{ "CVE_data_type" : "CVE", "CVE_data_format" : "MITRE", "CVE_data_version" : "4.0", "CVE_data_numberOfCVEs" : "742", "CVE_data_timestamp" : "2025-04-30T07:02Z", "CVE_Items" : [ { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0026", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0287. Reason: This candidate is a duplicate of CVE-2012-0287. Notes: All CVE users should reference CVE-2012-0287 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2012-01-04T11:55Z", "lastModifiedDate" : "2023-11-07T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0046", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2012-0046", "name" : "https://access.redhat.com/security/cve/cve-2012-0046", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0046", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0046", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0046", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0046", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-0046", "name" : "https://access.redhat.com/security/cve/cve-2012-0046", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0046", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0046", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0046", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0046", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "mediawiki allows deleted text to be exposed" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.17.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.18.0", "versionEndExcluding" : "1.18.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-10-29T19:15Z", "lastModifiedDate" : "2024-11-21T01:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0049", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://security.openttd.org/en/CVE-2012-0049", "name" : "http://security.openttd.org/en/CVE-2012-0049", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2012/dsa-2524", "name" : "http://www.debian.org/security/2012/dsa-2524", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/01/13/9", "name" : "http://www.openwall.com/lists/oss-security/2012/01/13/9", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0049", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0049", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0049", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0049", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://security.openttd.org/en/CVE-2012-0049", "name" : "http://security.openttd.org/en/CVE-2012-0049", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0049", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0049", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0049", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0049", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/01/13/9", "name" : "http://www.openwall.com/lists/oss-security/2012/01/13/9", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2012/dsa-2524", "name" : "http://www.debian.org/security/2012/dsa-2524", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openttd:openttd:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.1.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-07T18:15Z", "lastModifiedDate" : "2024-11-21T01:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0051", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2012/01/15/11", "name" : "http://www.openwall.com/lists/oss-security/2012/01/15/11", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/01/26/7", "name" : "http://www.openwall.com/lists/oss-security/2012/01/26/7", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/01/26/8", "name" : "http://www.openwall.com/lists/oss-security/2012/01/26/8", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/01/26/9", "name" : "http://www.openwall.com/lists/oss-security/2012/01/26/9", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0051", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0051", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1654", "name" : "https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1654", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/01/15/11", "name" : "http://www.openwall.com/lists/oss-security/2012/01/15/11", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1654", "name" : "https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1654", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0051", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0051", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/01/26/9", "name" : "http://www.openwall.com/lists/oss-security/2012/01/26/9", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/01/26/8", "name" : "http://www.openwall.com/lists/oss-security/2012/01/26/8", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/01/26/7", "name" : "http://www.openwall.com/lists/oss-security/2012/01/26/7", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tahoe-lafs:tahoe-lafs:1.9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.4, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-07T18:15Z", "lastModifiedDate" : "2024-11-21T01:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0055", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2012/01/17/11", "name" : "[oss-security] 20120117 Re: CVE Request: overlayfs", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.ubuntu.com/usn/USN-1363-1", "name" : "http://www.ubuntu.com/usn/USN-1363-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.ubuntu.com/usn/USN-1364-1", "name" : "http://www.ubuntu.com/usn/USN-1364-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.ubuntu.com/usn/USN-1384-1", "name" : "http://www.ubuntu.com/usn/USN-1384-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-0055", "name" : "https://access.redhat.com/security/cve/cve-2012-0055", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/915941", "name" : "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/915941", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-0055", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-0055", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/01/17/11", "name" : "[oss-security] 20120117 Re: CVE Request: overlayfs", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-0055", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-0055", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/915941", "name" : "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/915941", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-0055", "name" : "https://access.redhat.com/security/cve/cve-2012-0055", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.ubuntu.com/usn/USN-1384-1", "name" : "http://www.ubuntu.com/usn/USN-1384-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.ubuntu.com/usn/USN-1364-1", "name" : "http://www.ubuntu.com/usn/USN-1364-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.ubuntu.com/usn/USN-1363-1", "name" : "http://www.ubuntu.com/usn/USN-1363-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-19T18:15Z", "lastModifiedDate" : "2024-11-21T01:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0063", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2012/01/19/5", "name" : "[oss-security] 20120118 Re: CVE request: tucan insecure plugin update mechanism", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-0063", "name" : "https://access.redhat.com/security/cve/cve-2012-0063", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0063", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0063", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0063", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0063", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/01/19/5", "name" : "[oss-security] 20120118 Re: CVE request: tucan insecure plugin update mechanism", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0063", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0063", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0063", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0063", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-0063", "name" : "https://access.redhat.com/security/cve/cve-2012-0063", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tucaneando:tucan:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.3.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-21T16:15Z", "lastModifiedDate" : "2024-11-21T01:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0070", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2012/01/20/7", "name" : "http://www.openwall.com/lists/oss-security/2012/01/20/7", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-0070", "name" : "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-0070", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/01/20/7", "name" : "http://www.openwall.com/lists/oss-security/2012/01/20/7", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-0070", "name" : "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-0070", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "spamdyke prior to 4.2.1: STARTTLS reveals plaintext" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:spamdyke:spamdyke:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.2.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-15T14:15Z", "lastModifiedDate" : "2024-11-21T01:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0139", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0140", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0153", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0166", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0216", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2012/dsa-2452", "name" : "DSA-2452", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75211", "name" : "gnulinux-apache2-xss(75211)", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2012/dsa-2452", "name" : "DSA-2452", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75211", "name" : "gnulinux-apache2-xss(75211)", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:debian:apache2:*:wheezy:*:*:*:*:*:*", "versionEndIncluding" : "2.2.22-1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:debian:apache2:*:squeeze6:*:*:*:*:*:*", "versionEndIncluding" : "2.2.16-6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:debian:apache2:*:sid:*:*:*:*:*:*", "versionEndIncluding" : "2.2.22-3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2012-04-22T18:55Z", "lastModifiedDate" : "2025-04-29T21:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0334", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/52981", "name" : "http://www.securityfocus.com/bid/52981", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-0334", "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-0334", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/52981", "name" : "http://www.securityfocus.com/bid/52981", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-0334", "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-0334", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:ironport_web_security_appliance:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.2, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:H/Au:N/C:P/I:P/A:N", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.2 }, "severity" : "LOW", "exploitabilityScore" : 3.2, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-15T13:15Z", "lastModifiedDate" : "2024-11-21T01:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0405", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0408", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0433", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=783195", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=783195", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.suse.com/security/cve/CVE-2012-0433/", "name" : "https://www.suse.com/security/cve/CVE-2012-0433/", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=783195", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=783195", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.suse.com/security/cve/CVE-2012-0433/", "name" : "https://www.suse.com/security/cve/CVE-2012-0433/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The install-chef-suse.sh script shipped with crowbar before 2012-10-02 is creating files containing confidential data with insecure permissions, allowing local users to read confidential data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:crowbar_project:crowbar:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-06-08T17:29Z", "lastModifiedDate" : "2024-11-21T01:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0653", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0673", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0694", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://seclists.org/bugtraq/2012/Jun/165", "name" : "https://seclists.org/bugtraq/2012/Jun/165", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0694", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0694", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/19381", "name" : "19381", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://seclists.org/bugtraq/2012/Jun/165", "name" : "https://seclists.org/bugtraq/2012/Jun/165", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/19381", "name" : "19381", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0694", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0694", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SugarCRM CE <= 6.3.1 contains scripts that use \"unserialize()\" with user controlled input which allows remote attackers to execute arbitrary PHP code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:community:*:*:*", "versionEndIncluding" : "6.3.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-10-29T21:15Z", "lastModifiedDate" : "2024-11-21T01:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0699", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.exploit-db.com/exploits/18667", "name" : "18667", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.exploit-db.com/exploits/18667", "name" : "18667", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:haudenschilt:family_connections_cms:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.9.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-11T20:29Z", "lastModifiedDate" : "2024-11-21T01:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0718", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74038", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74038", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74038", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74038", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_endpoint_manager:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.5 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-18T18:15Z", "lastModifiedDate" : "2024-11-21T01:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0721", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-07-17T01:29Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0722", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-0722. Reason: This candidate is a duplicate of CVE-2013-0722. A year-transition issue caused the wrong ID to be used. Notes: All CVE users should reference CVE-2013-0722 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2013-01-11T22:55Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0771", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://fortiguard.com/encyclopedia/ips/31101/adobe-shockwave-player-multiple-memory-corruption", "name" : "https://fortiguard.com/encyclopedia/ips/31101/adobe-shockwave-player-multiple-memory-corruption", "refsource" : "MISC", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.adobe.com/support/security/bulletins/apsb12-02.html", "name" : "https://www.adobe.com/support/security/bulletins/apsb12-02.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.adobe.com/support/security/bulletins/apsb12-02.html", "name" : "https://www.adobe.com/support/security/bulletins/apsb12-02.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0759." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.6.4.634", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-19T19:29Z", "lastModifiedDate" : "2024-11-21T01:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0785", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2012/01/20/8", "name" : "[oss-security] 20120119 Re: CVE request: Jenkins", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-0785", "name" : "https://access.redhat.com/security/cve/cve-2012-0785", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://jenkins.io/security/advisory/2012-01-12/", "name" : "https://jenkins.io/security/advisory/2012-01-12/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0785", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0785", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.cloudbees.com/jenkins-security-advisory-2012-01-12", "name" : "https://www.cloudbees.com/jenkins-security-advisory-2012-01-12", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/01/20/8", "name" : "[oss-security] 20120119 Re: CVE request: Jenkins", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.cloudbees.com/jenkins-security-advisory-2012-01-12", "name" : "https://www.cloudbees.com/jenkins-security-advisory-2012-01-12", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0785", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0785", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2012-01-12/", "name" : "https://jenkins.io/security/advisory/2012-01-12/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-0785", "name" : "https://access.redhat.com/security/cve/cve-2012-0785", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka \"the Hash DoS attack.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cloudbees:jenkins:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "1.400.0", "versionEndExcluding" : "1.400.0.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cloudbees:jenkins:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "1.424.0", "versionEndExcluding" : "1.424.2.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.447", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "versionEndExcluding" : "1.424.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-24T17:15Z", "lastModifiedDate" : "2024-11-21T01:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0810", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=794557", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=794557", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-stable-rt.git/commit/?id=bcf6b1d78c0bde228929c388978ed3af9a623463", "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-stable-rt.git/commit/?id=bcf6b1d78c0bde228929c388978ed3af9a623463", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ] }, { "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-stable-rt.git/commit/?id=e5d4e1c3ccee18c68f23d62ba77bda26e893d4f0", "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-stable-rt.git/commit/?id=e5d4e1c3ccee18c68f23d62ba77bda26e893d4f0", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=794557", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=794557", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-stable-rt.git/commit/?id=e5d4e1c3ccee18c68f23d62ba77bda26e893d4f0", "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-stable-rt.git/commit/?id=e5d4e1c3ccee18c68f23d62ba77bda26e893d4f0", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ] }, { "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-stable-rt.git/commit/?id=bcf6b1d78c0bde228929c388978ed3af9a623463", "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-stable-rt.git/commit/?id=bcf6b1d78c0bde228929c388978ed3af9a623463", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock contention." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 4.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-12T14:15Z", "lastModifiedDate" : "2024-11-21T01:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0812", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://security.gentoo.org/glsa/glsa-201209-18.xml", "name" : "http://security.gentoo.org/glsa/glsa-201209-18.xml", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/01/26/12", "name" : "http://www.openwall.com/lists/oss-security/2012/01/26/12", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/01/27/5", "name" : "http://www.openwall.com/lists/oss-security/2012/01/27/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/51680", "name" : "http://www.securityfocus.com/bid/51680", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-0812", "name" : "https://access.redhat.com/security/cve/cve-2012-0812", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-0812", "name" : "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-0812", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0812", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0812", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://security.gentoo.org/glsa/glsa-201209-18.xml", "name" : "http://security.gentoo.org/glsa/glsa-201209-18.xml", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0812", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0812", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-0812", "name" : "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-0812", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-0812", "name" : "https://access.redhat.com/security/cve/cve-2012-0812", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.securityfocus.com/bid/51680", "name" : "http://www.securityfocus.com/bid/51680", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/01/27/5", "name" : "http://www.openwall.com/lists/oss-security/2012/01/27/5", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/01/26/12", "name" : "http://www.openwall.com/lists/oss-security/2012/01/26/12", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PostfixAdmin 2.3.4 has multiple XSS vulnerabilities" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postfix_admin_project:postfix_admin:2.3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-11-22T17:15Z", "lastModifiedDate" : "2024-11-21T01:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0816", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-07-09T13:15Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0824", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-134" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2012/01/31/3", "name" : "http://www.openwall.com/lists/oss-security/2012/01/31/3", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-0824", "name" : "https://access.redhat.com/security/cve/cve-2012-0824", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0824.html", "name" : "https://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0824.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0824", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0824", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/01/31/3", "name" : "http://www.openwall.com/lists/oss-security/2012/01/31/3", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0824", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0824", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0824.html", "name" : "https://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0824.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-0824", "name" : "https://access.redhat.com/security/cve/cve-2012-0824", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "gnusound 0.7.5 has format string issue" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:gnusound:0.7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-19T16:15Z", "lastModifiedDate" : "2024-11-21T01:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0828", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2012/02/01/9", "name" : "http://www.openwall.com/lists/oss-security/2012/02/01/9", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-0828", "name" : "https://access.redhat.com/security/cve/cve-2012-0828", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0828", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0828", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0828", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0828", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/02/01/9", "name" : "http://www.openwall.com/lists/oss-security/2012/02/01/9", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0828", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0828", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0828", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0828", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-0828", "name" : "https://access.redhat.com/security/cve/cve-2012-0828", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xchat-wdk:xchat-wdk:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1499-4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xchat:xchat:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.8.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gtk:2.18.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gtk:2.24.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gtk:2.14.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gtk:2.10.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-21T18:15Z", "lastModifiedDate" : "2024-11-21T01:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0832", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-07-09T13:15Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0842", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2012/02/10/2", "name" : "http://www.openwall.com/lists/oss-security/2012/02/10/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/02/10/8", "name" : "http://www.openwall.com/lists/oss-security/2012/02/10/8", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/02/10/9", "name" : "http://www.openwall.com/lists/oss-security/2012/02/10/9", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/02/11/3", "name" : "http://www.openwall.com/lists/oss-security/2012/02/11/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-0842", "name" : "https://access.redhat.com/security/cve/cve-2012-0842", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0842", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0842", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0842", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0842", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/02/10/2", "name" : "http://www.openwall.com/lists/oss-security/2012/02/10/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0842", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0842", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0842", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0842", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-0842", "name" : "https://access.redhat.com/security/cve/cve-2012-0842", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/02/11/3", "name" : "http://www.openwall.com/lists/oss-security/2012/02/11/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/02/10/9", "name" : "http://www.openwall.com/lists/oss-security/2012/02/10/9", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/02/10/8", "name" : "http://www.openwall.com/lists/oss-security/2012/02/10/8", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "surf: cookie jar has read access from other local user" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:suckless:surf:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-19T15:15Z", "lastModifiedDate" : "2024-11-21T01:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0843", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2012/02/11/3", "name" : "http://www.openwall.com/lists/oss-security/2012/02/11/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-0843", "name" : "https://access.redhat.com/security/cve/cve-2012-0843", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0843", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0843", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0843", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0843", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.securityfocus.com/bid/52268", "name" : "https://www.securityfocus.com/bid/52268", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/02/11/3", "name" : "http://www.openwall.com/lists/oss-security/2012/02/11/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.securityfocus.com/bid/52268", "name" : "https://www.securityfocus.com/bid/52268", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0843", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0843", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0843", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0843", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-0843", "name" : "https://access.redhat.com/security/cve/cve-2012-0843", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "uzbl: Information disclosure via world-readable cookies storage file" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:uzbl:uzbl:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-19T16:15Z", "lastModifiedDate" : "2024-11-21T01:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0844", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2012/02/11/3", "name" : "http://www.openwall.com/lists/oss-security/2012/02/11/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-0844", "name" : "https://access.redhat.com/security/cve/cve-2012-0844", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0844", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0844", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.securityfocus.com/bid/51981", "name" : "51981", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/02/11/3", "name" : "http://www.openwall.com/lists/oss-security/2012/02/11/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.securityfocus.com/bid/51981", "name" : "51981", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0844", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0844", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-0844", "name" : "https://access.redhat.com/security/cve/cve-2012-0844", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netsurf-browser:netsurf:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.8", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-21T18:15Z", "lastModifiedDate" : "2024-11-21T01:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0877", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/oss-sec/2014/q3/96", "name" : "http://seclists.org/oss-sec/2014/q3/96", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/08/11", "name" : "http://www.openwall.com/lists/oss-security/2014/07/08/11", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-0877", "name" : "https://access.redhat.com/security/cve/cve-2012-0877", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0877", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0877", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0877", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0877", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2014/q3/96", "name" : "http://seclists.org/oss-sec/2014/q3/96", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-0877", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-0877", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0877", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0877", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-0877", "name" : "https://access.redhat.com/security/cve/cve-2012-0877", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2014/07/08/11", "name" : "http://www.openwall.com/lists/oss-security/2014/07/08/11", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PyXML: Hash table collisions CPU usage Denial of Service" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:python:pyxml:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:enterprise_virtualization_hypervisor:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-22T17:15Z", "lastModifiedDate" : "2024-11-21T01:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0941", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.org/files/109168/VL-144.txt", "name" : "http://packetstormsecurity.org/files/109168/VL-144.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/51708", "name" : "51708", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72761", "name" : "fortigateutm-fieldssortedopt-xss(72761)", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://fortiguard.com/psirt/FG-IR-012-001", "name" : "https://fortiguard.com/psirt/FG-IR-012-001", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://securitytracker.com/id/1026594", "name" : "1026594", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.vulnerability-lab.com/get_content.php?id=144", "name" : "https://www.vulnerability-lab.com/get_content.php?id=144", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://packetstormsecurity.org/files/109168/VL-144.txt", "name" : "http://packetstormsecurity.org/files/109168/VL-144.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.vulnerability-lab.com/get_content.php?id=144", "name" : "https://www.vulnerability-lab.com/get_content.php?id=144", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://securitytracker.com/id/1026594", "name" : "1026594", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://fortiguard.com/psirt/FG-IR-012-001", "name" : "https://fortiguard.com/psirt/FG-IR-012-001", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72761", "name" : "fortigateutm-fieldssortedopt-xss(72761)", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/51708", "name" : "51708", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules, or the fields_sorted_opt parameter to (4) user/auth/list or (5) endpointcompliance/app_detect/predefined_sig_list." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.3.0", "versionEndExcluding" : "4.3.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-08T23:29Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0945", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-428" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugs.launchpad.net/ubuntu/+source/whoopsie-daisy/+bug/973687", "name" : "https://bugs.launchpad.net/ubuntu/+source/whoopsie-daisy/+bug/973687", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugs.launchpad.net/ubuntu/+source/whoopsie-daisy/+bug/973687", "name" : "https://bugs.launchpad.net/ubuntu/+source/whoopsie-daisy/+bug/973687", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "whoopsie-daisy before 0.1.26: Root user can remove arbitrary files" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:whoopsie-daisy_project:whoopsie-daisy:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.1.26", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 4.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-15T13:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0951", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0951.html", "name" : "http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0951.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.10060", "name" : "https://vuldb.com/?id.10060", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0951.html", "name" : "http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0951.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.10060", "name" : "https://vuldb.com/?id.10060", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29549 due to an unknown function in the file proc/driver/nvidia/registry." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:display_driver:*:*:*:*:*:linux:*:*", "versionStartIncluding" : "295.49", "versionEndIncluding" : "295.53", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-12T17:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0952", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers/+bug/979373", "name" : "https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers/+bug/979373", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers/+bug/979373", "name" : "https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers/+bug/979373", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A heap buffer overflow was discovered in the device control ioctl in the Linux driver for Nvidia graphics cards, which may allow an attacker to overflow 49 bytes. This issue was fixed in version 295.53." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:display_driver:*:*:*:*:*:linux:*:*", "versionEndExcluding" : "295.53", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 5.0, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.8, "impactScore" : 3.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-05-08T01:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0953", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers/+bug/979373", "name" : "https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers/+bug/979373", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers/+bug/979373", "name" : "https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers/+bug/979373", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A race condition was discovered in the Linux drivers for Nvidia graphics which allowed an attacker to exfiltrate kernel memory to userspace. This issue was fixed in version 295.53." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:display_driver:*:*:*:*:*:linux:*:*", "versionEndExcluding" : "295.53", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 5.0, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.8, "impactScore" : 3.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-05-08T01:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0955", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code.launchpad.net/~cyphermox/software-properties/lp1036839/+merge/119753", "name" : "https://code.launchpad.net/~cyphermox/software-properties/lp1036839/+merge/119753", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://launchpad.net/bugs/1036839", "name" : "https://launchpad.net/bugs/1036839", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://code.launchpad.net/~cyphermox/software-properties/lp1036839/+merge/119753", "name" : "https://code.launchpad.net/~cyphermox/software-properties/lp1036839/+merge/119753", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://launchpad.net/bugs/1036839", "name" : "https://launchpad.net/bugs/1036839", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fixed in software-properties version 0.92." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:canonical:software-properties:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.92", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.4, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-12-02T01:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0963", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0964", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0965", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0966", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0967", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0968", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0969", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0970", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0971", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-0972", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-10001", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/limit-login-attempts/#developers", "name" : "https://wordpress.org/plugins/limit-login-attempts/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/limit-login-attempts/#developers", "name" : "https://wordpress.org/plugins/limit-login-attempts/#developers", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:limit_login_attempts_project:limit_login_attempts:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.7.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2021-01-06T15:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-10002", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ahmyi/rivettracker/commit/45a0f33876d58cb7e4a0f17da149e58fc893b858", "name" : "https://github.com/ahmyi/rivettracker/commit/45a0f33876d58cb7e4a0f17da149e58fc893b858", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/ahmyi/rivettracker/pull/1", "name" : "https://github.com/ahmyi/rivettracker/pull/1", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217267", "name" : "https://vuldb.com/?ctiid.217267", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217267", "name" : "https://vuldb.com/?id.217267", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/ahmyi/rivettracker/commit/45a0f33876d58cb7e4a0f17da149e58fc893b858", "name" : "https://github.com/ahmyi/rivettracker/commit/45a0f33876d58cb7e4a0f17da149e58fc893b858", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217267", "name" : "https://vuldb.com/?id.217267", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217267", "name" : "https://vuldb.com/?ctiid.217267", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/ahmyi/rivettracker/pull/1", "name" : "https://github.com/ahmyi/rivettracker/pull/1", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in ahmyi RivetTracker. It has been declared as problematic. Affected by this vulnerability is the function changeColor of the file css.php. The manipulation of the argument set_css leads to cross site scripting. The attack can be launched remotely. The patch is named 45a0f33876d58cb7e4a0f17da149e58fc893b858. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217267." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rivettracker_project:rivettracker:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2012-03-13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-01-03T09:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-10003", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ahmyi/rivettracker/commit/f053c5cc2bc44269b0496b5f275e349928a92ef9", "name" : "https://github.com/ahmyi/rivettracker/commit/f053c5cc2bc44269b0496b5f275e349928a92ef9", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/ahmyi/rivettracker/pull/1", "name" : "https://github.com/ahmyi/rivettracker/pull/1", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217271", "name" : "https://vuldb.com/?ctiid.217271", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.217271", "name" : "https://vuldb.com/?id.217271", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/ahmyi/rivettracker/commit/f053c5cc2bc44269b0496b5f275e349928a92ef9", "name" : "https://github.com/ahmyi/rivettracker/commit/f053c5cc2bc44269b0496b5f275e349928a92ef9", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217271", "name" : "https://vuldb.com/?id.217271", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.217271", "name" : "https://vuldb.com/?ctiid.217271", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/ahmyi/rivettracker/pull/1", "name" : "https://github.com/ahmyi/rivettracker/pull/1", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, has been found in ahmyi RivetTracker. This issue affects some unknown processing. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The patch is named f053c5cc2bc44269b0496b5f275e349928a92ef9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217271." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rivettracker_project:rivettracker:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2012-03-03", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-01-03T12:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-10004", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/backdrop-contrib/basic_cart/commit/a10424ccd4b3b4b433cf33b73c1ad608b11890b4", "name" : "https://github.com/backdrop-contrib/basic_cart/commit/a10424ccd4b3b4b433cf33b73c1ad608b11890b4", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/backdrop-contrib/basic_cart/releases/tag/1.x-1.1.1", "name" : "https://github.com/backdrop-contrib/basic_cart/releases/tag/1.x-1.1.1", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217950", "name" : "https://vuldb.com/?ctiid.217950", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217950", "name" : "https://vuldb.com/?id.217950", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/backdrop-contrib/basic_cart/commit/a10424ccd4b3b4b433cf33b73c1ad608b11890b4", "name" : "https://github.com/backdrop-contrib/basic_cart/commit/a10424ccd4b3b4b433cf33b73c1ad608b11890b4", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.217950", "name" : "https://vuldb.com/?id.217950", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.217950", "name" : "https://vuldb.com/?ctiid.217950", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/backdrop-contrib/basic_cart/releases/tag/1.x-1.1.1", "name" : "https://github.com/backdrop-contrib/basic_cart/releases/tag/1.x-1.1.1", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in backdrop-contrib Basic Cart on Drupal. It has been classified as problematic. Affected is the function basic_cart_checkout_form_submit of the file basic_cart.cart.inc. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.x-1.1.1 is able to address this issue. The patch is identified as a10424ccd4b3b4b433cf33b73c1ad608b11890b4. It is recommended to upgrade the affected component. VDB-217950 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:backdropcms:basic_cart:*:*:*:*:*:backdrop:*:*", "versionEndExcluding" : "1.x-1.1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-01-11T07:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-10005", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code.google.com/archive/p/php-form-builder-class/issues/184", "name" : "https://code.google.com/archive/p/php-form-builder-class/issues/184", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/manikandan170890/php-form-builder-class/commit/74897993818d826595fd5857038e6703456a594a", "name" : "https://github.com/manikandan170890/php-form-builder-class/commit/74897993818d826595fd5857038e6703456a594a", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218155", "name" : "https://vuldb.com/?ctiid.218155", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218155", "name" : "https://vuldb.com/?id.218155", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://code.google.com/archive/p/php-form-builder-class/issues/184", "name" : "https://code.google.com/archive/p/php-form-builder-class/issues/184", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218155", "name" : "https://vuldb.com/?id.218155", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218155", "name" : "https://vuldb.com/?ctiid.218155", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://github.com/manikandan170890/php-form-builder-class/commit/74897993818d826595fd5857038e6703456a594a", "name" : "https://github.com/manikandan170890/php-form-builder-class/commit/74897993818d826595fd5857038e6703456a594a", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in manikandan170890 php-form-builder-class and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PFBC/Element/Textarea.php of the component Textarea Handler. The manipulation of the argument value leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 74897993818d826595fd5857038e6703456a594a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218155." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php-form-builder-class_project:php-form-builder-class:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2012-11-22", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-01-12T16:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-10006", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ale7714/sigeprosi/commit/5291886f6c992316407c376145d331169c55f25b", "name" : "https://github.com/ale7714/sigeprosi/commit/5291886f6c992316407c376145d331169c55f25b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218493", "name" : "https://vuldb.com/?ctiid.218493", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218493", "name" : "https://vuldb.com/?id.218493", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/ale7714/sigeprosi/commit/5291886f6c992316407c376145d331169c55f25b", "name" : "https://github.com/ale7714/sigeprosi/commit/5291886f6c992316407c376145d331169c55f25b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.218493", "name" : "https://vuldb.com/?id.218493", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.218493", "name" : "https://vuldb.com/?ctiid.218493", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in ale7714 sigeprosi. This affects an unknown part. The manipulation leads to sql injection. The identifier of the patch is 5291886f6c992316407c376145d331169c55f25b. It is recommended to apply a patch to fix this issue. The identifier VDB-218493 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sigeprosi_project:sigeprosi:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2012-05-15", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-01-18T16:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-10007", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/madgicweb/buddystream/commit/7d5b9a89a27711aad76fd55ab4cc4185b545a1d0", "name" : "https://github.com/madgicweb/buddystream/commit/7d5b9a89a27711aad76fd55ab4cc4185b545a1d0", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/madgicweb/buddystream/releases/tag/3.2.8", "name" : "https://github.com/madgicweb/buddystream/releases/tag/3.2.8", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.221479", "name" : "https://vuldb.com/?ctiid.221479", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.221479", "name" : "https://vuldb.com/?id.221479", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/madgicweb/buddystream/commit/7d5b9a89a27711aad76fd55ab4cc4185b545a1d0", "name" : "https://github.com/madgicweb/buddystream/commit/7d5b9a89a27711aad76fd55ab4cc4185b545a1d0", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?id.221479", "name" : "https://vuldb.com/?id.221479", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.221479", "name" : "https://vuldb.com/?ctiid.221479", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://github.com/madgicweb/buddystream/releases/tag/3.2.8", "name" : "https://github.com/madgicweb/buddystream/releases/tag/3.2.8", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in madgicweb BuddyStream Plugin up to 3.2.7 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file ShareBox.php. The manipulation of the argument content/link/shares leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.8 is able to address this issue. The patch is named 7d5b9a89a27711aad76fd55ab4cc4185b545a1d0. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221479." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:buddystream_project:buddystream:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.2.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-02-19T16:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-10008", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/uakfdotb/oneapp/commit/5413ac804f1b09f9decc46a6c37b08352c49669c", "name" : "https://github.com/uakfdotb/oneapp/commit/5413ac804f1b09f9decc46a6c37b08352c49669c", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.221483", "name" : "https://vuldb.com/?ctiid.221483", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.221483", "name" : "https://vuldb.com/?id.221483", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://github.com/uakfdotb/oneapp/commit/5413ac804f1b09f9decc46a6c37b08352c49669c", "name" : "https://github.com/uakfdotb/oneapp/commit/5413ac804f1b09f9decc46a6c37b08352c49669c", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?id.221483", "name" : "https://vuldb.com/?id.221483", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.221483", "name" : "https://vuldb.com/?ctiid.221483", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in uakfdotb oneapp. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 5413ac804f1b09f9decc46a6c37b08352c49669c. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221483." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oneapp_project:oneapp:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2012-05-09", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-02-20T07:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-10009", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/404like/commit/2c4b589d27554910ab1fd104ddbec9331b540f7f", "name" : "https://github.com/wp-plugins/404like/commit/2c4b589d27554910ab1fd104ddbec9331b540f7f", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/404like/releases/tag/1.0.2", "name" : "https://github.com/wp-plugins/404like/releases/tag/1.0.2", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.223404", "name" : "https://vuldb.com/?ctiid.223404", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.223404", "name" : "https://vuldb.com/?id.223404", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/wp-plugins/404like/commit/2c4b589d27554910ab1fd104ddbec9331b540f7f", "name" : "https://github.com/wp-plugins/404like/commit/2c4b589d27554910ab1fd104ddbec9331b540f7f", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?id.223404", "name" : "https://vuldb.com/?id.223404", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.223404", "name" : "https://vuldb.com/?ctiid.223404", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://github.com/wp-plugins/404like/releases/tag/1.0.2", "name" : "https://github.com/wp-plugins/404like/releases/tag/1.0.2", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in 404like Plugin up to 1.0.2 on WordPress. It has been classified as critical. Affected is the function checkPage of the file 404Like.php. The manipulation of the argument searchWord leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 2c4b589d27554910ab1fd104ddbec9331b540f7f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-223404." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:404like_project:404like:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.0.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-03-21T00:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1001", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0121.html", "name" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0121.html", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://chyrp.net/2012/02/02/heres-whats-been-going-on-recently/", "name" : "http://chyrp.net/2012/02/02/heres-whats-been-going-on-recently/", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.securityfocus.com/bid/52115", "name" : "http://www.securityfocus.com/bid/52115", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/52117", "name" : "http://www.securityfocus.com/bid/52117", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/vito/chyrp/commit/f69bd791c37e0b154c0bda16f9759ba19cc77f6c", "name" : "https://github.com/vito/chyrp/commit/f69bd791c37e0b154c0bda16f9759ba19cc77f6c", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.htbridge.ch/advisory/HTB23073", "name" : "https://www.htbridge.ch/advisory/HTB23073", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0121.html", "name" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0121.html", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://www.htbridge.ch/advisory/HTB23073", "name" : "https://www.htbridge.ch/advisory/HTB23073", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/vito/chyrp/commit/f69bd791c37e0b154c0bda16f9759ba19cc77f6c", "name" : "https://github.com/vito/chyrp/commit/f69bd791c37e0b154c0bda16f9759ba19cc77f6c", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/52117", "name" : "http://www.securityfocus.com/bid/52117", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/52115", "name" : "http://www.securityfocus.com/bid/52115", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://chyrp.net/2012/02/02/heres-whats-been-going-on-recently/", "name" : "http://chyrp.net/2012/02/02/heres-whats-been-going-on-recently/", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:chyrp:chyrp:2.5.2:b1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:chyrp:chyrp:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.1.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-11-21T22:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-10010", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/contact-form-plugin/commit/8398d96ff0fe45ec9267d7259961c2ef89ed8005", "name" : "https://github.com/wp-plugins/contact-form-plugin/commit/8398d96ff0fe45ec9267d7259961c2ef89ed8005", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.225321", "name" : "https://vuldb.com/?ctiid.225321", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.225321", "name" : "https://vuldb.com/?id.225321", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/wp-plugins/contact-form-plugin/commit/8398d96ff0fe45ec9267d7259961c2ef89ed8005", "name" : "https://github.com/wp-plugins/contact-form-plugin/commit/8398d96ff0fe45ec9267d7259961c2ef89ed8005", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?id.225321", "name" : "https://vuldb.com/?id.225321", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.225321", "name" : "https://vuldb.com/?ctiid.225321", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in BestWebSoft Contact Form 3.21. It has been classified as problematic. This affects the function cntctfrm_settings_page of the file contact_form.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.22 is able to address this issue. The identifier of the patch is 8398d96ff0fe45ec9267d7259961c2ef89ed8005. It is recommended to upgrade the affected component. The identifier VDB-225321 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bestwebsoft:contact_form:3.21:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2023-04-09T06:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-10011", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/contus-hd-flv-player/commit/34d66b9f3231a0e2dc0e536a6fe615d736e863f7", "name" : "https://github.com/wp-plugins/contus-hd-flv-player/commit/34d66b9f3231a0e2dc0e536a6fe615d736e863f7", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.225350", "name" : "https://vuldb.com/?ctiid.225350", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.225350", "name" : "https://vuldb.com/?id.225350", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://github.com/wp-plugins/contus-hd-flv-player/commit/34d66b9f3231a0e2dc0e536a6fe615d736e863f7", "name" : "https://github.com/wp-plugins/contus-hd-flv-player/commit/34d66b9f3231a0e2dc0e536a6fe615d736e863f7", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?id.225350", "name" : "https://vuldb.com/?id.225350", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.225350", "name" : "https://vuldb.com/?ctiid.225350", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in HD FLV PLayer Plugin up to 1.7 on WordPress. It has been rated as critical. Affected by this issue is the function hd_add_media/hd_update_media of the file functions.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The patch is identified as 34d66b9f3231a0e2dc0e536a6fe615d736e863f7. It is recommended to upgrade the affected component. VDB-225350 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:contus:hd_flv_player:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2023-04-09T22:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-10012", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/facebook-button-plugin/commit/33144ae5a45ed07efe7fceca901d91365fdbf7cb", "name" : "https://github.com/wp-plugins/facebook-button-plugin/commit/33144ae5a45ed07efe7fceca901d91365fdbf7cb", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.225355", "name" : "https://vuldb.com/?ctiid.225355", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.225355", "name" : "https://vuldb.com/?id.225355", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://github.com/wp-plugins/facebook-button-plugin/commit/33144ae5a45ed07efe7fceca901d91365fdbf7cb", "name" : "https://github.com/wp-plugins/facebook-button-plugin/commit/33144ae5a45ed07efe7fceca901d91365fdbf7cb", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?id.225355", "name" : "https://vuldb.com/?id.225355", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.225355", "name" : "https://vuldb.com/?ctiid.225355", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in BestWebSoft Facebook Like Button up to 2.13 and classified as problematic. Affected by this vulnerability is the function fcbk_bttn_plgn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The patch is named 33144ae5a45ed07efe7fceca901d91365fdbf7cb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225355." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bestwebsoft:facebook_button:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2023-04-10T00:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-10013", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/kau-boys-backend-localization/commit/43dc96defd7944da12ff116476a6890acd7dd24b", "name" : "https://github.com/wp-plugins/kau-boys-backend-localization/commit/43dc96defd7944da12ff116476a6890acd7dd24b", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/kau-boys-backend-localization/releases/tag/2.0", "name" : "https://github.com/wp-plugins/kau-boys-backend-localization/releases/tag/2.0", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.227231", "name" : "https://vuldb.com/?ctiid.227231", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.227231", "name" : "https://vuldb.com/?id.227231", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/wp-plugins/kau-boys-backend-localization/commit/43dc96defd7944da12ff116476a6890acd7dd24b", "name" : "https://github.com/wp-plugins/kau-boys-backend-localization/commit/43dc96defd7944da12ff116476a6890acd7dd24b", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?id.227231", "name" : "https://vuldb.com/?id.227231", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.227231", "name" : "https://vuldb.com/?ctiid.227231", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/wp-plugins/kau-boys-backend-localization/releases/tag/2.0", "name" : "https://github.com/wp-plugins/kau-boys-backend-localization/releases/tag/2.0", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Kau-Boy Backend Localization Plugin up to 1.6.1 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the file backend_localization.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.0 is able to address this issue. The patch is named 43dc96defd7944da12ff116476a6890acd7dd24b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227231." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kau-boys:backend_localization:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-04-24T18:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-10014", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/kau-boys-backend-localization/commit/36f457ee16dd114e510fd91a3ea9fbb3c1f87184", "name" : "https://github.com/wp-plugins/kau-boys-backend-localization/commit/36f457ee16dd114e510fd91a3ea9fbb3c1f87184", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/wp-plugins/kau-boys-backend-localization/releases/tag/2.0.1", "name" : "https://github.com/wp-plugins/kau-boys-backend-localization/releases/tag/2.0.1", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://vuldb.com/?ctiid.227232", "name" : "https://vuldb.com/?ctiid.227232", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.227232", "name" : "https://vuldb.com/?id.227232", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/wp-plugins/kau-boys-backend-localization/commit/36f457ee16dd114e510fd91a3ea9fbb3c1f87184", "name" : "https://github.com/wp-plugins/kau-boys-backend-localization/commit/36f457ee16dd114e510fd91a3ea9fbb3c1f87184", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?id.227232", "name" : "https://vuldb.com/?id.227232", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.227232", "name" : "https://vuldb.com/?ctiid.227232", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/wp-plugins/kau-boys-backend-localization/releases/tag/2.0.1", "name" : "https://github.com/wp-plugins/kau-boys-backend-localization/releases/tag/2.0.1", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in Kau-Boy Backend Localization Plugin 2.0 on WordPress. Affected is the function backend_localization_admin_settings/backend_localization_save_setting/backend_localization_login_form/localize_backend of the file backend_localization.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is 36f457ee16dd114e510fd91a3ea9fbb3c1f87184. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227232." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kau-boys:backend_localization:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2023-04-24T18:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-10015", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/twitter-plugin/commit/a6d4659cbb2cbf18ccb0fb43549d5113d74e0146", "name" : "https://github.com/wp-plugins/twitter-plugin/commit/a6d4659cbb2cbf18ccb0fb43549d5113d74e0146", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.230154", "name" : "https://vuldb.com/?ctiid.230154", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.230154", "name" : "https://vuldb.com/?id.230154", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/wp-plugins/twitter-plugin/commit/a6d4659cbb2cbf18ccb0fb43549d5113d74e0146", "name" : "https://github.com/wp-plugins/twitter-plugin/commit/a6d4659cbb2cbf18ccb0fb43549d5113d74e0146", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?id.230154", "name" : "https://vuldb.com/?id.230154", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.230154", "name" : "https://vuldb.com/?ctiid.230154", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in BestWebSoft Twitter Plugin up to 2.14 on WordPress. It has been classified as problematic. Affected is the function twttr_settings_page of the file twitter.php of the component Settings Page. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 2.15 is able to address this issue. The patch is identified as a6d4659cbb2cbf18ccb0fb43549d5113d74e0146. It is recommended to upgrade the affected component. VDB-230154 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bestwebsoft:twitter:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.15", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2023-05-31T00:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-10016", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/simple-download-button-shortcode/commit/e648a8706818297cf02a665ae0bae1c069dea5f1", "name" : "https://github.com/wp-plugins/simple-download-button-shortcode/commit/e648a8706818297cf02a665ae0bae1c069dea5f1", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.242190", "name" : "https://vuldb.com/?ctiid.242190", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.242190", "name" : "https://vuldb.com/?id.242190", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://github.com/wp-plugins/simple-download-button-shortcode/commit/e648a8706818297cf02a665ae0bae1c069dea5f1", "name" : "https://github.com/wp-plugins/simple-download-button-shortcode/commit/e648a8706818297cf02a665ae0bae1c069dea5f1", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?id.242190", "name" : "https://vuldb.com/?id.242190", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.242190", "name" : "https://vuldb.com/?ctiid.242190", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-button_dl.php of the component Download Handler. The manipulation of the argument file leads to information disclosure. It is possible to launch the attack remotely. Upgrading to version 1.1 is able to address this issue. The patch is identified as e648a8706818297cf02a665ae0bae1c069dea5f1. It is recommended to upgrade the affected component. VDB-242190 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:halulu:simple-download-button-shortcode:1.0:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2023-10-17T00:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-10017", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wp-plugins/portfolio/commit/68af950330c3202a706f0ae9bbb52ceaa17dda9d", "name" : "https://github.com/wp-plugins/portfolio/commit/68af950330c3202a706f0ae9bbb52ceaa17dda9d", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.248955", "name" : "https://vuldb.com/?ctiid.248955", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.248955", "name" : "https://vuldb.com/?id.248955", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://github.com/wp-plugins/portfolio/commit/68af950330c3202a706f0ae9bbb52ceaa17dda9d", "name" : "https://github.com/wp-plugins/portfolio/commit/68af950330c3202a706f0ae9bbb52ceaa17dda9d", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://vuldb.com/?id.248955", "name" : "https://vuldb.com/?id.248955", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.248955", "name" : "https://vuldb.com/?ctiid.248955", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to address this issue. The patch is named 68af950330c3202a706f0ae9bbb52ceaa17dda9d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248955." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bestwebsoft:portfolio:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.06", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2023-12-26T10:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-10018", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstormsecurity.com/files/161919/", "name" : "https://packetstormsecurity.com/files/161919/", "refsource" : "", "tags" : [ ] }, { "url" : "https://packetstormsecurity.com/files/161920/", "name" : "https://packetstormsecurity.com/files/161920/", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/2503447", "name" : "https://plugins.trac.wordpress.org/changeset/2503447", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mapplic.com/docs/#changelog", "name" : "https://www.mapplic.com/docs/#changelog", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5aacabb5-94af-485a-af24-e84db3e3726f?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5aacabb5-94af-485a-af24-e84db3e3726f?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site's server and ultimately perform an XSS attack if requesting an SVG file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-16T07:15Z", "lastModifiedDate" : "2024-10-16T16:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1091", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-1410. Reason: This candidate is a reservation duplicate of CVE-2012-1410. Notes: All CVE users should reference CVE-2012-1410 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2012-02-29T11:55Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1092", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-1410. Reason: This candidate is a reservation duplicate of CVE-2012-1410. Notes: All CVE users should reference CVE-2012-1410 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2012-02-29T11:55Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1093", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-59" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://vladz.devzero.fr/012_x11-common-vuln.html", "name" : "http://vladz.devzero.fr/012_x11-common-vuln.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://vladz.devzero.fr/012_x11-common-vuln.html", "name" : "http://vladz.devzero.fr/012_x11-common-vuln.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/02/29/1", "name" : "http://www.openwall.com/lists/oss-security/2012/02/29/1", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/02/29/1", "name" : "http://www.openwall.com/lists/oss-security/2012/02/29/1", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/01/1", "name" : "http://www.openwall.com/lists/oss-security/2012/03/01/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/01/1", "name" : "http://www.openwall.com/lists/oss-security/2012/03/01/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1093", "name" : "https://access.redhat.com/security/cve/cve-2012-1093", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1093", "name" : "https://access.redhat.com/security/cve/cve-2012-1093", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "name" : "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "name" : "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", "refsource" : "", "tags" : [ ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1093", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1093", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1093", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1093", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:debian:x11-common:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1\\:7.6\\+12", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-21T19:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1094", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2012-1094", "name" : "https://access.redhat.com/security/cve/cve-2012-1094", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1094", "name" : "https://access.redhat.com/security/cve/cve-2012-1094", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1094", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1094", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1094", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1094", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_application_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.0.0", "versionEndExcluding" : "7.1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-03-10T17:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1096", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2012/03/02/3", "name" : "http://www.openwall.com/lists/oss-security/2012/03/02/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/02/3", "name" : "http://www.openwall.com/lists/oss-security/2012/03/02/3", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1096", "name" : "https://access.redhat.com/security/cve/cve-2012-1096", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1096", "name" : "https://access.redhat.com/security/cve/cve-2012-1096", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=793329", "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=793329", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=793329", "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=793329", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1096", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1096", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1096", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1096", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-1096", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-1096", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-1096", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-1096", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1096", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1096", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1096", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1096", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:networkmanager:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.9.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-03-10T17:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1101", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2012/03/05/4", "name" : "http://www.openwall.com/lists/oss-security/2012/03/05/4", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/05/4", "name" : "http://www.openwall.com/lists/oss-security/2012/03/05/4", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662029", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662029", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662029", "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662029", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1101", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1101", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1101", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1101", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://cgit.freedesktop.org/systemd/systemd/commit/?id=9a46fc3b9014de1bf0ed1f3004a536b08a19ebb3", "name" : "https://cgit.freedesktop.org/systemd/systemd/commit/?id=9a46fc3b9014de1bf0ed1f3004a536b08a19ebb3", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://cgit.freedesktop.org/systemd/systemd/commit/?id=9a46fc3b9014de1bf0ed1f3004a536b08a19ebb3", "name" : "https://cgit.freedesktop.org/systemd/systemd/commit/?id=9a46fc3b9014de1bf0ed1f3004a536b08a19ebb3", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:systemd_project:systemd:37:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-03-11T15:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1102", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes", "name" : "https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://seclists.org/oss-sec/2012/q1/549", "name" : "https://seclists.org/oss-sec/2012/q1/549", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes", "name" : "https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://seclists.org/oss-sec/2012/q1/549", "name" : "https://seclists.org/oss-sec/2012/q1/549", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xml\\:\\:atom_project:xml\\:\\:atom:*:*:*:*:*:perl:*:*", "versionEndExcluding" : "0.39", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2021-07-09T11:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1104", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2012/03/05/7", "name" : "http://www.openwall.com/lists/oss-security/2012/03/05/7", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/05/7", "name" : "http://www.openwall.com/lists/oss-security/2012/03/05/7", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1104", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1104", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1104", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1104", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog", "name" : "https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog", "name" : "https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1104", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1104", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1104", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1104", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.securityfocus.com/bid/52279", "name" : "https://www.securityfocus.com/bid/52279", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/52279", "name" : "https://www.securityfocus.com/bid/52279", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apereo:phpcas:1.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-05T18:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1105", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2012/03/05/7", "name" : "http://www.openwall.com/lists/oss-security/2012/03/05/7", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/05/7", "name" : "http://www.openwall.com/lists/oss-security/2012/03/05/7", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1105", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1105", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1105", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1105", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog", "name" : "https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog", "name" : "https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1105", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1105", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1105", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1105", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.securityfocus.com/bid/52280", "name" : "https://www.securityfocus.com/bid/52280", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.securityfocus.com/bid/52280", "name" : "https://www.securityfocus.com/bid/52280", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apereo:phpcas:1.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-05T19:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1109", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-755" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2012/03/05/20", "name" : "http://www.openwall.com/lists/oss-security/2012/03/05/20", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1109", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1109", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://www.securityfocus.com/bid/52577", "name" : "https://www.securityfocus.com/bid/52577", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/05/20", "name" : "http://www.openwall.com/lists/oss-security/2012/03/05/20", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://www.securityfocus.com/bid/52577", "name" : "https://www.securityfocus.com/bid/52577", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1109", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1109", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pediapress:mwlib:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.13.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-12T15:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1114", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089297.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089297.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089297.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089297.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089313.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089313.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089313.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089313.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089328.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089328.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089328.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089328.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/05/24", "name" : "http://www.openwall.com/lists/oss-security/2012/03/05/24", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/05/24", "name" : "http://www.openwall.com/lists/oss-security/2012/03/05/24", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/12/1", "name" : "http://www.openwall.com/lists/oss-security/2012/03/12/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/12/1", "name" : "http://www.openwall.com/lists/oss-security/2012/03/12/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/12/10", "name" : "http://www.openwall.com/lists/oss-security/2012/03/12/10", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/12/10", "name" : "http://www.openwall.com/lists/oss-security/2012/03/12/10", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/52255", "name" : "http://www.securityfocus.com/bid/52255", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/52255", "name" : "http://www.securityfocus.com/bid/52255", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1114", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1114", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1114", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1114", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73971", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73971", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73971", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73971", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1114", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1114", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1114", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1114", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ldap-account-manager:ldap_account_manager:3.6:*:*:*:pro:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-05T21:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1115", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089297.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089297.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089297.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089297.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089313.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089313.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089313.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089313.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089328.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089328.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089328.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089328.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/05/24", "name" : "http://www.openwall.com/lists/oss-security/2012/03/05/24", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/05/24", "name" : "http://www.openwall.com/lists/oss-security/2012/03/05/24", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/12/1", "name" : "http://www.openwall.com/lists/oss-security/2012/03/12/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/12/1", "name" : "http://www.openwall.com/lists/oss-security/2012/03/12/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/12/10", "name" : "http://www.openwall.com/lists/oss-security/2012/03/12/10", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/12/10", "name" : "http://www.openwall.com/lists/oss-security/2012/03/12/10", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/52255", "name" : "http://www.securityfocus.com/bid/52255", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/52255", "name" : "http://www.securityfocus.com/bid/52255", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1115", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1115", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1115", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1115", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73971", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73971", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73971", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73971", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74357", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74357", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74357", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74357", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1115", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1115", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1115", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1115", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ldap-account-manager:ldap_account_manager:3.6:*:*:*:pro:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-12-05T21:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1124", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2012/Mar/4", "name" : "http://seclists.org/fulldisclosure/2012/Mar/4", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2012/Mar/4", "name" : "http://seclists.org/fulldisclosure/2012/Mar/4", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://sourceforge.net/tracker/?func=detail&aid=3496086&group_id=123602&atid=697109", "name" : "http://sourceforge.net/tracker/?func=detail&aid=3496086&group_id=123602&atid=697109", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://sourceforge.net/tracker/?func=detail&aid=3496086&group_id=123602&atid=697109", "name" : "http://sourceforge.net/tracker/?func=detail&aid=3496086&group_id=123602&atid=697109", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.exploit-db.com/exploits/18549", "name" : "http://www.exploit-db.com/exploits/18549", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.exploit-db.com/exploits/18549", "name" : "http://www.exploit-db.com/exploits/18549", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/06/10", "name" : "http://www.openwall.com/lists/oss-security/2012/03/06/10", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/06/10", "name" : "http://www.openwall.com/lists/oss-security/2012/03/06/10", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/06/2", "name" : "http://www.openwall.com/lists/oss-security/2012/03/06/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/06/2", "name" : "http://www.openwall.com/lists/oss-security/2012/03/06/2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phxeventmanager_project:phxeventmanager:2.0:beta5:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-11T20:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1155", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1155", "name" : "https://access.redhat.com/security/cve/cve-2012-1155", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1155", "name" : "https://access.redhat.com/security/cve/cve-2012-1155", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1155", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1155", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1155", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1155", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://moodle.org/mod/forum/discuss.php?d=198621", "name" : "https://moodle.org/mod/forum/discuss.php?d=198621", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://moodle.org/mod/forum/discuss.php?d=198621", "name" : "https://moodle.org/mod/forum/discuss.php?d=198621", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1155", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1155", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1155", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1155", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.9", "versionEndExcluding" : "1.9.17", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.0", "versionEndExcluding" : "2.0.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.1", "versionEndExcluding" : "2.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.2", "versionEndExcluding" : "2.2.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-14T16:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1156", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-532" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1156", "name" : "https://access.redhat.com/security/cve/cve-2012-1156", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1156", "name" : "https://access.redhat.com/security/cve/cve-2012-1156", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1156", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1156", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1156", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1156", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://moodle.org/mod/forum/discuss.php?d=198623", "name" : "https://moodle.org/mod/forum/discuss.php?d=198623", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://moodle.org/mod/forum/discuss.php?d=198623", "name" : "https://moodle.org/mod/forum/discuss.php?d=198623", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1156", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1156", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1156", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1156", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Moodle before 2.2.2 has users' private files included in course backups" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.2.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-14T16:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1157", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-276" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1157", "name" : "https://access.redhat.com/security/cve/cve-2012-1157", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1157", "name" : "https://access.redhat.com/security/cve/cve-2012-1157", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1157", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1157", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1157", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1157", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://moodle.org/mod/forum/discuss.php?d=198624", "name" : "https://moodle.org/mod/forum/discuss.php?d=198624", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://moodle.org/mod/forum/discuss.php?d=198624", "name" : "https://moodle.org/mod/forum/discuss.php?d=198624", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1157", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1157", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1157", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1157", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.2.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-14T17:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1158", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1158", "name" : "https://access.redhat.com/security/cve/cve-2012-1158", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1158", "name" : "https://access.redhat.com/security/cve/cve-2012-1158", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1158", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1158", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1158", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1158", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://moodle.org/mod/forum/discuss.php?d=198627", "name" : "https://moodle.org/mod/forum/discuss.php?d=198627", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://moodle.org/mod/forum/discuss.php?d=198627", "name" : "https://moodle.org/mod/forum/discuss.php?d=198627", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1158", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1158", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1158", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1158", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.2.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-14T17:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1159", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1159", "name" : "https://access.redhat.com/security/cve/cve-2012-1159", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1159", "name" : "https://access.redhat.com/security/cve/cve-2012-1159", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1159", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1159", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1159", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1159", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://moodle.org/mod/forum/discuss.php?d=198628", "name" : "https://moodle.org/mod/forum/discuss.php?d=198628", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://moodle.org/mod/forum/discuss.php?d=198628", "name" : "https://moodle.org/mod/forum/discuss.php?d=198628", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1159", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1159", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1159", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1159", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Moodle before 2.2.2: Overview report allows users to see hidden courses" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.2.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-14T17:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1160", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-732" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1160", "name" : "https://access.redhat.com/security/cve/cve-2012-1160", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1160", "name" : "https://access.redhat.com/security/cve/cve-2012-1160", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1160", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1160", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1160", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1160", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://moodle.org/mod/forum/discuss.php?d=198629", "name" : "https://moodle.org/mod/forum/discuss.php?d=198629", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://moodle.org/mod/forum/discuss.php?d=198629", "name" : "https://moodle.org/mod/forum/discuss.php?d=198629", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1160", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1160", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1160", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1160", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.2.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 2.7, "baseSeverity" : "LOW" }, "exploitabilityScore" : 1.2, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-14T17:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1161", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1161", "name" : "https://access.redhat.com/security/cve/cve-2012-1161", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1161", "name" : "https://access.redhat.com/security/cve/cve-2012-1161", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1161", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1161", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1161", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1161", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://moodle.org/mod/forum/discuss.php?d=198630", "name" : "https://moodle.org/mod/forum/discuss.php?d=198630", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://moodle.org/mod/forum/discuss.php?d=198630", "name" : "https://moodle.org/mod/forum/discuss.php?d=198630", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1161", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1161", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1161", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1161", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.2.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-14T17:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1168", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1168", "name" : "https://access.redhat.com/security/cve/cve-2012-1168", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1168", "name" : "https://access.redhat.com/security/cve/cve-2012-1168", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1168", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1168", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1168", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1168", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://moodle.org/mod/forum/discuss.php?d=198622", "name" : "https://moodle.org/mod/forum/discuss.php?d=198622", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://moodle.org/mod/forum/discuss.php?d=198622", "name" : "https://moodle.org/mod/forum/discuss.php?d=198622", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1168", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1168", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1168", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1168", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.2.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "LOW", "baseScore" : 8.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 4.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-14T16:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1169", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1169", "name" : "https://access.redhat.com/security/cve/cve-2012-1169", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1169", "name" : "https://access.redhat.com/security/cve/cve-2012-1169", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1169", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1169", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1169", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1169", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://moodle.org/mod/forum/discuss.php?d=198625", "name" : "https://moodle.org/mod/forum/discuss.php?d=198625", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://moodle.org/mod/forum/discuss.php?d=198625", "name" : "https://moodle.org/mod/forum/discuss.php?d=198625", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1169", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1169", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1169", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1169", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.2.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-14T17:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1170", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-354" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1170", "name" : "https://access.redhat.com/security/cve/cve-2012-1170", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1170", "name" : "https://access.redhat.com/security/cve/cve-2012-1170", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1170", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1170", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1170", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1170", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://moodle.org/mod/forum/discuss.php?d=198632", "name" : "https://moodle.org/mod/forum/discuss.php?d=198632", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://moodle.org/mod/forum/discuss.php?d=198632", "name" : "https://moodle.org/mod/forum/discuss.php?d=198632", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1170", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1170", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1170", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1170", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.2.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-14T17:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1187", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-273" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/cve-2012-1187", "name" : "https://access.redhat.com/security/cve/cve-2012-1187", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1187", "name" : "https://access.redhat.com/security/cve/cve-2012-1187", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://bugs.bitlbee.org/ticket/852", "name" : "https://bugs.bitlbee.org/ticket/852", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugs.bitlbee.org/ticket/852", "name" : "https://bugs.bitlbee.org/ticket/852", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1187", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1187", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1187", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1187", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1187", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1187", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1187", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1187", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Bitlbee does not drop extra group privileges correctly in unix.c" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bitlbee:bitlbee:3.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-10-29T19:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1257", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-319" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://developer.pidgin.im/ticket/14830", "name" : "http://developer.pidgin.im/ticket/14830", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://developer.pidgin.im/ticket/14830", "name" : "http://developer.pidgin.im/ticket/14830", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://pidgin.im/pipermail/devel/2011-December/010521.html", "name" : "http://pidgin.im/pipermail/devel/2011-December/010521.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://pidgin.im/pipermail/devel/2011-December/010521.html", "name" : "http://pidgin.im/pipermail/devel/2011-December/010521.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-20T20:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1258", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html", "name" : "http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html", "name" : "http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.exploit-db.com/exploits/18750", "name" : "http://www.exploit-db.com/exploits/18750", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.exploit-db.com/exploits/18750", "name" : "http://www.exploit-db.com/exploits/18750", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/52989", "name" : "http://www.securityfocus.com/bid/52989", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/52989", "name" : "http://www.securityfocus.com/bid/52989", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74824", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74824", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74824", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74824", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/", "name" : "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/", "name" : "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plixer:scrutinizer_netflow_\\&_sflow_analyzer:*:*:*:*:*:*:*:*", "versionEndExcluding" : "9.0.1.19899", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-09T20:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1259", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html", "name" : "http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html", "name" : "http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.exploit-db.com/exploits/18750", "name" : "http://www.exploit-db.com/exploits/18750", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.exploit-db.com/exploits/18750", "name" : "http://www.exploit-db.com/exploits/18750", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/52989", "name" : "http://www.securityfocus.com/bid/52989", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/52989", "name" : "http://www.securityfocus.com/bid/52989", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74826", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74826", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74826", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74826", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/", "name" : "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/", "name" : "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the (1) addip parameter to cgi-bin/scrut_fa_exclusions.cgi, (2) getPermissionsAndPreferences parameter to cgi-bin/login.cgi, or (3) possibly certain parameters to d4d/alarms.php as demonstrated by the search_str parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plixer:scrutinizer_netflow_\\&_sflow_analyzer:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.6.2.16204", "versionEndExcluding" : "9.0.1.19899", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-09T20:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1260", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html", "name" : "http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html", "name" : "http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.exploit-db.com/exploits/18750", "name" : "http://www.exploit-db.com/exploits/18750", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.exploit-db.com/exploits/18750", "name" : "http://www.exploit-db.com/exploits/18750", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/52989", "name" : "http://www.securityfocus.com/bid/52989", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/52989", "name" : "http://www.securityfocus.com/bid/52989", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74825", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74825", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74825", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74825", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/", "name" : "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/", "name" : "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allows remote attackers to inject arbitrary web script or HTML via the newUser parameter. NOTE: this might not be a vulnerability, since an administrator might already have the privileges to create arbitrary script." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plixer:scrutinizer_netflow_\\&_sflow_analyzer:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.6.2.16204", "versionEndExcluding" : "9.0.1.19899", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-09T20:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1261", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html", "name" : "http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html", "name" : "http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.exploit-db.com/exploits/18750", "name" : "http://www.exploit-db.com/exploits/18750", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.exploit-db.com/exploits/18750", "name" : "http://www.exploit-db.com/exploits/18750", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/52989", "name" : "http://www.securityfocus.com/bid/52989", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/52989", "name" : "http://www.securityfocus.com/bid/52989", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74827", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74827", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74827", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74827", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/", "name" : "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/", "name" : "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusions.cgi in Plixer International Scrutinizer NetFlow and sFlow Analyzer 8.6.2.16204 and other versions before 9.0.1.19899 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plixer:scrutinizer_netflow_\\&_sflow_analyzer:*:*:*:*:*:*:*:*", "versionEndIncluding" : "8.6.2.16204", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-09T20:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1316", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/52981", "name" : "http://www.securityfocus.com/bid/52981", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/52981", "name" : "http://www.securityfocus.com/bid/52981", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.secureworks.com/research/transitive-trust", "name" : "https://www.secureworks.com/research/transitive-trust", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.secureworks.com/research/transitive-trust", "name" : "https://www.secureworks.com/research/transitive-trust", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:ironport_web_security_appliance:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-15T14:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1326", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/52981", "name" : "http://www.securityfocus.com/bid/52981", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/52981", "name" : "http://www.securityfocus.com/bid/52981", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-1326", "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-1326", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-1326", "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-1326", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:ironport_web_security_appliance:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.4, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-15T14:15Z", "lastModifiedDate" : "2024-11-21T01:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1495", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/", "name" : "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/", "name" : "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html", "name" : "https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html", "name" : "https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html", "name" : "https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html", "name" : "https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/18775", "name" : "https://www.exploit-db.com/exploits/18775", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/18775", "name" : "https://www.exploit-db.com/exploits/18775", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webcalendar_project:webcalendar:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.2.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-27T15:15Z", "lastModifiedDate" : "2024-11-21T01:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1496", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/", "name" : "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/", "name" : "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Local file inclusion in WebCalendar before 1.2.5." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webcalendar_project:webcalendar:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.2.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-27T15:15Z", "lastModifiedDate" : "2024-11-21T01:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1500", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://web.archive.org/web/20121014055829/http://www.cloudscan.me/2012/09/cve-2012-1500-ghs-5375-ghs-5642.html", "name" : "https://web.archive.org/web/20121014055829/http://www.cloudscan.me/2012/09/cve-2012-1500-ghs-5375-ghs-5642.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://web.archive.org/web/20121014055829/http://www.cloudscan.me/2012/09/cve-2012-1500-ghs-5375-ghs-5642.html", "name" : "https://web.archive.org/web/20121014055829/http://www.cloudscan.me/2012/09/cve-2012-1500-ghs-5375-ghs-5642.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/21052", "name" : "21052", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/21052", "name" : "21052", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atlassian:jira:4.4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atlassian:greenhopper:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.9.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-13T17:15Z", "lastModifiedDate" : "2024-11-21T01:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1501", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2012-12-11T12:18Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1534", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4167. Reason: This candidate is a reservation duplicate of CVE-2012-4167. Notes: All CVE users should reference CVE-2012-4167 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2012-08-21T23:55Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1544", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-1876. Reason: This candidate is a duplicate of CVE-2012-1876. Notes: All CVE users should reference CVE-2012-1876 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2012-03-09T11:55Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1562", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-330" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2012/03/19/11", "name" : "http://www.openwall.com/lists/oss-security/2012/03/19/11", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/19/11", "name" : "http://www.openwall.com/lists/oss-security/2012/03/19/11", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://developer.joomla.org/security/news/394-20120304-core-password-change.html", "name" : "https://developer.joomla.org/security/news/394-20120304-core-password-change.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://developer.joomla.org/security/news/394-20120304-core-password-change.html", "name" : "https://developer.joomla.org/security/news/394-20120304-core-password-change.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Joomla! core before 2.5.3 allows unauthorized password change." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.5.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-15T13:15Z", "lastModifiedDate" : "2024-11-21T01:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1563", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2012/03/19/11", "name" : "http://www.openwall.com/lists/oss-security/2012/03/19/11", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/19/11", "name" : "http://www.openwall.com/lists/oss-security/2012/03/19/11", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://developer.joomla.org/security/news/395-20120303-core-privilege-escalation.html", "name" : "https://developer.joomla.org/security/news/395-20120303-core-privilege-escalation.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://developer.joomla.org/security/news/395-20120303-core-privilege-escalation.html", "name" : "https://developer.joomla.org/security/news/395-20120303-core-privilege-escalation.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/41156/", "name" : "https://www.exploit-db.com/exploits/41156/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/41156/", "name" : "https://www.exploit-db.com/exploits/41156/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Joomla! before 2.5.3 allows Admin Account Creation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.5.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-15T13:15Z", "lastModifiedDate" : "2024-11-21T01:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1566", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2012/03/19/14", "name" : "http://www.openwall.com/lists/oss-security/2012/03/19/14", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/19/14", "name" : "http://www.openwall.com/lists/oss-security/2012/03/19/14", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintNanny." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linuxmint:linuxmint:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2012-03-19", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-07T14:15Z", "lastModifiedDate" : "2024-11-21T01:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1567", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2012/03/19/14", "name" : "http://www.openwall.com/lists/oss-security/2012/03/19/14", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/19/14", "name" : "http://www.openwall.com/lists/oss-security/2012/03/19/14", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://github.com/linuxmint/mintupdate/blob/master/usr/lib/linuxmint/mintUpdate/mintUpdate.py#L1444", "name" : "https://github.com/linuxmint/mintupdate/blob/master/usr/lib/linuxmint/mintUpdate/mintUpdate.py#L1444", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/linuxmint/mintupdate/blob/master/usr/lib/linuxmint/mintUpdate/mintUpdate.py#L1444", "name" : "https://github.com/linuxmint/mintupdate/blob/master/usr/lib/linuxmint/mintUpdate/mintUpdate.py#L1444", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintUpdate." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linuxmint:linuxmint:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2012-03-19", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-07T14:15Z", "lastModifiedDate" : "2024-11-21T01:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1572", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1572", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1572", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1572", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1572", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1572", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1572", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1572", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1572", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openstack:keystone:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-12T17:15Z", "lastModifiedDate" : "2024-11-21T01:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1577", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-335" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/random.c#rev1.16", "name" : "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/random.c#rev1.16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/random.c#rev1.16", "name" : "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/random.c#rev1.16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/23/14", "name" : "http://www.openwall.com/lists/oss-security/2012/03/23/14", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/23/14", "name" : "http://www.openwall.com/lists/oss-security/2012/03/23/14", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://github.com/ensc/dietlibc/blob/master/CHANGES", "name" : "https://github.com/ensc/dietlibc/blob/master/CHANGES", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/ensc/dietlibc/blob/master/CHANGES", "name" : "https://github.com/ensc/dietlibc/blob/master/CHANGES", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1577", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1577", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1577", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1577", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dietlibc_project:dietlibc:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-10T19:15Z", "lastModifiedDate" : "2024-11-21T01:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1587", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4944. Reason: This candidate is a duplicate of CVE-2011-4944. Notes: All CVE users should reference CVE-2011-4944 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2012-08-27T23:55Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1592", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2012/03/28/12", "name" : "http://www.openwall.com/lists/oss-security/2012/03/28/12", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/03/28/12", "name" : "http://www.openwall.com/lists/oss-security/2012/03/28/12", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1592", "name" : "https://access.redhat.com/security/cve/cve-2012-1592", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/cve-2012-1592", "name" : "https://access.redhat.com/security/cve/cve-2012-1592", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3E", "name" : "[struts-issues] 20200122 [jira] [Created] (WW-5055) Fix for security vulnerability CVE-2012-1592 identified in the National Vulnerability Database", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3E", "name" : "[struts-issues] 20200122 [jira] [Created] (WW-5055) Fix for security vulnerability CVE-2012-1592 identified in the National Vulnerability Database", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3E", "name" : "[struts-issues] 20200903 [jira] [Commented] (WW-5055) Fix for security vulnerability CVE-2012-1592 identified in the National Vulnerability Database", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3E", "name" : "[struts-issues] 20200903 [jira] [Commented] (WW-5055) Fix for security vulnerability CVE-2012-1592 identified in the National Vulnerability Database", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3E", "name" : "[struts-issues] 20200123 [jira] [Closed] (WW-5055) Fix for security vulnerability CVE-2012-1592 identified in the National Vulnerability Database", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3E", "name" : "[struts-issues] 20200123 [jira] [Closed] (WW-5055) Fix for security vulnerability CVE-2012-1592 identified in the National Vulnerability Database", "refsource" : "", "tags" : [ ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1592", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1592", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2012-1592", "name" : "https://security-tracker.debian.org/tracker/CVE-2012-1592", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-05T21:15Z", "lastModifiedDate" : "2024-11-21T01:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1609", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-07-09T13:15Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1615", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076873.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076873.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076873.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076873.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081113.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081113.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081113.html", "name" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081113.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/04/04/2", "name" : "http://www.openwall.com/lists/oss-security/2012/04/04/2", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/04/04/2", "name" : "http://www.openwall.com/lists/oss-security/2012/04/04/2", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/52884", "name" : "http://www.securityfocus.com/bid/52884", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/52884", "name" : "http://www.securityfocus.com/bid/52884", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1615", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1615", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1615", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1615", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74655", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74655", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74655", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74655", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fedoraproject:sectool:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-12-06T16:15Z", "lastModifiedDate" : "2024-11-21T01:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1619", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-16T20:29Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1637", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1", "name" : "http://www.openwall.com/lists/oss-security/2012/04/07/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1", "name" : "http://www.openwall.com/lists/oss-security/2012/04/07/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.drupal.org/node/1409476", "name" : "https://www.drupal.org/node/1409476", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.drupal.org/node/1409476", "name" : "https://www.drupal.org/node/1409476", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x before 6.x-2.1, 6.x-3.x before 6.x-3.1, and 7.x-3.x before 7.x-3.3 for Drupal." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:drupal:quick_tabs:6.x-2.0:*:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:drupal:quick_tabs:6.x-3.0:*:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:drupal:quick_tabs:7.x-3.0:*:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:drupal:quick_tabs:7.x-3.1:*:*:*:*:drupal:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:drupal:quick_tabs:7.x-3.2:*:*:*:*:drupal:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-11-21T23:15Z", "lastModifiedDate" : "2024-11-21T01:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1869", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1871", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1883", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1884", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1903", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://web.archive.org/web/20160317182930/http://www.cloudscan.me/2013/03/cve-2012-1903-stored-xss-javascript.html", "name" : "https://web.archive.org/web/20160317182930/http://www.cloudscan.me/2013/03/cve-2012-1903-stored-xss-javascript.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://web.archive.org/web/20160317182930/http://www.cloudscan.me/2013/03/cve-2012-1903-stored-xss-javascript.html", "name" : "https://web.archive.org/web/20160317182930/http://www.cloudscan.me/2013/03/cve-2012-1903-stored-xss-javascript.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:telligent:community:5.6.583.20496:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-13T17:15Z", "lastModifiedDate" : "2024-11-21T01:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1913", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0754. Reason: This candidate is a reservation duplicate of CVE-2010-0754. Notes: All CVE users should reference CVE-2010-0754 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2012-03-28T10:55Z", "lastModifiedDate" : "2023-11-07T02:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1915", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/54620", "name" : "54620", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/54620", "name" : "54620", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS attacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codeigniter:codeigniter:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.1.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-01-09T21:15Z", "lastModifiedDate" : "2024-11-21T01:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1932", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstormsecurity.com/files/111185/Wolf-CMS-0.75-Persistent-Cross-Site-Scripting.html", "name" : "https://packetstormsecurity.com/files/111185/Wolf-CMS-0.75-Persistent-Cross-Site-Scripting.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/111185/Wolf-CMS-0.75-Persistent-Cross-Site-Scripting.html", "name" : "https://packetstormsecurity.com/files/111185/Wolf-CMS-0.75-Persistent-Cross-Site-Scripting.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wolfcms:wolf_cms:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.7.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-02-19T15:15Z", "lastModifiedDate" : "2024-11-21T01:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-1994", "ASSIGNER" : "hp-security-alert@hp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/53315", "name" : "http://www.securityfocus.com/bid/53315", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/53315", "name" : "http://www.securityfocus.com/bid/53315", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id?1026987", "name" : "http://www.securitytracker.com/id?1026987", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id?1026987", "name" : "http://www.securitytracker.com/id?1026987", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75294", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75294", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75294", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75294", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:systems_insight_manager:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.7, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.1, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.7 }, "severity" : "LOW", "exploitabilityScore" : 5.1, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-02-10T16:15Z", "lastModifiedDate" : "2024-11-21T01:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2012-20001", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://seclists.org/bugtraq/2012/Nov/1", "name" : "https://seclists.org/bugtraq/2012/Nov/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2012/Nov/1", "name" : "https://seclists.org/bugtraq/2012/Nov/1", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PrestaShop before 1.5.2 allows XSS via the \"