14:09
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://git.fedorahosted.org/git/cluster.git?p=cluster.git%3Ba=commitdiff%3Bh=67fee9128e54c6c3fc3eae306b5b501f3029c3be | ||
| cve@mitre.org | http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html | ||
| cve@mitre.org | http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html | ||
| cve@mitre.org | http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html | Vendor Advisory | |
| cve@mitre.org | http://www.ubuntu.com/usn/USN-875-1 | ||
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=468966 | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/49832 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://git.fedorahosted.org/git/cluster.git?p=cluster.git%3Ba=commitdiff%3Bh=67fee9128e54c6c3fc3eae306b5b501f3029c3be | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-875-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=468966 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/49832 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:cman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5280A55-F6CF-4D35-B9D4-A76321EC591A",
"versionEndIncluding": "2.03.08-1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:cman:2.03.03-1:*:*:*:*:*:*:*",
"matchCriteriaId": "F12B9C5F-29A5-4B40-89E2-CD32477C087F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:cman:2.03.04-1:*:*:*:*:*:*:*",
"matchCriteriaId": "06ABB244-870D-4D5F-81FA-0D8D133A1B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:cman:2.03.05-1:*:*:*:*:*:*:*",
"matchCriteriaId": "C31DAF4D-B7BB-43CE-87EC-33062475AF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:cman:2.03.07-1:*:*:*:*:*:*:*",
"matchCriteriaId": "25AD771F-0B14-4EC9-A425-3E49BE177402",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:fedora:9:*:*:*:*:*:*:*",
"matchCriteriaId": "D32A30CD-EA21-4AA6-868F-3448AA50B70D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:linux:5.0:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "A00F5B01-0C61-48A6-BE78-1981CA6C09FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en CMAN - The Cluster Manager versiones anteriores a v2.03.09-1 en Fedora 9 y Red Hat Enterprise Linux (RHEL) 5 permite a atacantes provocar una denegaci\u00f3n de servicio (consumo de CPU y consumo de memoria) a trav\u00e9s de un fichero cluster.conf con muchas l\u00edneas. \r\nNOTA: no est\u00e1 claro si este problema cruza fronteras de privilegios en usuarios reales del producto."
}
],
"id": "CVE-2008-6560",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-31T14:09:53.390",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.fedorahosted.org/git/cluster.git?p=cluster.git%3Ba=commitdiff%3Bh=67fee9128e54c6c3fc3eae306b5b501f3029c3be"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-875-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=468966"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.fedorahosted.org/git/cluster.git?p=cluster.git%3Ba=commitdiff%3Bh=67fee9128e54c6c3fc3eae306b5b501f3029c3be"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-875-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=468966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49832"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat does not consider this to be a security issue. The misbehaviour of CMAN is triggered by corrupted / specially crafted cluster.conf configuration file. Ability to edit this file is restricted to system administrator, therefore no privilege boundary is crossed.",
"lastModified": "2009-08-04T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-24 17:44
Modified
2025-04-09 00:30
Severity ?
Summary
ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380 | ||
| cve@mitre.org | http://bugs.gentoo.org/show_bug.cgi?id=212288 | ||
| cve@mitre.org | http://secunia.com/advisories/29176 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/29460 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200803-29.xml | ||
| cve@mitre.org | http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD | ||
| cve@mitre.org | http://www.securityfocus.com/bid/28055 | Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0734/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=212288 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29176 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29460 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200803-29.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28055 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0734/references |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*",
"matchCriteriaId": "EE2027FA-357A-4BE3-9043-6DE8307C040A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E8256F-3FB6-45B2-8F03-02A61C10FAF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:viewvc:viewvc:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "793F6DB3-A6C2-4813-BD2D-AF34D85F6CCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:viewvc:viewvc:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6F2BC5-D099-427C-9513-75551ABF1997",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters."
},
{
"lang": "es",
"value": "ViewVC before 1.0.5 proporciona revisi\u00f3n de metadatos sin comprobar correctamente si el acceso fue intencionado, lo que permite a atacantes remotos obtener informaci\u00f3n sensible leyendo (1) rutas prohibidas en la vista de revisi\u00f3n, (2)el historial del log que s\u00f3lo se puede alcanzar saltando un objeto prohibido, o (3)par\u00e1metros de ruta de vista diff prohibidos."
}
],
"id": "CVE-2008-1292",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-24T17:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29176"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29460"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml"
},
{
"source": "cve@mitre.org",
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28055"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0734/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0734/references"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-11 21:00
Modified
2025-04-09 00:30
Severity ?
Summary
The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.gentoo.org/show_bug.cgi?id=208356 | ||
| cve@mitre.org | http://bugzilla.gnome.org/show_bug.cgi?id=505330 | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html | ||
| cve@mitre.org | http://secunia.com/advisories/28725/ | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/28799 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/28948 | ||
| cve@mitre.org | http://secunia.com/advisories/29702 | ||
| cve@mitre.org | http://secunia.com/advisories/29896 | ||
| cve@mitre.org | http://secunia.com/advisories/31339 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200802-05.xml | ||
| cve@mitre.org | http://www.debian.org/security/2008/dsa-1546 | ||
| cve@mitre.org | http://www.gnome.org/projects/gnumeric/announcements/1.8/gnumeric-1.8.1.shtml | Patch | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2008:056 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/27536 | ||
| cve@mitre.org | http://www.ubuntu.com/usn/usn-604-1 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0462 | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00114.html | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00227.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=208356 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugzilla.gnome.org/show_bug.cgi?id=505330 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28725/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28799 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28948 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29702 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29896 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31339 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200802-05.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1546 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gnome.org/projects/gnumeric/announcements/1.8/gnumeric-1.8.1.shtml | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:056 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/27536 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-604-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0462 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00114.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00227.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*",
"matchCriteriaId": "EE2027FA-357A-4BE3-9043-6DE8307C040A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E8256F-3FB6-45B2-8F03-02A61C10FAF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gnumeric:*:*:*:*:*:*:*:*",
"matchCriteriaId": "325E60CA-9D69-4D35-AD9B-54F0596C537B",
"versionEndIncluding": "1.7.91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "La funci\u00f3n excel_read_HLINK en plugins/excel/ms-excel-read.c de Gnome Office Gnumeric antes de 1.8.1. Permite a atacantes remotos ayudados por el usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo XLS manipulado que contiene opcodes XLS HLINK, posiblemente debido a un desbordamiento de integer. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."
}
],
"id": "CVE-2008-0668",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-11T21:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=208356"
},
{
"source": "cve@mitre.org",
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=505330"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28725/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28799"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28948"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29702"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29896"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31339"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200802-05.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1546"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gnome.org/projects/gnumeric/announcements/1.8/gnumeric-1.8.1.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:056"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27536"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-604-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0462"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00114.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00227.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=208356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=505330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28725/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200802-05.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gnome.org/projects/gnumeric/announcements/1.8/gnumeric-1.8.1.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-604-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00114.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00227.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-31 17:44
Modified
2025-04-09 00:30
Severity ?
Summary
The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html | ||
| cve@mitre.org | http://secunia.com/advisories/29463 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/29465 | ||
| cve@mitre.org | http://secunia.com/advisories/29622 | ||
| cve@mitre.org | http://secunia.com/advisories/29946 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200804-27.xml | ||
| cve@mitre.org | http://securityreason.com/securityalert/3795 | ||
| cve@mitre.org | http://silcnet.org/general/news/?item=client_20080320_1 | Patch | |
| cve@mitre.org | http://silcnet.org/general/news/?item=server_20080320_1 | Patch | |
| cve@mitre.org | http://silcnet.org/general/news/?item=toolkit_20080320_1 | Patch | |
| cve@mitre.org | http://www.coresecurity.com/?action=item&id=2206 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2008:158 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/490069/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/28373 | Patch | |
| cve@mitre.org | http://www.securitytracker.com/id?1019690 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0974/references | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/41474 | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00513.html | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00538.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29463 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29465 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29622 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29946 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200804-27.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3795 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://silcnet.org/general/news/?item=client_20080320_1 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://silcnet.org/general/news/?item=server_20080320_1 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://silcnet.org/general/news/?item=toolkit_20080320_1 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.coresecurity.com/?action=item&id=2206 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:158 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/490069/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28373 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1019690 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0974/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/41474 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00513.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00538.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silc | silc_client | * | |
| silc | silc_server | * | |
| silc | silc_toolkit | * | |
| redhat | fedora | 7 | |
| redhat | fedora | 8 | |
| silc | silc | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silc:silc_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17399447-A537-43ED-8F3B-34A6B3775F91",
"versionEndIncluding": "1.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silc:silc_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C79529C3-3305-4C9F-81B9-6A230CEC864B",
"versionEndIncluding": "1.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silc:silc_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29C8F2A5-C309-4BAB-B292-B95BE9BD335B",
"versionEndIncluding": "1.1.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*",
"matchCriteriaId": "EE2027FA-357A-4BE3-9043-6DE8307C040A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E8256F-3FB6-45B2-8F03-02A61C10FAF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silc:silc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A363089A-8328-48B1-9609-36A635EC4A46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the \"underflow\" term in cases of wraparound from unsigned subtraction."
},
{
"lang": "es",
"value": "La funci\u00f3n silc_pkcs1_decode de la librer\u00eda silccrypt (silcpkcs1.c) en Secure Internet Live Conferencing (SILC) Toolkit antes de 1.1.7, SILC Client antes de 1.1.4 y SILC Server antes de 1.1.2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un mensaje PKCS#1 manipulado, lo que dispara un desbordamiento inferior de entero, un error de signo y un desbordamiento de b\u00fafer. NOTA: el investigador lo describe como un desbordamiento de entero, pero CVE utiliza el t\u00e9rmino \"desbordamiento inferior\" en casos de estrechamiento de resta sin signo."
}
],
"id": "CVE-2008-1552",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-03-31T17:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29463"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29465"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29622"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29946"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200804-27.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3795"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://silcnet.org/general/news/?item=client_20080320_1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://silcnet.org/general/news/?item=server_20080320_1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://silcnet.org/general/news/?item=toolkit_20080320_1"
},
{
"source": "cve@mitre.org",
"url": "http://www.coresecurity.com/?action=item\u0026id=2206"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:158"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/490069/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28373"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019690"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0974/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41474"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00513.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00538.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200804-27.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://silcnet.org/general/news/?item=client_20080320_1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://silcnet.org/general/news/?item=server_20080320_1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://silcnet.org/general/news/?item=toolkit_20080320_1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.coresecurity.com/?action=item\u0026id=2206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/490069/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0974/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00513.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00538.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat does not consider this issue to be a security flaw as SILC is not used in a vulnerable manner in Red Hat Enterprise Linux 4 and 5.\n\nMore information can be found here:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=440049",
"lastModified": "2008-04-23T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-24 17:44
Modified
2025-04-09 00:30
Severity ?
Summary
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380 | ||
| cve@mitre.org | http://bugs.gentoo.org/show_bug.cgi?id=212288 | ||
| cve@mitre.org | http://secunia.com/advisories/29176 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/29460 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200803-29.xml | ||
| cve@mitre.org | http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD | ||
| cve@mitre.org | http://www.securityfocus.com/bid/28055 | Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0734/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=212288 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29176 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29460 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200803-29.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28055 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0734/references |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*",
"matchCriteriaId": "EE2027FA-357A-4BE3-9043-6DE8307C040A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E8256F-3FB6-45B2-8F03-02A61C10FAF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:viewvc:viewvc:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "793F6DB3-A6C2-4813-BD2D-AF34D85F6CCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:viewvc:viewvc:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6F2BC5-D099-427C-9513-75551ABF1997",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder."
},
{
"lang": "es",
"value": "ViewVC before 1.0.5 almacena informaci\u00f3n sensible bajo la ra\u00edz web con un control de acceso insuficiente, lo que permite a atacantes remotos leer archivos y listar carpetas bajo la carpeta oculta CVSROOT."
}
],
"id": "CVE-2008-1291",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-24T17:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29176"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29460"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml"
},
{
"source": "cve@mitre.org",
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28055"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0734/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0734/references"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-29 17:17
Modified
2025-04-09 00:30
Severity ?
Summary
rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://secunia.com/advisories/32037 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/32710 | ||
| secalert@redhat.com | http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0318 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/31385 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=458504 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=458652 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/45402 | ||
| secalert@redhat.com | https://issues.rpath.com/browse/RPL-2857 | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01135.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32037 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32710 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0318 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/31385 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=458504 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=458652 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/45402 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-2857 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01135.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | fedora | 9 | |
| redhat | initscripts | 8.76.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:fedora:9:*:*:*:*:*:*:*",
"matchCriteriaId": "D32A30CD-EA21-4AA6-868F-3448AA50B70D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:initscripts:8.76.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC1B34A-B695-4AAB-A2F6-FC39600C0EB4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run."
},
{
"lang": "es",
"value": "El archivo rc.sysinit en initscripts anteriores a versi\u00f3n 8.76.3-1 en Fedora versi\u00f3n 9 y otras plataformas Linux, permite a los usuarios locales eliminar archivos arbitrarios por medio de un ataque de tipo symlink en un archivo o directorio seg\u00fan (1) /var/lock o (2) /var/run ."
}
],
"id": "CVE-2008-3524",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-29T17:17:29.110",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32037"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32710"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0318"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/31385"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458504"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458652"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45402"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-2857"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01135.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-2857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01135.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-01 05:17
Modified
2025-04-09 00:30
Severity ?
Summary
The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/26938 | Vendor Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=298651 | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-desktop-list/2007-September/msg00163.html | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00368.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26938 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=298651 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-desktop-list/2007-September/msg00163.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00368.html |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*",
"matchCriteriaId": "EE2027FA-357A-4BE3-9043-6DE8307C040A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntfs-3g:ntfs-3g:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED638D1A-D4AB-4070-8D29-C18741D9F98F",
"versionEndIncluding": "1.913-1.fc7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "06FD8602-7069-41C6-B65C-84928EDCE2D6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntfs-3g:ntfs-3g:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCA444C-CDF1-44A5-A00B-4258F8657B09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak."
},
{
"lang": "es",
"value": "El paquete ntfs-3g anterior a 1.913-2.fc7 en Fedora 7, y en el paquete kntfs-3g package en Ubuntu 7.10/Gutsy, asigna de forma incorrecta los permisos (setuid root) en mount.ntfs-3g, el cual permite a usuarios locales siendo miembros de fuse leer y escribir dispositivos de bloque de su elecci\u00f3n, posiblemente afectando a un descriptor de fichero d\u00e9bil."
}
],
"id": "CVE-2007-5159",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-01T05:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26938"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=298651"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-desktop-list/2007-September/msg00163.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00368.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=298651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-desktop-list/2007-September/msg00163.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00368.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-24 21:00
Modified
2025-04-11 00:51
Severity ?
Summary
The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0585.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056227.html | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/02/23/1 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/02/23/2 | ||
| secalert@redhat.com | http://pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git%3Ba=blob%3Bf=policycoreutils-rhat.patch%3Bh=d4db5bc06027de23d12a4b3f18fa6f9b1517df27%3Bhb=HEAD#l2197 | ||
| secalert@redhat.com | http://secunia.com/advisories/43415 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/43844 | ||
| secalert@redhat.com | http://secunia.com/advisories/44034 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2011-0414.html | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/46510 | ||
| secalert@redhat.com | http://www.securitytracker.com/id?1025291 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/0701 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/0864 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=633544 | Patch | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/65641 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0585.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056227.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/02/23/1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/02/23/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git%3Ba=blob%3Bf=policycoreutils-rhat.patch%3Bh=d4db5bc06027de23d12a4b3f18fa6f9b1517df27%3Bhb=HEAD#l2197 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43415 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43844 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/44034 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-0414.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/46510 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1025291 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0701 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0864 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=633544 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/65641 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | policycoreutils | * | |
| redhat | policycoreutils | 1.0 | |
| redhat | policycoreutils | 1.1 | |
| redhat | policycoreutils | 1.2 | |
| redhat | policycoreutils | 1.4 | |
| redhat | policycoreutils | 1.6 | |
| redhat | policycoreutils | 1.8 | |
| redhat | policycoreutils | 1.10 | |
| redhat | policycoreutils | 1.12 | |
| redhat | policycoreutils | 1.14 | |
| redhat | policycoreutils | 1.16 | |
| redhat | policycoreutils | 1.18 | |
| redhat | policycoreutils | 1.20 | |
| redhat | policycoreutils | 1.21.1 | |
| redhat | policycoreutils | 1.21.2 | |
| redhat | policycoreutils | 1.21.3 | |
| redhat | policycoreutils | 1.21.4 | |
| redhat | policycoreutils | 1.21.5 | |
| redhat | policycoreutils | 1.21.6 | |
| redhat | policycoreutils | 1.21.7 | |
| redhat | policycoreutils | 1.21.8 | |
| redhat | policycoreutils | 1.21.9 | |
| redhat | policycoreutils | 1.21.10 | |
| redhat | policycoreutils | 1.21.11 | |
| redhat | policycoreutils | 1.21.12 | |
| redhat | policycoreutils | 1.21.13 | |
| redhat | policycoreutils | 1.21.14 | |
| redhat | policycoreutils | 1.21.15 | |
| redhat | policycoreutils | 1.21.16 | |
| redhat | policycoreutils | 1.21.17 | |
| redhat | policycoreutils | 1.21.18 | |
| redhat | policycoreutils | 1.21.19 | |
| redhat | policycoreutils | 1.21.20 | |
| redhat | policycoreutils | 1.21.21 | |
| redhat | policycoreutils | 1.21.22 | |
| redhat | policycoreutils | 1.22 | |
| redhat | policycoreutils | 1.23.1 | |
| redhat | policycoreutils | 1.23.2 | |
| redhat | policycoreutils | 1.23.3 | |
| redhat | policycoreutils | 1.23.4 | |
| redhat | policycoreutils | 1.23.5 | |
| redhat | policycoreutils | 1.23.6 | |
| redhat | policycoreutils | 1.23.7 | |
| redhat | policycoreutils | 1.23.8 | |
| redhat | policycoreutils | 1.23.9 | |
| redhat | policycoreutils | 1.23.10 | |
| redhat | policycoreutils | 1.23.11 | |
| redhat | policycoreutils | 1.24 | |
| redhat | policycoreutils | 1.25.1 | |
| redhat | policycoreutils | 1.25.2 | |
| redhat | policycoreutils | 1.25.3 | |
| redhat | policycoreutils | 1.25.4 | |
| redhat | policycoreutils | 1.25.5 | |
| redhat | policycoreutils | 1.25.6 | |
| redhat | policycoreutils | 1.25.7 | |
| redhat | policycoreutils | 1.25.8 | |
| redhat | policycoreutils | 1.25.9 | |
| redhat | policycoreutils | 1.26 | |
| redhat | policycoreutils | 1.27.1 | |
| redhat | policycoreutils | 1.27.2 | |
| redhat | policycoreutils | 1.27.3 | |
| redhat | policycoreutils | 1.27.4 | |
| redhat | policycoreutils | 1.27.5 | |
| redhat | policycoreutils | 1.27.6 | |
| redhat | policycoreutils | 1.27.7 | |
| redhat | policycoreutils | 1.27.8 | |
| redhat | policycoreutils | 1.27.9 | |
| redhat | policycoreutils | 1.27.10 | |
| redhat | policycoreutils | 1.27.11 | |
| redhat | policycoreutils | 1.27.12 | |
| redhat | policycoreutils | 1.27.13 | |
| redhat | policycoreutils | 1.27.14 | |
| redhat | policycoreutils | 1.27.15 | |
| redhat | policycoreutils | 1.27.16 | |
| redhat | policycoreutils | 1.27.17 | |
| redhat | policycoreutils | 1.27.18 | |
| redhat | policycoreutils | 1.27.19 | |
| redhat | policycoreutils | 1.27.20 | |
| redhat | policycoreutils | 1.27.21 | |
| redhat | policycoreutils | 1.27.22 | |
| redhat | policycoreutils | 1.27.23 | |
| redhat | policycoreutils | 1.27.24 | |
| redhat | policycoreutils | 1.27.25 | |
| redhat | policycoreutils | 1.27.26 | |
| redhat | policycoreutils | 1.27.27 | |
| redhat | policycoreutils | 1.27.28 | |
| redhat | policycoreutils | 1.27.29 | |
| redhat | policycoreutils | 1.27.30 | |
| redhat | policycoreutils | 1.27.31 | |
| redhat | policycoreutils | 1.27.32 | |
| redhat | policycoreutils | 1.27.33 | |
| redhat | policycoreutils | 1.27.34 | |
| redhat | policycoreutils | 1.27.35 | |
| redhat | policycoreutils | 1.27.36 | |
| redhat | policycoreutils | 1.27.37 | |
| redhat | policycoreutils | 1.28 | |
| redhat | policycoreutils | 1.29.1 | |
| redhat | policycoreutils | 1.29.2 | |
| redhat | policycoreutils | 1.29.3 | |
| redhat | policycoreutils | 1.29.4 | |
| redhat | policycoreutils | 1.29.5 | |
| redhat | policycoreutils | 1.29.6 | |
| redhat | policycoreutils | 1.29.7 | |
| redhat | policycoreutils | 1.29.8 | |
| redhat | policycoreutils | 1.29.9 | |
| redhat | policycoreutils | 1.29.10 | |
| redhat | policycoreutils | 1.29.11 | |
| redhat | policycoreutils | 1.29.12 | |
| redhat | policycoreutils | 1.29.13 | |
| redhat | policycoreutils | 1.29.14 | |
| redhat | policycoreutils | 1.29.15 | |
| redhat | policycoreutils | 1.29.16 | |
| redhat | policycoreutils | 1.29.17 | |
| redhat | policycoreutils | 1.29.18 | |
| redhat | policycoreutils | 1.29.19 | |
| redhat | policycoreutils | 1.29.20 | |
| redhat | policycoreutils | 1.29.21 | |
| redhat | policycoreutils | 1.29.22 | |
| redhat | policycoreutils | 1.29.23 | |
| redhat | policycoreutils | 1.29.24 | |
| redhat | policycoreutils | 1.29.25 | |
| redhat | policycoreutils | 1.29.26 | |
| redhat | policycoreutils | 1.29.27 | |
| redhat | policycoreutils | 1.29.28 | |
| redhat | policycoreutils | 1.30 | |
| redhat | policycoreutils | 1.30.1 | |
| redhat | policycoreutils | 1.30.2 | |
| redhat | policycoreutils | 1.30.3 | |
| redhat | policycoreutils | 1.30.4 | |
| redhat | policycoreutils | 1.30.5 | |
| redhat | policycoreutils | 1.30.6 | |
| redhat | policycoreutils | 1.30.7 | |
| redhat | policycoreutils | 1.30.8 | |
| redhat | policycoreutils | 1.30.9 | |
| redhat | policycoreutils | 1.30.10 | |
| redhat | policycoreutils | 1.30.11 | |
| redhat | policycoreutils | 1.30.12 | |
| redhat | policycoreutils | 1.30.13 | |
| redhat | policycoreutils | 1.30.14 | |
| redhat | policycoreutils | 1.30.15 | |
| redhat | policycoreutils | 1.30.16 | |
| redhat | policycoreutils | 1.30.17 | |
| redhat | policycoreutils | 1.30.18 | |
| redhat | policycoreutils | 1.30.19 | |
| redhat | policycoreutils | 1.30.20 | |
| redhat | policycoreutils | 1.30.21 | |
| redhat | policycoreutils | 1.30.22 | |
| redhat | policycoreutils | 1.30.23 | |
| redhat | policycoreutils | 1.30.24 | |
| redhat | policycoreutils | 1.30.25 | |
| redhat | policycoreutils | 1.30.26 | |
| redhat | policycoreutils | 1.30.27 | |
| redhat | policycoreutils | 1.30.28 | |
| redhat | policycoreutils | 1.30.29 | |
| redhat | policycoreutils | 1.30.30 | |
| redhat | policycoreutils | 1.30.31 | |
| redhat | policycoreutils | 1.32 | |
| redhat | policycoreutils | 1.33.1 | |
| redhat | policycoreutils | 1.33.2 | |
| redhat | policycoreutils | 1.33.3 | |
| redhat | policycoreutils | 1.33.4 | |
| redhat | policycoreutils | 1.33.5 | |
| redhat | policycoreutils | 1.33.6 | |
| redhat | policycoreutils | 1.33.7 | |
| redhat | policycoreutils | 1.33.8 | |
| redhat | policycoreutils | 1.33.9 | |
| redhat | policycoreutils | 1.33.10 | |
| redhat | policycoreutils | 1.33.11 | |
| redhat | policycoreutils | 1.33.12 | |
| redhat | policycoreutils | 1.33.13 | |
| redhat | policycoreutils | 1.33.14 | |
| redhat | policycoreutils | 1.33.15 | |
| redhat | policycoreutils | 1.33.16 | |
| redhat | policycoreutils | 1.34.0 | |
| redhat | policycoreutils | 1.34.1 | |
| redhat | policycoreutils | 2.0.0 | |
| redhat | policycoreutils | 2.0.1 | |
| redhat | policycoreutils | 2.0.2 | |
| redhat | policycoreutils | 2.0.3 | |
| redhat | policycoreutils | 2.0.4 | |
| redhat | policycoreutils | 2.0.5 | |
| redhat | policycoreutils | 2.0.6 | |
| redhat | policycoreutils | 2.0.7 | |
| redhat | policycoreutils | 2.0.8 | |
| redhat | policycoreutils | 2.0.9 | |
| redhat | policycoreutils | 2.0.10 | |
| redhat | policycoreutils | 2.0.11 | |
| redhat | policycoreutils | 2.0.12 | |
| redhat | policycoreutils | 2.0.13 | |
| redhat | policycoreutils | 2.0.14 | |
| redhat | policycoreutils | 2.0.15 | |
| redhat | policycoreutils | 2.0.16 | |
| redhat | policycoreutils | 2.0.17 | |
| redhat | policycoreutils | 2.0.18 | |
| redhat | policycoreutils | 2.0.19 | |
| redhat | policycoreutils | 2.0.20 | |
| redhat | policycoreutils | 2.0.21 | |
| redhat | policycoreutils | 2.0.22 | |
| redhat | policycoreutils | 2.0.23 | |
| redhat | policycoreutils | 2.0.24 | |
| redhat | policycoreutils | 2.0.25 | |
| redhat | policycoreutils | 2.0.26 | |
| redhat | policycoreutils | 2.0.27 | |
| redhat | policycoreutils | 2.0.28 | |
| redhat | policycoreutils | 2.0.29 | |
| redhat | policycoreutils | 2.0.30 | |
| redhat | policycoreutils | 2.0.31 | |
| redhat | policycoreutils | 2.0.32 | |
| redhat | policycoreutils | 2.0.33 | |
| redhat | policycoreutils | 2.0.34 | |
| redhat | policycoreutils | 2.0.35 | |
| redhat | policycoreutils | 2.0.36 | |
| redhat | policycoreutils | 2.0.37 | |
| redhat | policycoreutils | 2.0.38 | |
| redhat | policycoreutils | 2.0.39 | |
| redhat | policycoreutils | 2.0.40 | |
| redhat | policycoreutils | 2.0.41 | |
| redhat | policycoreutils | 2.0.42 | |
| redhat | policycoreutils | 2.0.43 | |
| redhat | policycoreutils | 2.0.44 | |
| redhat | policycoreutils | 2.0.45 | |
| redhat | policycoreutils | 2.0.46 | |
| redhat | policycoreutils | 2.0.47 | |
| redhat | policycoreutils | 2.0.48 | |
| redhat | policycoreutils | 2.0.49 | |
| redhat | policycoreutils | 2.0.50 | |
| redhat | policycoreutils | 2.0.51 | |
| redhat | policycoreutils | 2.0.52 | |
| redhat | policycoreutils | 2.0.53 | |
| redhat | policycoreutils | 2.0.54 | |
| redhat | policycoreutils | 2.0.55 | |
| redhat | policycoreutils | 2.0.56 | |
| redhat | policycoreutils | 2.0.57 | |
| redhat | policycoreutils | 2.0.58 | |
| redhat | policycoreutils | 2.0.59 | |
| redhat | policycoreutils | 2.0.60 | |
| redhat | policycoreutils | 2.0.61 | |
| redhat | policycoreutils | 2.0.62 | |
| redhat | policycoreutils | 2.0.63 | |
| redhat | policycoreutils | 2.0.64 | |
| redhat | policycoreutils | 2.0.65 | |
| redhat | policycoreutils | 2.0.66 | |
| redhat | policycoreutils | 2.0.67 | |
| redhat | policycoreutils | 2.0.68 | |
| redhat | policycoreutils | 2.0.69 | |
| redhat | policycoreutils | 2.0.70 | |
| redhat | policycoreutils | 2.0.71 | |
| redhat | policycoreutils | 2.0.72 | |
| redhat | policycoreutils | 2.0.73 | |
| redhat | policycoreutils | 2.0.74 | |
| redhat | policycoreutils | 2.0.75 | |
| redhat | policycoreutils | 2.0.76 | |
| redhat | policycoreutils | 2.0.77 | |
| redhat | policycoreutils | 2.0.78 | |
| redhat | policycoreutils | 2.0.79 | |
| redhat | policycoreutils | 2.0.80 | |
| redhat | policycoreutils | 2.0.81 | |
| redhat | policycoreutils | 2.0.82 | |
| redhat | enterprise_linux | 3 | |
| redhat | enterprise_linux | 4 | |
| redhat | enterprise_linux | 5 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | fedora | 6 | |
| redhat | fedora | 7 | |
| redhat | fedora | 8 | |
| redhat | fedora | 9 | |
| redhat | fedora | 10 | |
| redhat | fedora | 12 | |
| redhat | fedora | 13 | |
| redhat | fedora | 14 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACABA049-0D89-4C6A-AAD4-38742A40AECD",
"versionEndIncluding": "2.0.83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BEB7CAB-459D-45A3-9074-F764E4A3BC8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B67173D9-8899-4BF6-89A4-8C6D1EC60702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B3FDB9-8096-4089-8336-738B8C363B24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "490B5FB8-D9E8-4029-A1C6-80F80C4B7441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B99F9E63-2FEE-49F4-926F-1D425618222E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6188159-D38F-4EAD-95F1-98D1E8EBC59E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "22D1DEBE-A691-4C64-8CC6-EB9B1577A852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3768F8-F8D1-4030-9B61-764A12104F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBBDB97-27F1-4FAC-B932-67DD05816C39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7FF346BD-2A35-4D90-94D6-6A2CFA262722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6E7B2E-831C-4F3D-AF59-6BCAABF81FC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "C233D0EB-4615-4746-A249-5943F487DD56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC7FD6A8-8589-4D61-BF3D-786560EC5B49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00F7373D-7A55-4BBB-9559-3E5C5AE6D1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.21.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0DE48FA8-D6C5-4049-8EC8-0DE385E1734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.21.4:*:*:*:*:*:*:*",
"matchCriteriaId": "410F017C-30E7-4165-A6C9-5875DCBAF905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.21.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F39C01A-5AA0-404D-A7E5-EF9AB1F055C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.21.6:*:*:*:*:*:*:*",
"matchCriteriaId": "40E0BBA3-AC40-4651-8BEA-FF150EF24EBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.21.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE18E87-7C85-4723-92FA-9EA8208B416C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.21.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EC65AD50-9887-40CD-A38F-AC27F5A7744B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.21.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7843A2EF-0BEB-419B-8885-487052CEE47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.21.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C984F763-C7F9-485F-8011-70B174A26951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.21.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1F2E7DDD-6C5B-4AAB-AADD-B1063E5FFB1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.21.12:*:*:*:*:*:*:*",
"matchCriteriaId": "27E7B0BC-19AF-40A4-94D9-0CAD96973A30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.21.13:*:*:*:*:*:*:*",
"matchCriteriaId": "854812AD-239A-4931-A483-3F78345607EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.21.14:*:*:*:*:*:*:*",
"matchCriteriaId": "94D737FB-9C6C-4CA1-8012-B13654E8EB87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.21.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5AC0B-944D-426F-B6B3-B8D51978EE7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.21.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8EBA37-50ED-4E62-AF2A-7D81A8EF82C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.21.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0EE597-D0F8-4112-8088-1F58BEE47049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.21.18:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA8840E-9B07-4DD5-8A6C-D50BFBF04630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.21.19:*:*:*:*:*:*:*",
"matchCriteriaId": "31F43AD4-20F5-4E0A-825C-B8D49237C99B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.21.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F79EFB-D24B-431C-B6E8-7DE994F5207A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.21.21:*:*:*:*:*:*:*",
"matchCriteriaId": "4E2A51CF-5C4E-4D84-BA59-4F1E659F28DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.21.22:*:*:*:*:*:*:*",
"matchCriteriaId": "85D41212-87C9-43D4-ABE9-19F67C20F96E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "0BE990FE-1DBB-40CB-8D08-7288A2944EB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27C92674-2F62-44FF-896B-7239C6276B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F416C27-1426-4851-BB39-5D3A7B1B3601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.23.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC30CDBB-B741-442E-BF6D-983D880D9F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.23.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF1D104-094C-4743-9B16-B4E385EA1A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.23.5:*:*:*:*:*:*:*",
"matchCriteriaId": "217EBAF9-8CB4-40C9-9579-DF852681B7F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.23.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A911B6C1-FDCA-44FB-A0D8-8A13EB46CD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.23.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7AB1F2F0-C36A-4154-B433-6ECDD5F1394E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.23.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C03ED500-DB30-44A4-9208-38BA611B6B11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.23.9:*:*:*:*:*:*:*",
"matchCriteriaId": "61A41668-02B9-459B-BD94-B833438BE4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.23.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A9825632-2C0C-4231-978B-D04FB9720F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.23.11:*:*:*:*:*:*:*",
"matchCriteriaId": "31AD8C5D-9C9C-44BD-8F5A-3B9794748B04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "6D311ADE-DF31-44E3-B7E9-5CBAAD72E129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.25.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74B93A3A-F986-4D99-AE14-AFB11D8748F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.25.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A8701DC1-ECB8-4642-A829-ABBBD6E954AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.25.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D648BD6-9D1D-44BF-A275-E4E8FF5F5D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.25.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0039015A-7B2F-4042-B609-4C370967BDED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.25.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7667238-D42C-47E3-9369-8E91DAF331DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.25.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2193EA59-195A-43A2-BF2F-291AF3BF3849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.25.7:*:*:*:*:*:*:*",
"matchCriteriaId": "301A23B6-1C0B-475B-8DFE-FE323F0831CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.25.8:*:*:*:*:*:*:*",
"matchCriteriaId": "174AE4B6-AC02-40E3-AB3F-0A37EF291DC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.25.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A730E8D-90C0-438E-94FA-FED6ADE42C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.26:*:*:*:*:*:*:*",
"matchCriteriaId": "FDFEAD29-3AE1-44FA-BFED-66790B32C328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA3CA781-A726-4309-B694-75F2C5923367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E738101-1A1A-46EA-A566-78BAE0103534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.3:*:*:*:*:*:*:*",
"matchCriteriaId": "21FA4FB1-5C54-4081-8EC0-6861320586B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.4:*:*:*:*:*:*:*",
"matchCriteriaId": "80B99FB1-A091-4EEA-BB60-5B2EE2A4C872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF9C25D-E76D-407F-A2D4-E59590411998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8176AA-A9C3-42D1-A5A5-F23071487106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EFEDE788-59C1-4414-B2A0-A53E4E165581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B4640CD5-1DEC-4337-A875-ABE7D332CE1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.9:*:*:*:*:*:*:*",
"matchCriteriaId": "23636C6A-3904-43B7-9F89-7BAD8E81B276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6E04C6D1-59D3-4B23-A60F-34CEA2EFCF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2B1C8A5B-9978-434F-857A-1B18210B0A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A6324879-C76B-4F8A-B257-BA91359B0BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.13:*:*:*:*:*:*:*",
"matchCriteriaId": "ED249479-803F-4843-841B-182705FC516D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.14:*:*:*:*:*:*:*",
"matchCriteriaId": "04F4988A-8B2D-449D-A7D6-29508BF9B199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B1325437-CFAC-413A-B608-4D408E51B618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.16:*:*:*:*:*:*:*",
"matchCriteriaId": "DE576DC9-95FB-4E5D-913C-4B2767930189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA82EBD-5ADC-4457-9D76-6E784633765D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C24C9814-4ED6-4856-88A1-F8C4B71EAFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.19:*:*:*:*:*:*:*",
"matchCriteriaId": "F5B426E5-5C26-423F-995E-A749455CC044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B75A6D-3302-42FC-9834-28F932F30D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.21:*:*:*:*:*:*:*",
"matchCriteriaId": "C38D9BB4-8DEA-4C9F-A98E-DCE184E33373",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.22:*:*:*:*:*:*:*",
"matchCriteriaId": "55FD4CBA-2475-4FA0-A972-10637057470A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.23:*:*:*:*:*:*:*",
"matchCriteriaId": "2569A322-FDA2-41CD-8867-34622378537D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.24:*:*:*:*:*:*:*",
"matchCriteriaId": "55725156-48BD-428A-A33D-08C13BCDFCBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.25:*:*:*:*:*:*:*",
"matchCriteriaId": "515E4EA8-913B-45D1-AB92-9607830823C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.26:*:*:*:*:*:*:*",
"matchCriteriaId": "0A31856D-0EFD-4660-B9A4-E1D966C9D65B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.27:*:*:*:*:*:*:*",
"matchCriteriaId": "9FB86A4C-44A9-4FAF-BD48-3D315A6A5D6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.28:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD9CDBD-1FCA-473F-8ECA-2909C70F508F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.29:*:*:*:*:*:*:*",
"matchCriteriaId": "43875AEF-3CE0-4B0C-BF55-B13455A61E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9647AD6F-3AE8-4FDD-BDC0-54EB795601C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.31:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA3D1A2-964A-44FC-89A2-FA68079B5088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.32:*:*:*:*:*:*:*",
"matchCriteriaId": "DE0B52F0-80C0-4E8A-98F1-2A820E809343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.33:*:*:*:*:*:*:*",
"matchCriteriaId": "1ED0FF3D-65A3-4988-B1AF-C49D814F4404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.34:*:*:*:*:*:*:*",
"matchCriteriaId": "4BBD5D81-7F76-421C-9D57-04EB57D00B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.35:*:*:*:*:*:*:*",
"matchCriteriaId": "931941D0-3F46-4459-A763-DE01C1B84A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.36:*:*:*:*:*:*:*",
"matchCriteriaId": "30F043FD-95F6-4512-9A86-6F2BF64B4FBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.27.37:*:*:*:*:*:*:*",
"matchCriteriaId": "3174EE37-CC92-49E1-AE2E-285899BBD10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.28:*:*:*:*:*:*:*",
"matchCriteriaId": "5B775FE3-482D-481D-B4B5-BD73C23B9557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.1:*:*:*:*:*:*:*",
"matchCriteriaId": "14211C26-8C6A-4A8D-9976-FCBC3401A6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.2:*:*:*:*:*:*:*",
"matchCriteriaId": "043B1615-E370-4D25-892C-2EB7D1DF5DCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7E4E2E-F1EA-43AE-94FB-5DD2D01119B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2A018B3D-02E9-4263-8360-4CD66C6D47D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E478D35E-CA73-468A-907B-63B80B12F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AEB948-6223-4609-B4BA-EDB93F31AC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.7:*:*:*:*:*:*:*",
"matchCriteriaId": "342E8AC4-02B0-42E9-B8B1-C7B93442D85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7DAD7D79-2C4B-4052-8970-AC29126C6785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4F676DCF-4EEE-4493-9C46-AF555D14C397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.10:*:*:*:*:*:*:*",
"matchCriteriaId": "70D2E555-81E9-4BC2-99EF-1D2605B73EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD5E41C-A643-4FD4-BD2F-4F0DEC4718DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7DC6E06C-FA85-4C0D-A7AF-FB224B65A9BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BFEA4555-EA8B-40F7-8AEB-307381B734A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1A18EF73-952B-41E9-98D2-C43D0FAEDD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.15:*:*:*:*:*:*:*",
"matchCriteriaId": "5E63BD43-62C0-44B4-A183-6040229C2DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.16:*:*:*:*:*:*:*",
"matchCriteriaId": "567CA842-ABE1-4639-BB4E-5E980056E46B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.17:*:*:*:*:*:*:*",
"matchCriteriaId": "77C6070B-3846-46D3-8A81-CD12A1512C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CEBA11-8B56-4EAC-B75B-BF100AA4B00F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.19:*:*:*:*:*:*:*",
"matchCriteriaId": "257A61F4-3628-4C6C-BABD-8610D71A6952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.20:*:*:*:*:*:*:*",
"matchCriteriaId": "1C90034F-BF45-492A-A9DF-E8AA4D2BB3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A1862FEF-3790-45A3-AE8C-5B89785AAF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.22:*:*:*:*:*:*:*",
"matchCriteriaId": "75652778-955B-4A68-AE87-A02740B91964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.23:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD0103D-E009-48A6-9B81-4773202CBEE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.24:*:*:*:*:*:*:*",
"matchCriteriaId": "58C46BAA-80FD-474C-90F7-0D5EADC5C338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2E27D0C2-1B1A-4E07-9F23-41C06655B1EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.26:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CA4AE6-8FCC-4AC0-ACEB-2E96EDDE4A11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.27:*:*:*:*:*:*:*",
"matchCriteriaId": "DC844A13-180B-4C46-B102-E3650F9A4D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.29.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C3662E04-9191-424D-BB37-FC5B59E2E44E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "38ACA851-8161-4EB0-AB7D-D413343DC410",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5064A761-4655-488B-A369-2F051AE19C83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C22A49B3-72C0-4C5E-9158-41A10B5E8F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.3:*:*:*:*:*:*:*",
"matchCriteriaId": "69929AD0-569F-46E5-9C76-2E33421F6F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D04513C-E5DA-442F-A536-ED69C39C4D7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.5:*:*:*:*:*:*:*",
"matchCriteriaId": "344E0A50-5582-4B81-8A7D-3ED974B04325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4F234D04-8FAF-4F9E-9578-97D28131B329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.7:*:*:*:*:*:*:*",
"matchCriteriaId": "687F1DC4-AAA7-406F-98E9-CAC3180D07E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7354EE-8C64-4429-9923-C47B8250CAE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F9EE222B-69A9-4AD3-B16B-13E4A5033F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6269D0C3-9F97-46FB-A44E-3E6A7346A938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D884DC86-42BD-4516-A257-93A4C1A71BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7006E60C-BF4C-47EA-B47A-C725F9FD4474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.13:*:*:*:*:*:*:*",
"matchCriteriaId": "704E7C46-FEA1-460A-9D1C-FBBFA89831B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.14:*:*:*:*:*:*:*",
"matchCriteriaId": "220E02F7-38F5-47C4-BC95-92267D905019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7F68DFC8-C139-46BA-BD36-8CEF73A08637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A123FED7-7121-4103-B130-FAFC33FFD589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA2BC23-2060-4F8C-8D9E-DC9FD23A6EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3E267CBE-CEE2-41A2-A21E-3A876018148E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D5A05D-7CD0-46E0-89D7-49418C5B7873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.20:*:*:*:*:*:*:*",
"matchCriteriaId": "507CF6F9-72E2-424C-92AD-2E1F5F49BE32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.21:*:*:*:*:*:*:*",
"matchCriteriaId": "C9AD3E6D-0D1E-4E7E-AD83-FE7DD3B9AD96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E88501A2-EE75-4F67-A5F8-1625A255D1E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C44D9C-7902-4F64-B7E2-77BD186ADC0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.24:*:*:*:*:*:*:*",
"matchCriteriaId": "7265C1DE-C79B-439B-BF02-9EB37689DD35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.25:*:*:*:*:*:*:*",
"matchCriteriaId": "6466937E-5B06-4CC6-B113-7F28F1CA1AF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.26:*:*:*:*:*:*:*",
"matchCriteriaId": "B33AF71A-EA10-4654-A487-A5509B40509C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.27:*:*:*:*:*:*:*",
"matchCriteriaId": "0D01BDAC-F459-473A-8551-C1E9C095D4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.28:*:*:*:*:*:*:*",
"matchCriteriaId": "E443A3C5-50D5-482C-924A-3FA61143DBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.29:*:*:*:*:*:*:*",
"matchCriteriaId": "1B82348A-97FC-43D6-88BF-04C3662F9212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.30:*:*:*:*:*:*:*",
"matchCriteriaId": "6A4BE6B5-A8F0-4339-8320-E2A24607DFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.30.31:*:*:*:*:*:*:*",
"matchCriteriaId": "26D06B75-1BB7-4EBB-9F1A-B6EC3830E946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.32:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC2BA8B-C4F9-4651-8DE8-B4620C39191F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.33.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8E3616-1537-4928-881A-348695CADB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.33.2:*:*:*:*:*:*:*",
"matchCriteriaId": "901B70D6-9F53-4023-9D56-2A17CD71AAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.33.3:*:*:*:*:*:*:*",
"matchCriteriaId": "45C42E0B-2402-4C7E-BB22-62EF957B6754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.33.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6DECE746-AC40-4BC8-BB6F-774B6E6AC03C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.33.5:*:*:*:*:*:*:*",
"matchCriteriaId": "83687403-B90A-4D34-AD11-F3CBB0B76B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.33.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7584A7C0-A2E1-4FB0-B25D-EE2343BD9320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.33.7:*:*:*:*:*:*:*",
"matchCriteriaId": "46402C64-1A8D-4C7E-9D7D-80313A2F324F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.33.8:*:*:*:*:*:*:*",
"matchCriteriaId": "705E101D-B50A-4442-84A5-E7C60407FADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.33.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5D5FC815-E171-454D-B1B5-5C048246C72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.33.10:*:*:*:*:*:*:*",
"matchCriteriaId": "182A025F-1EF5-4854-AB63-CB7A04145713",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.33.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AD9793F9-71CC-4787-97CE-EFEA0D9BEF45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.33.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B0A4C766-7BF3-48D4-964E-A0FC3F900E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.33.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E89D0DFC-2CD3-45C7-B191-C36E2C3D7B94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.33.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A1E406-F152-40B1-879B-66F4AF92FFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.33.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CD63EE-5910-474F-9159-252BABBF7571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.33.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B18FA2-DF48-4872-84D5-31B57067C244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.34.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A57BC89-B4C9-45AB-B46B-09566320E412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:1.34.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F61DA06-435A-4AF6-9C87-A2C96D92AAE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F67F2E8C-C9C0-404E-8414-D6A2E009FAFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D478FB-2F52-40C8-9B72-1E529B078BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B5CAFA-5A29-4DC3-A2D5-259200EBBB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2A1FABC0-886F-4BD6-8C58-177E6F10A129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "425400AB-DDFF-40F3-86D1-93F1AE5A5800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD2182B-8FDD-4F2E-BCE5-D94B4C9F56D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "420C0AB2-346A-449D-8301-98E836501D1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E51E4ACF-D698-4809-9CE1-B7DE9920345F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D36AA1CE-B42A-47E9-92DE-DAA186DF0C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8CED68EE-4160-49F8-A21A-40B0BD2E61D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7FC41430-DD5B-40E7-8148-FF8E6603BCF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A1CFFDFD-5115-447A-997C-123A69435C8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8CC08FEB-6923-400A-8B7A-2D710D774A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "55009AE0-E1AD-4E47-A06B-613EEB71D8F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD4B809-4199-4105-B535-FE092DBEA177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3EE763-DC0A-400F-B504-ACE2FBB3749E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C176E5-0C6B-4C4E-9303-CC21D6BCB6EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "BFA4EEA3-8C0F-4F65-82F6-0DD7CA4979F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B6A909-AFE4-4D00-A954-BFF97F37FD46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6D3862-0989-484C-B594-4E2CAA4DF2A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "140EFD2B-8186-4EA0-9C50-BAA73FB7305F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "C3138CB7-58B2-4407-8AF9-C77D66F63C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3BAEE570-307B-4899-AD61-39C8903FB617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "6E479443-8249-4367-AE9B-86D664CD69F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "711F38AC-521E-4ABE-8BDE-A22942811CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "032196D4-2B7F-4CB2-A0CB-807F25DDDEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "5D00290D-8BA7-4AC2-8DA2-F734D320EFDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "EA895D19-23D0-4F71-8B35-CA30E4CCCBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "B63325BC-D67A-4E47-95F4-AA2ED114BF19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "965BF0A3-8D80-41C0-82EE-773830C7B67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "4172D2D3-C3DD-42D1-94E5-4B440326B8B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "2C19DEED-BC7E-47A3-A68D-7DA71D08691E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCBED4F-F594-4CD2-AA79-E88611E0CE37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "998E01E5-8C95-4824-B4E8-9D70D047B491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "1519C364-CCC9-463F-AB21-41FC733A6A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "67731FF5-F948-4E63-93B4-0DD8F9C2C926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "5B87E032-A388-4788-AC11-B278A1C15F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC527BC-96C8-4110-9953-96CEB68894C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "03C967CD-F92F-43AB-8CB5-8EB8BDBEB8E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "0B87EAF4-25F8-44CB-A08C-CC32E40DD95A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "630D60A6-D285-4FE5-BD7A-50719BC60C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "56D41BFC-73B1-4F9D-A2B0-A9D7FB240DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "3EB5481E-80FD-4641-B4D3-51271059E9C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "CB45748A-0FA8-4D53-BD4A-CBF066914952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "3C86EBE8-4A10-40C9-92CB-F363203B559D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "51DFF558-559C-4EFA-90E9-15E271D767C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "540A5DDB-876E-4171-87A4-E8F20B7C03D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "C817981B-4059-4C1E-ACC0-7CD93285CE1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD68CF5-DF2E-4A18-BB09-541103DF9430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.49:*:*:*:*:*:*:*",
"matchCriteriaId": "A7EB5FD9-9D99-4061-AAE9-836228E2E0D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "DA56C2C1-EA6F-4AB9-B262-3A2451BACF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "45AE813F-A7ED-4221-8845-DA66BEEB13D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "751DC35B-2F3C-435E-BC8F-05DA56D80AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "211518B0-8C99-4671-ADB1-C1BDDFE04A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "52DD0959-3745-43CE-8177-DC58D0B6AF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.55:*:*:*:*:*:*:*",
"matchCriteriaId": "1443B4E9-7DDF-452B-9C64-DAA10A2384EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.56:*:*:*:*:*:*:*",
"matchCriteriaId": "7F2B8225-2171-4A44-859B-5A00E2853407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.57:*:*:*:*:*:*:*",
"matchCriteriaId": "9A661466-8CE4-4266-A9AA-210FFEB24C65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.58:*:*:*:*:*:*:*",
"matchCriteriaId": "B3250262-A1E0-455D-ACD5-4FE6F9A760B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.59:*:*:*:*:*:*:*",
"matchCriteriaId": "933466F9-2FF1-463C-A636-15CDD5EF82B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "28DC0C77-0D1B-4EB0-AD8A-1B5F400D4E9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.61:*:*:*:*:*:*:*",
"matchCriteriaId": "1DE3D055-2A73-443C-9633-4E59CD018BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "C7E27211-D736-4A05-8401-2B510CF2EF8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "4F5D92AE-8ADF-494D-B3B2-130EDDD92A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "FB186327-4E32-4860-9D95-DABEC68E12EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "5C350975-BB85-4BFE-A455-02C211C02EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.66:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E22672-50D7-44A9-B088-AF70762CDDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "9E62999C-6FF8-468B-B48F-0EC1EA7ED74E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "3FF342A8-5B65-4298-9365-F9DC06E6AC5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.69:*:*:*:*:*:*:*",
"matchCriteriaId": "5ACF914E-5FCC-4408-B099-0088F432F00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E82EEE-D0BF-4DF2-B8C6-6355DCE57F0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "5A9F3387-BCD8-4A7A-B7D8-9A43EB14453E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "D2CF9C72-9C96-40A0-B0BA-E7003385C277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "424D4A74-20D9-412D-B9D1-1114340B2181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9D2606-22AE-4B1D-BD7F-A583C0DADCDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "87970866-616B-43A5-A093-7A3BA87E1714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.76:*:*:*:*:*:*:*",
"matchCriteriaId": "D9A466DD-A246-48AE-B805-A5AF8BF02DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.77:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B0FE78-1291-42B1-84CB-BE03F7921594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.78:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDC5ECE-5353-4990-B263-1835746AD820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.79:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B05E10-89F8-4C26-A630-CF55ABB52A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "2EB6E239-0170-4EB0-8311-E932BCD64A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "9602AC1B-792B-4C43-A7CF-768BD4653D6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:policycoreutils:2.0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA419D1-038E-4DDF-BF95-57AFBFF93375",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3:*:*:*:*:*:*:*",
"matchCriteriaId": "444EBE64-D3C8-41E9-8E02-22C6BDA2876B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:4:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2C244C-82F6-49BC-B7F7-54AB989C43E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:fedora:6:*:*:*:*:*:*:*",
"matchCriteriaId": "FE785318-36E2-4865-918F-CCCDD0995C68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*",
"matchCriteriaId": "EE2027FA-357A-4BE3-9043-6DE8307C040A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E8256F-3FB6-45B2-8F03-02A61C10FAF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:fedora:9:*:*:*:*:*:*:*",
"matchCriteriaId": "D32A30CD-EA21-4AA6-868F-3448AA50B70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:fedora:10:*:*:*:*:*:*:*",
"matchCriteriaId": "BA70E035-8475-4046-ABD7-5AE59F874EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:fedora:12:*:*:*:*:*:*:*",
"matchCriteriaId": "3854B743-1636-4334-8786-A450A3E81363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:fedora:13:*:*:*:*:*:*:*",
"matchCriteriaId": "85E7554D-3B60-4BD6-A388-259894EC0214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:fedora:14:*:*:*:*:*:*:*",
"matchCriteriaId": "BA03548F-0C09-403E-B3B4-6E0DB094D47E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application."
},
{
"lang": "es",
"value": "La funci\u00f3n seunshare_mount en sandbox/seunshare.c en seunshare en ciertos paquetes de Red Hat de policycoreutils v2.0.83 y anteriores de Red Hat Enterprise Linux (RHEL) v6 y anteriores, y Fedora v14 y anteriores, monta un nuevo directorio en la parte superior de /tmp sin asignar la pertenencia de root y el bit sticky a este nuevo directorio, lo que permite a usuarios locales reemplazar o eliminar de archivos /tmp de su elecci\u00f3n, y por lo tanto provocar una denegaci\u00f3n de servicio o ganar privilegios en su caso, mediante la ejecuci\u00f3n de una aplicaci\u00f3n setuid que se basa en /tmp, como demostrado por la aplicaci\u00f3n de KSU."
}
],
"id": "CVE-2011-1011",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-24T21:00:18.253",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0585.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056227.html"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/02/23/1"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/02/23/2"
},
{
"source": "secalert@redhat.com",
"url": "http://pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git%3Ba=blob%3Bf=policycoreutils-rhat.patch%3Bh=d4db5bc06027de23d12a4b3f18fa6f9b1517df27%3Bhb=HEAD#l2197"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43415"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43844"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/44034"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0414.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/46510"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1025291"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0701"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0864"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=633544"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0585.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056227.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/02/23/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/02/23/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git%3Ba=blob%3Bf=policycoreutils-rhat.patch%3Bh=d4db5bc06027de23d12a4b3f18fa6f9b1517df27%3Bhb=HEAD#l2197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0414.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=633544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65641"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-30 22:17
Modified
2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | ftp://ftp.berlios.de/pub/star/alpha/AN-1.5a84 | ||
| secalert@redhat.com | ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc | ||
| secalert@redhat.com | http://secunia.com/advisories/26626 | ||
| secalert@redhat.com | http://secunia.com/advisories/26672 | ||
| secalert@redhat.com | http://secunia.com/advisories/26673 | ||
| secalert@redhat.com | http://secunia.com/advisories/26857 | ||
| secalert@redhat.com | http://secunia.com/advisories/27318 | ||
| secalert@redhat.com | http://secunia.com/advisories/27544 | ||
| secalert@redhat.com | http://securitytracker.com/id?1018646 | ||
| secalert@redhat.com | http://support.avaya.com/elmodocs2/security/ASA-2007-414.htm | ||
| secalert@redhat.com | http://www.gentoo.org/security/en/glsa/glsa-200710-23.xml | ||
| secalert@redhat.com | http://www.redhat.com/archives/fedora-package-announce/2007-August/msg00425.html | Patch | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2007-0873.html | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/478797/100/200/threaded | ||
| secalert@redhat.com | https://bugs.gentoo.org/show_bug.cgi?id=189690 | Patch | |
| secalert@redhat.com | https://issues.rpath.com/browse/RPL-1669 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11098 | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.berlios.de/pub/star/alpha/AN-1.5a84 | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26626 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26672 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26673 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26857 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27318 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27544 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1018646 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2007-414.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200710-23.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/archives/fedora-package-announce/2007-August/msg00425.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-0873.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/478797/100/200/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.gentoo.org/show_bug.cgi?id=189690 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-1669 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11098 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*",
"matchCriteriaId": "EE2027FA-357A-4BE3-9043-6DE8307C040A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive."
},
{
"lang": "es",
"value": "Vulnerabilidad de escalado de directorio en el extract.c en el star anterior al 1.5a84 permite a atacantes con la intervenci\u00f3n del usuario sobrescribir ficheros de su elecci\u00f3n a trav\u00e9s de ciertas secuencias //.. (barra oblicua, barra oblicua, punto, punto) en el directorio symlinks en un archivo TAR."
}
],
"id": "CVE-2007-4134",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-08-30T22:17:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "ftp://ftp.berlios.de/pub/star/alpha/AN-1.5a84"
},
{
"source": "secalert@redhat.com",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/26626"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/26672"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/26673"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/26857"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/27318"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/27544"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1018646"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-414.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200710-23.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/archives/fedora-package-announce/2007-August/msg00425.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0873.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/478797/100/200/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=189690"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-1669"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.berlios.de/pub/star/alpha/AN-1.5a84"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-414.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200710-23.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/archives/fedora-package-announce/2007-August/msg00425.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0873.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/478797/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=189690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11098"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}