Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2012-0864 (GCVE-0-2012-0864)
Vulnerability from cvelistv5 – Published: 2013-05-02 14:00 – Updated: 2024-08-06 18:38
VLAI?
EPSS
Summary
Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2012:0531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "52201",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52201"
},
{
"name": "RHSA-2012:0393",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0393.html"
},
{
"name": "RHSA-2012:0397",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0397.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=7c1f4834d398163d1ac8101e35e9c36fc3176e6e"
},
{
"name": "RHSA-2012:0488",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "[libc-alpha] 20120202 [PATCH] vfprintf: validate nargs and positional offsets",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=794766"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.phrack.org/issues.html?issue=67\u0026id=9#article"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-02T14:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2012:0531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "52201",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52201"
},
{
"name": "RHSA-2012:0393",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0393.html"
},
{
"name": "RHSA-2012:0397",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0397.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=7c1f4834d398163d1ac8101e35e9c36fc3176e6e"
},
{
"name": "RHSA-2012:0488",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "[libc-alpha] 20120202 [PATCH] vfprintf: validate nargs and positional offsets",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=794766"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.phrack.org/issues.html?issue=67\u0026id=9#article"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0864",
"datePublished": "2013-05-02T14:00:00.000Z",
"dateReserved": "2012-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:38:14.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-X2P4-F3VF-GWP3
Vulnerability from github – Published: 2022-05-17 05:10 – Updated: 2022-05-17 05:10
VLAI?
Details
Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.
{
"affected": [],
"aliases": [
"CVE-2012-0864"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-05-02T14:55:00Z",
"severity": "MODERATE"
},
"details": "Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.",
"id": "GHSA-x2p4-f3vf-gwp3",
"modified": "2022-05-17T05:10:42Z",
"published": "2022-05-17T05:10:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0864"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2012:0393"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2012:0397"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2012:0488"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2012:0531"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2012-0864"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=794766"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0393.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0397.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"type": "WEB",
"url": "http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=7c1f4834d398163d1ac8101e35e9c36fc3176e6e"
},
{
"type": "WEB",
"url": "http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=7c1f4834d398163d1ac8101e35e9c36fc3176e6e"
},
{
"type": "WEB",
"url": "http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html"
},
{
"type": "WEB",
"url": "http://www.phrack.org/issues.html?issue=67\u0026id=9#article"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/52201"
}
],
"schema_version": "1.4.0",
"severity": []
}
CERTA-2012-AVI-759
Vulnerability from certfr_avis - Published: 2012-12-21 - Updated: 2012-12-21
De multiples vulnérabilités ont été corrigées dans VMware vCenter Server Appliance et VMware ESXi. Elles concernent des téléchargement de fichiers arbitraires.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware ESXi 5.0",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi 4.0",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi 4.1",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Server Appliance 5.1",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Server Appliance 5.0",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi 5.1",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
},
{
"name": "CVE-2009-5064",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5064"
},
{
"name": "CVE-2009-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
},
{
"name": "CVE-2012-3404",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3404"
},
{
"name": "CVE-2012-3406",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3406"
},
{
"name": "CVE-2010-0830",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
},
{
"name": "CVE-2012-0864",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0864"
},
{
"name": "CVE-2012-3405",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3405"
},
{
"name": "CVE-2012-3480",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3480"
},
{
"name": "CVE-2011-1089",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
}
],
"initial_release_date": "2012-12-21T00:00:00",
"last_revision_date": "2012-12-21T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0018 du 20 d\u00e9cembre 2012 :",
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0018.html"
}
],
"reference": "CERTA-2012-AVI-759",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-12-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eVMware vCenter Server Appliance\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003eVMware ESXi\u003c/span\u003e. Elles concernent des t\u00e9l\u00e9chargement\nde fichiers arbitraires.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMSA-2012-0018 du 20 d\u00e9cembre 2012",
"url": null
}
]
}
CERTA-2012-AVI-518
Vulnerability from certfr_avis - Published: 2012-09-24 - Updated: 2012-09-24
De multiples vulnérabilités ont été corrigées dans les produits Avaya. Les correctifs sont liés à la mise à jour de leurs systèmes Redhat.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| AVAYA | N/A | Avaya Aura Presence Services versions 6.x | ||
| AVAYA | N/A | Avaya Aura Communication Manager versions 6.x | ||
| AVAYA | N/A | Avaya Proactive Contact versions 5.x | ||
| AVAYA | N/A | Avaya IP Office Application Server versions 7.x | ||
| AVAYA | N/A | Avaya IP Office Application Server versions 6.x | ||
| AVAYA | N/A | Avaya Aura Communication Manager versions 5.x | ||
| AVAYA | N/A | Avaya Voice Portal version 5.1 | ||
| AVAYA | N/A | Avaya IQ versions 5.x | ||
| AVAYA | N/A | Avaya Aura System Platform versions 1.x | ||
| AVAYA | N/A | Avaya Voice Portal version 5.0 | ||
| AVAYA | N/A | Avaya Aura Messaging versions 6.x | ||
| AVAYA | N/A | Avaya Aura System Platform versions 6.0.x | ||
| AVAYA | N/A | Avaya Aura System Manager versions 6.x | ||
| AVAYA | N/A | Avaya Voice Portal version 5.1.1 | ||
| AVAYA | N/A | Avaya Voice Portal version 5.1.2 | ||
| AVAYA | N/A | Avaya Aura SIP Enablement Services versions 5.x | ||
| AVAYA | N/A | Avaya Aurora Session Manager version 6.2 | ||
| AVAYA | N/A | Avaya IP Office Application Server versions 8.x | ||
| AVAYA | N/A | Avaya Aurora Session Manager versions 5.x | ||
| AVAYA | N/A | Avaya Aura System Manager versions 5.x | ||
| AVAYA | N/A | Avaya Aura Application Enablement Services versions 5.x | ||
| AVAYA | N/A | Avaya Aura Experience Portal versions 6.x | ||
| AVAYA | N/A | Avaya Meeting Exchange versions 5.x | ||
| AVAYA | N/A | Avaya Messaging Storage Server 5.2.x | ||
| AVAYA | N/A | Avaya Aura Conferencing Standard Edition versions 6.x | ||
| AVAYA | N/A | Avaya Aura Communication Manager versions 4.x | ||
| AVAYA | N/A | Avaya Aura Application Server 5300 | ||
| AVAYA | N/A | Avaya Aurora Session Manager versions 1.x | ||
| AVAYA | N/A | Avaya Aurora Session Manager version 6.2.1 | ||
| AVAYA | N/A | Avaya Communication Server 1000 versions 7.x | ||
| AVAYA | N/A | Avaya Aura Application Enablement Services versions 6.x | ||
| AVAYA | N/A | Avaya Aurora Session Manager versions 6.0.x | ||
| AVAYA | N/A | Avaya Communication Server 1000 versions 6.x | ||
| AVAYA | N/A | Avaya Aura System Platform version 6.2 | ||
| AVAYA | N/A | Avaya Aura Communication Manager Utility Services versions 6.x | ||
| AVAYA | N/A | Avaya Aurora Session Manager versions 6.1.x |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Avaya Aura Presence Services versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Communication Manager versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Proactive Contact versions 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya IP Office Application Server versions 7.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya IP Office Application Server versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Communication Manager versions 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Voice Portal version 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya IQ versions 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura System Platform versions 1.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Voice Portal version 5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Messaging versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura System Platform versions 6.0.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura System Manager versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Voice Portal version 5.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Voice Portal version 5.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura SIP Enablement Services versions 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aurora Session Manager version 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya IP Office Application Server versions 8.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aurora Session Manager versions 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura System Manager versions 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Application Enablement Services versions 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Experience Portal versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Meeting Exchange versions 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Messaging Storage Server 5.2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Conferencing Standard Edition versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Communication Manager versions 4.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Application Server 5300",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aurora Session Manager versions 1.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aurora Session Manager version 6.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Communication Server 1000 versions 7.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Application Enablement Services versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aurora Session Manager versions 6.0.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Communication Server 1000 versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura System Platform version 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Communication Manager Utility Services versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aurora Session Manager versions 6.1.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-2213",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2213"
},
{
"name": "CVE-2010-4649",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4649"
},
{
"name": "CVE-2011-1044",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1044"
},
{
"name": "CVE-2011-2022",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2022"
},
{
"name": "CVE-2011-1746",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1746"
},
{
"name": "CVE-2011-0695",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0695"
},
{
"name": "CVE-2011-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1745"
},
{
"name": "CVE-2012-0884",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0884"
},
{
"name": "CVE-2011-1776",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1776"
},
{
"name": "CVE-2011-4028",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4028"
},
{
"name": "CVE-2011-1936",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1936"
},
{
"name": "CVE-2011-1593",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1593"
},
{
"name": "CVE-2011-1182",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1182"
},
{
"name": "CVE-2012-1165",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1165"
},
{
"name": "CVE-2012-0864",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0864"
},
{
"name": "CVE-2012-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
},
{
"name": "CVE-2011-2492",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2492"
},
{
"name": "CVE-2011-1573",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1573"
},
{
"name": "CVE-2011-0419",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0419"
},
{
"name": "CVE-2011-0711",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0711"
},
{
"name": "CVE-2011-1576",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1576"
}
],
"initial_release_date": "2012-09-24T00:00:00",
"last_revision_date": "2012-09-24T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 18 septembre 2012 :",
"url": "https://downloads.avaya.com/css/P8/documents/100160780"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 18 septembre 2012 :",
"url": "https://downloads.avaya.com/css/P8/documents/100160023"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 19 septembre 2012 :",
"url": "https://downloads.avaya.com/css/P8/documents/100162507"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 18 septembre 2012 :",
"url": "https://downloads.avaya.com/css/P8/documents/100160589"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 19 septembre 2012 :",
"url": "https://downloads.avaya.com/css/P8/documents/100147390"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 18 septembre 2012 :",
"url": "https://downloads.avaya.com/css/P8/documents/100141102"
}
],
"reference": "CERTA-2012-AVI-518",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-09-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eAvaya\u003c/span\u003e. Les correctifs sont li\u00e9s \u00e0 la mise \u00e0 jour\nde leurs syst\u00e8mes \u003cspan class=\"textit\"\u003eRedhat\u003c/span\u003e.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Avaya",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 Avaya",
"url": null
}
]
}
CERTA-2013-AVI-146
Vulnerability from certfr_avis - Published: 2013-02-22 - Updated: 2013-02-22
De multiples vulnérabilités ont été corrigées dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | N/A | VMware ESX version 4.0 | ||
| VMware | N/A | VMware ESX version 4.1 | ||
| VMware | vCenter Server | VMware vCenter Server version 5.1 | ||
| VMware | ESXi | VMware ESXi version 3.5 | ||
| VMware | ESXi | VMware ESXi version 5.0 | ||
| VMware | ESXi | VMware ESXi version 5.1 | ||
| VMware | N/A | VMware ESX version 3.5 | ||
| VMware | ESXi | VMware ESXi version 4.1 | ||
| VMware | ESXi | VMware ESXi version 4.0 | ||
| VMware | vCenter Server | VMware vCenter Server version 5.0 | ||
| VMware | N/A | VMware VirtualCenter version 4.0 | ||
| VMware | vCenter Server | VMware vCenter Server version 4.0 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware ESX version 4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX version 4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Server version 5.1",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 3.5",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 5.0",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 5.1",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX version 3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 4.1",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 4.0",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Server version 5.0",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware VirtualCenter version 4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Server version 4.0",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
},
{
"name": "CVE-2012-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4244"
},
{
"name": "CVE-2012-2110",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
},
{
"name": "CVE-2009-5064",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5064"
},
{
"name": "CVE-2009-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
},
{
"name": "CVE-2011-3970",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3970"
},
{
"name": "CVE-2012-2871",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
},
{
"name": "CVE-2012-3404",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3404"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2013-1405",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1405"
},
{
"name": "CVE-2012-6324",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6324"
},
{
"name": "CVE-2011-3102",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
},
{
"name": "CVE-2012-3406",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3406"
},
{
"name": "CVE-2010-0830",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
},
{
"name": "CVE-2012-0864",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0864"
},
{
"name": "CVE-2012-6326",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6326"
},
{
"name": "CVE-2013-1659",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1659"
},
{
"name": "CVE-2012-2807",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
},
{
"name": "CVE-2012-3405",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3405"
},
{
"name": "CVE-2012-3480",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3480"
},
{
"name": "CVE-2012-6325",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6325"
},
{
"name": "CVE-2011-1202",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1202"
},
{
"name": "CVE-2011-1089",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
},
{
"name": "CVE-2012-2825",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2825"
}
],
"initial_release_date": "2013-02-22T00:00:00",
"last_revision_date": "2013-02-22T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2013-0003 VMSA-2012-0018 VMSA-2013-0001 du 21 f\u00e9vrier 2013",
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0018.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2013-0003 VMSA-2012-0018 VMSA-2013-0001 du 21 f\u00e9vrier 2013",
"url": "http://www.vmware.com/security/advisories/VMSA-2013-0001.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2013-0003 VMSA-2012-0018 VMSA-2013-0001 du 21 f\u00e9vrier 2013",
"url": "http://www.vmware.com/security/advisories/VMSA-2013-0003.html"
}
],
"reference": "CERTA-2013-AVI-146",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-02-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eVMware\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0018 du 21 f\u00e9vrier 2013",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2013-0003 du 21 f\u00e9vrier 2013",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2013-0001 du 21 f\u00e9vrier 2013",
"url": null
}
]
}
CERTA-2012-AVI-479
Vulnerability from certfr_avis - Published: 2012-09-03 - Updated: 2012-09-03
De multiples vulnérabilités ont été corrigées dans les produits VMware. Elles concernent les éléments d'éditeurs tiers implémentés dans les solutions. Les éléments suivants ont étés mis à jour :
- Java Runtime Environment (JRE) ;
- OpenSSL ;
- le noyau ;
- Perl ;
- libxml2 ;
- glibc ;
- GnuTLS ;
- popt et rpm ;
- Apache struts.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | N/A | VMware ESX version 4.1 ; | ||
| VMware | N/A | VMware vCO version 4.0. | ||
| VMware | N/A | VMware vCenter version 5.0 ; | ||
| VMware | N/A | VMware vCOps version 1.0.x ; | ||
| VMware | ESXi | VMware ESXi version 3.5 ; | ||
| VMware | N/A | VMware Update Manager version 5.0 ; | ||
| VMware | N/A | VMware Update Manager version 4.0 ; | ||
| VMware | N/A | VMware vCO version 4.1 ; | ||
| VMware | ESXi | VMware ESXi version 4.1 ; | ||
| VMware | N/A | VMware vCenter version 4.0 ; | ||
| VMware | N/A | VMware vCenter version 4.1 ; | ||
| VMware | N/A | VMware vCOps version 5.0.2 ; | ||
| VMware | ESXi | VMware ESXi version 4.0 ; | ||
| VMware | N/A | VMware VirtualCenter version 2.5 ; | ||
| VMware | N/A | VMware Update Manager version 4.1 ; | ||
| VMware | ESXi | VMware ESXi version 5.0 ; | ||
| VMware | N/A | VMware ESX version 4.0 ; | ||
| VMware | N/A | VMware ESX version 3.5 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware ESX version 4.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCO version 4.0.",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter version 5.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCOps version 1.0.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 3.5 ;",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Update Manager version 5.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Update Manager version 4.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCO version 4.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 4.1 ;",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter version 4.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter version 4.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCOps version 5.0.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 4.0 ;",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware VirtualCenter version 2.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Update Manager version 4.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 5.0 ;",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX version 4.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX version 3.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1833"
},
{
"name": "CVE-2012-0050",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0050"
},
{
"name": "CVE-2011-4132",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4132"
},
{
"name": "CVE-2011-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
},
{
"name": "CVE-2012-0207",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0207"
},
{
"name": "CVE-2011-5057",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5057"
},
{
"name": "CVE-2010-4252",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4252"
},
{
"name": "CVE-2011-4619",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
},
{
"name": "CVE-2012-2110",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
},
{
"name": "CVE-2011-4576",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
},
{
"name": "CVE-2011-2496",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2496"
},
{
"name": "CVE-2009-5064",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5064"
},
{
"name": "CVE-2011-4577",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4577"
},
{
"name": "CVE-2009-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
},
{
"name": "CVE-2012-1569",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1569"
},
{
"name": "CVE-2011-4324",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4324"
},
{
"name": "CVE-2011-4110",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4110"
},
{
"name": "CVE-2011-4108",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4108"
},
{
"name": "CVE-2012-1583",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1583"
},
{
"name": "CVE-2010-2761",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2761"
},
{
"name": "CVE-2012-0060",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0060"
},
{
"name": "CVE-2012-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0391"
},
{
"name": "CVE-2011-4325",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4325"
},
{
"name": "CVE-2010-0830",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
},
{
"name": "CVE-2012-0061",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0061"
},
{
"name": "CVE-2010-4180",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4180"
},
{
"name": "CVE-2012-0864",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0864"
},
{
"name": "CVE-2011-3209",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3209"
},
{
"name": "CVE-2010-4410",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4410"
},
{
"name": "CVE-2012-0392",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0392"
},
{
"name": "CVE-2012-0394",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0394"
},
{
"name": "CVE-2012-0815",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0815"
},
{
"name": "CVE-2011-3188",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3188"
},
{
"name": "CVE-2011-1020",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1020"
},
{
"name": "CVE-2011-4109",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4109"
},
{
"name": "CVE-2012-1573",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1573"
},
{
"name": "CVE-2011-4128",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4128"
},
{
"name": "CVE-2012-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
},
{
"name": "CVE-2011-2484",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2484"
},
{
"name": "CVE-2012-0393",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0393"
},
{
"name": "CVE-2011-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3597"
},
{
"name": "CVE-2011-3363",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3363"
},
{
"name": "CVE-2011-2699",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2699"
},
{
"name": "CVE-2011-0014",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0014"
},
{
"name": "CVE-2011-1089",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
}
],
"initial_release_date": "2012-09-03T00:00:00",
"last_revision_date": "2012-09-03T00:00:00",
"links": [],
"reference": "CERTA-2012-AVI-479",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-09-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eVMware\u003c/span\u003e. Elles concernent les \u00e9l\u00e9ments d\u0027\u00e9diteurs\ntiers impl\u00e9ment\u00e9s dans les solutions. Les \u00e9l\u00e9ments suivants ont \u00e9t\u00e9s mis\n\u00e0 jour :\n\n- Java Runtime Environment (JRE) ;\n- OpenSSL ;\n- le noyau ;\n- Perl ;\n- libxml2 ;\n- glibc ;\n- GnuTLS ;\n- popt et rpm ;\n- Apache struts.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0013 du 30 ao\u00fbt 2012",
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0013.html"
}
]
}
FKIE_CVE-2012-0864
Vulnerability from fkie_nvd - Published: 2013-05-02 14:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD5D113-EF53-4690-92AC-B6E54D70AA9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments."
},
{
"lang": "es",
"value": "Desbordamiento de enteros en la funci\u00f3n vfprint en stdio-common/vfprint.c en glibc v2.14 y otras versiones que permite a isiarios dependientes del contexto eludir el mecanismo de protecci\u00f3n FORTIFY_SOURCE, llevar a cabo ataques de cadena de formato y escribir de forma arbitraria en memoria a trav\u00e9s de un gran n\u00famero de argumentos."
}
],
"id": "CVE-2012-0864",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-05-02T14:55:05.127",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0393.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0397.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"source": "secalert@redhat.com",
"url": "http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=7c1f4834d398163d1ac8101e35e9c36fc3176e6e"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.phrack.org/issues.html?issue=67\u0026id=9#article"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/52201"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=794766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0393.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0397.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=7c1f4834d398163d1ac8101e35e9c36fc3176e6e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.phrack.org/issues.html?issue=67\u0026id=9#article"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/52201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=794766"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2012-0864
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2012-0864",
"description": "Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.",
"id": "GSD-2012-0864",
"references": [
"https://www.suse.com/security/cve/CVE-2012-0864.html",
"https://access.redhat.com/errata/RHSA-2012:0531",
"https://access.redhat.com/errata/RHSA-2012:0488",
"https://access.redhat.com/errata/RHSA-2012:0397",
"https://access.redhat.com/errata/RHSA-2012:0393",
"https://alas.aws.amazon.com/cve/html/CVE-2012-0864.html",
"https://linux.oracle.com/cve/CVE-2012-0864.html",
"https://packetstormsecurity.com/files/cve/CVE-2012-0864"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2012-0864"
],
"details": "Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.",
"id": "GSD-2012-0864",
"modified": "2023-12-13T01:20:14.255732Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0864",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rhn.redhat.com/errata/RHSA-2012-0393.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0393.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2012-0397.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0397.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2012-0488.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2012-0531.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=7c1f4834d398163d1ac8101e35e9c36fc3176e6e",
"refsource": "MISC",
"url": "http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=7c1f4834d398163d1ac8101e35e9c36fc3176e6e"
},
{
"name": "http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html",
"refsource": "MISC",
"url": "http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html"
},
{
"name": "http://www.phrack.org/issues.html?issue=67\u0026id=9#article",
"refsource": "MISC",
"url": "http://www.phrack.org/issues.html?issue=67\u0026id=9#article"
},
{
"name": "http://www.securityfocus.com/bid/52201",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/52201"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=794766",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=794766"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0864"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phrack.org/issues.html?issue=67\u0026id=9#article",
"refsource": "MISC",
"tags": [
"Exploit"
],
"url": "http://www.phrack.org/issues.html?issue=67\u0026id=9#article"
},
{
"name": "RHSA-2012:0531",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "[libc-alpha] 20120202 [PATCH] vfprintf: validate nargs and positional offsets",
"refsource": "MLIST",
"tags": [
"Exploit"
],
"url": "http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html"
},
{
"name": "RHSA-2012:0488",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "RHSA-2012:0397",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0397.html"
},
{
"name": "52201",
"refsource": "BID",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/52201"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=794766",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=794766"
},
{
"name": "RHSA-2012:0393",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0393.html"
},
{
"name": "http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=7c1f4834d398163d1ac8101e35e9c36fc3176e6e",
"refsource": "MISC",
"tags": [],
"url": "http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=7c1f4834d398163d1ac8101e35e9c36fc3176e6e"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2023-02-13T03:28Z",
"publishedDate": "2013-05-02T14:55Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…