Vulnerability-Lookup

CVE-2012-0868 (GCVE-0-2012-0868)

Vulnerability from cvelistv5 – Published: 2012-07-18 23:00 – Updated: 2024-08-06 18:38

Summary

CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.postgresql.org/about/news/1377/	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/49273	third-party-advisoryx_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2012-0678.html	vendor-advisoryx_refsource_REDHAT
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.postgresql.org/docs/9.0/static/release…	x_refsource_CONFIRM
	http://kb.juniper.net/InfoCenter/index?page=conte…	x_refsource_CONFIRM
	http://www.postgresql.org/docs/8.4/static/release…	x_refsource_CONFIRM
	http://www.debian.org/security/2012/dsa-2418	vendor-advisoryx_refsource_DEBIAN
	http://www.postgresql.org/docs/8.3/static/release…	x_refsource_CONFIRM
	http://secunia.com/advisories/49272	third-party-advisoryx_refsource_SECUNIA
	http://www.postgresql.org/docs/9.1/static/release…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2012-0677.html	vendor-advisoryx_refsource_REDHAT
	http://lists.opensuse.org/opensuse-updates/2012-0…	vendor-advisoryx_refsource_SUSE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:14.961Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/about/news/1377/"
          },
          {
            "name": "MDVSA-2012:027",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:027"
          },
          {
            "name": "49273",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49273"
          },
          {
            "name": "RHSA-2012:0678",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0678.html"
          },
          {
            "name": "MDVSA-2012:026",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:026"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html"
          },
          {
            "name": "DSA-2418",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2418"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/8.3/static/release-8-3-18.html"
          },
          {
            "name": "49272",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49272"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html"
          },
          {
            "name": "RHSA-2012:0677",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0677.html"
          },
          {
            "name": "openSUSE-SU-2012:1173",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-02-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-06T18:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/about/news/1377/"
        },
        {
          "name": "MDVSA-2012:027",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:027"
        },
        {
          "name": "49273",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49273"
        },
        {
          "name": "RHSA-2012:0678",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0678.html"
        },
        {
          "name": "MDVSA-2012:026",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:026"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html"
        },
        {
          "name": "DSA-2418",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2418"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/8.3/static/release-8-3-18.html"
        },
        {
          "name": "49272",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49272"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html"
        },
        {
          "name": "RHSA-2012:0677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0677.html"
        },
        {
          "name": "openSUSE-SU-2012:1173",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-0868",
    "datePublished": "2012-07-18T23:00:00.000Z",
    "dateReserved": "2012-01-19T00:00:00.000Z",
    "dateUpdated": "2024-08-06T18:38:14.961Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-4X75-J285-XP55

Vulnerability from github – Published: 2022-05-17 03:23 – Updated: 2025-04-11 03:59

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-0868"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-07-18T23:55:00Z",
    "severity": "MODERATE"
  },
  "details": "CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.",
  "id": "GHSA-4x75-j285-xp55",
  "modified": "2025-04-11T03:59:33Z",
  "published": "2022-05-17T03:23:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0868"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0677.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0678.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/49272"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/49273"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2012/dsa-2418"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:026"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:027"
    },
    {
      "type": "WEB",
      "url": "http://www.postgresql.org/about/news/1377"
    },
    {
      "type": "WEB",
      "url": "http://www.postgresql.org/docs/8.3/static/release-8-3-18.html"
    },
    {
      "type": "WEB",
      "url": "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html"
    },
    {
      "type": "WEB",
      "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html"
    },
    {
      "type": "WEB",
      "url": "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2012-AVI-101

Vulnerability from certfr_avis - Published: 2012-02-28 - Updated: 2012-02-28

De multiples vulnérabilités ont été corrigées dans PostgreSQL, permettant notamment d'exécuter du code arbitraire à distance et de contourner la politique de sécurité.

Description

De multiples vulnérabilités ont été découvertes dans PostgreSQL :

les restrictions d'exécution des fonctions peuvent être contournées par les utilisateurs sous certaines conditions (CVE-2012-0866) ;
lorsque des certificats SSL sont utilisés, il est possible d'usurper un nom de machine si celui-ci fait exactement 32 caractères (CVE-2012-0867) ;
il est possible d'exécuter des commandes SQL via des noms d'objet spécifiques (CVE-2012-0868).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
PostgreSQL	PostgreSQL	PostgreSQL versions 9.0.7 et antérieures ;
PostgreSQL	PostgreSQL	PostgreSQL versions 8.4.11 et antérieures ;
PostgreSQL	PostgreSQL	PostgreSQL versions 8.3.18 et antérieures.
PostgreSQL	PostgreSQL	PostgreSQL versions 9.1.3 et antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité PostgreSQL du 27 février 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PostgreSQL versions 9.0.7 et ant\u00e9rieures ;",
      "product": {
        "name": "PostgreSQL",
        "vendor": {
          "name": "PostgreSQL",
          "scada": false
        }
      }
    },
    {
      "description": "PostgreSQL versions 8.4.11 et ant\u00e9rieures ;",
      "product": {
        "name": "PostgreSQL",
        "vendor": {
          "name": "PostgreSQL",
          "scada": false
        }
      }
    },
    {
      "description": "PostgreSQL versions 8.3.18 et ant\u00e9rieures.",
      "product": {
        "name": "PostgreSQL",
        "vendor": {
          "name": "PostgreSQL",
          "scada": false
        }
      }
    },
    {
      "description": "PostgreSQL versions 9.1.3 et ant\u00e9rieures ;",
      "product": {
        "name": "PostgreSQL",
        "vendor": {
          "name": "PostgreSQL",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans PostgreSQL :\n\n-   les restrictions d\u0027ex\u00e9cution des fonctions peuvent \u00eatre contourn\u00e9es\n    par les utilisateurs sous certaines conditions (CVE-2012-0866) ;\n-   lorsque des certificats SSL sont utilis\u00e9s, il est possible d\u0027usurper\n    un nom de machine si celui-ci fait exactement 32 caract\u00e8res\n    (CVE-2012-0867) ;\n-   il est possible d\u0027ex\u00e9cuter des commandes SQL via des noms d\u0027objet\n    sp\u00e9cifiques (CVE-2012-0868).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-0866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0866"
    },
    {
      "name": "CVE-2012-0867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0867"
    },
    {
      "name": "CVE-2012-0868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0868"
    }
  ],
  "initial_release_date": "2012-02-28T00:00:00",
  "last_revision_date": "2012-02-28T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-101",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-02-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ePostgreSQL\u003c/span\u003e, permettant notamment d\u0027ex\u00e9cuter du\ncode arbitraire \u00e0 distance et de contourner la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans PostgreSQL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 PostgreSQL du 27 f\u00e9vrier 2012",
      "url": "http://www.postgresql.org/about/news/1377/"
    }
  ]
}

CERTFR-2025-AVI-0947

Vulnerability from certfr_avis - Published: 2025-10-31 - Updated: 2025-10-31

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Sterling Connect:Direct	Sterling Connect:Direct versions 6.2.x antérieures à 6.2.0.9.iFix005 pour Unix
IBM	Sterling Connect:Direct	Sterling Connect:Direct versions 6.4.x antérieures à 6.4.0.2.iFix004 pour Unix
IBM	QRadar	QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP14
IBM	QRadar Hub	Qradar Hub versions antérieures à 3.9.0
IBM	Sterling Connect:Direct	Sterling Connect:Direct versions 6.3.x antérieures à 6.3.0.5.iFix008 pour Unix
IBM	QRadar	QRadar Incident Forensics versions 7.5.x antérieures à 7.5.0 UP14

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7249678	2025-10-30	vendor-advisory
Bulletin de sécurité IBM 7249277	2025-10-27	vendor-advisory
Bulletin de sécurité IBM 7249661	2025-10-30	vendor-advisory
Bulletin de sécurité IBM 7249276	2025-10-27	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Sterling Connect:Direct versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.9.iFix005 pour Unix",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.2.iFix004 pour Unix",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP14",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Qradar Hub versions ant\u00e9rieures \u00e0 3.9.0",
      "product": {
        "name": "QRadar Hub",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.5.iFix008 pour Unix",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Incident Forensics versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP14",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-8715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
    },
    {
      "name": "CVE-2025-54389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54389"
    },
    {
      "name": "CVE-2025-50106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
    },
    {
      "name": "CVE-2022-26336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26336"
    },
    {
      "name": "CVE-2025-30754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
    },
    {
      "name": "CVE-2025-38464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38464"
    },
    {
      "name": "CVE-2025-38211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38211"
    },
    {
      "name": "CVE-2023-45145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45145"
    },
    {
      "name": "CVE-2025-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
    },
    {
      "name": "CVE-2024-47554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
    },
    {
      "name": "CVE-2025-38332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38332"
    },
    {
      "name": "CVE-2025-8713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
    },
    {
      "name": "CVE-2025-36007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36007"
    },
    {
      "name": "CVE-2012-0868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0868"
    },
    {
      "name": "CVE-2025-48989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
    },
    {
      "name": "CVE-2025-50059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
    },
    {
      "name": "CVE-2025-30761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
    },
    {
      "name": "CVE-2024-21096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21096"
    },
    {
      "name": "CVE-2019-10130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10130"
    },
    {
      "name": "CVE-2025-8714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
    },
    {
      "name": "CVE-2024-47081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
    },
    {
      "name": "CVE-2025-36137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36137"
    },
    {
      "name": "CVE-2025-40909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40909"
    },
    {
      "name": "CVE-2025-38477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38477"
    },
    {
      "name": "CVE-2025-30749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
    },
    {
      "name": "CVE-2025-27789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
    },
    {
      "name": "CVE-2025-8058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
    },
    {
      "name": "CVE-2017-7484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7484"
    },
    {
      "name": "CVE-2025-58754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
    }
  ],
  "initial_release_date": "2025-10-31T00:00:00",
  "last_revision_date": "2025-10-31T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0947",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-10-30",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7249678",
      "url": "https://www.ibm.com/support/pages/node/7249678"
    },
    {
      "published_at": "2025-10-27",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7249277",
      "url": "https://www.ibm.com/support/pages/node/7249277"
    },
    {
      "published_at": "2025-10-30",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7249661",
      "url": "https://www.ibm.com/support/pages/node/7249661"
    },
    {
      "published_at": "2025-10-27",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7249276",
      "url": "https://www.ibm.com/support/pages/node/7249276"
    }
  ]
}

CERTFR-2015-AVI-431

Vulnerability from certfr_avis - Published: 2015-10-15 - Updated: 2015-10-15

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	QFabric 3100 Director versions 12.x
N/A	N/A	ScreenOS
N/A	N/A	CTPView 7.0R3
Juniper Networks	Junos OS	Juniper Junos OS

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10694 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10700 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10703 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10708 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10705 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10706 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10695 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10699 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10697 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10707 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10702 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10704 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10696 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10701 du 14 octobre 2015	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "QFabric 3100 Director versions 12.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ScreenOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CTPView 7.0R3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2905"
    },
    {
      "name": "CVE-2011-2483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2483"
    },
    {
      "name": "CVE-2013-1667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1667"
    },
    {
      "name": "CVE-2012-3417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3417"
    },
    {
      "name": "CVE-2014-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0063"
    },
    {
      "name": "CVE-2015-5600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
    },
    {
      "name": "CVE-2014-3566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3566"
    },
    {
      "name": "CVE-2014-8867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8867"
    },
    {
      "name": "CVE-2015-1793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1793"
    },
    {
      "name": "CVE-2015-1791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1791"
    },
    {
      "name": "CVE-2009-3490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3490"
    },
    {
      "name": "CVE-2012-0866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0866"
    },
    {
      "name": "CVE-2010-3433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3433"
    },
    {
      "name": "CVE-2012-5526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5526"
    },
    {
      "name": "CVE-2010-1447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1447"
    },
    {
      "name": "CVE-2014-0061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0061"
    },
    {
      "name": "CVE-2009-0115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0115"
    },
    {
      "name": "CVE-2007-6067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6067"
    },
    {
      "name": "CVE-2010-0826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0826"
    },
    {
      "name": "CVE-2014-8159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8159"
    },
    {
      "name": "CVE-2010-0211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0211"
    },
    {
      "name": "CVE-2013-4242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4242"
    },
    {
      "name": "CVE-2015-1158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1158"
    },
    {
      "name": "CVE-2015-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
    },
    {
      "name": "CVE-2010-4352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4352"
    },
    {
      "name": "CVE-2015-7749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7749"
    },
    {
      "name": "CVE-2011-1720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1720"
    },
    {
      "name": "CVE-2010-1168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1168"
    },
    {
      "name": "CVE-2009-1189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1189"
    },
    {
      "name": "CVE-2014-6450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6450"
    },
    {
      "name": "CVE-2015-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1789"
    },
    {
      "name": "CVE-2008-2937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2937"
    },
    {
      "name": "CVE-2012-2697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2697"
    },
    {
      "name": "CVE-2013-2566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
    },
    {
      "name": "CVE-2011-1081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1081"
    },
    {
      "name": "CVE-2009-1632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1632"
    },
    {
      "name": "CVE-2012-3488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3488"
    },
    {
      "name": "CVE-2015-5361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5361"
    },
    {
      "name": "CVE-2013-6435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6435"
    },
    {
      "name": "CVE-2010-2761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2761"
    },
    {
      "name": "CVE-2012-5195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5195"
    },
    {
      "name": "CVE-2015-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
    },
    {
      "name": "CVE-2014-6449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6449"
    },
    {
      "name": "CVE-2015-1792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1792"
    },
    {
      "name": "CVE-2014-6451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6451"
    },
    {
      "name": "CVE-2012-6329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6329"
    },
    {
      "name": "CVE-2014-4345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4345"
    },
    {
      "name": "CVE-2008-5302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5302"
    },
    {
      "name": "CVE-2013-6629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6629"
    },
    {
      "name": "CVE-2014-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2285"
    },
    {
      "name": "CVE-2013-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4449"
    },
    {
      "name": "CVE-2012-0868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0868"
    },
    {
      "name": "CVE-2007-4476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4476"
    },
    {
      "name": "CVE-2010-4410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4410"
    },
    {
      "name": "CVE-2008-5161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
    },
    {
      "name": "CVE-2015-7752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7752"
    },
    {
      "name": "CVE-2010-0407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0407"
    },
    {
      "name": "CVE-2014-0064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0064"
    },
    {
      "name": "CVE-2014-0065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0065"
    },
    {
      "name": "CVE-2007-4772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4772"
    },
    {
      "name": "CVE-2013-0292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0292"
    },
    {
      "name": "CVE-2012-6151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6151"
    },
    {
      "name": "CVE-2008-5303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5303"
    },
    {
      "name": "CVE-2015-1159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1159"
    },
    {
      "name": "CVE-2011-2200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2200"
    },
    {
      "name": "CVE-2015-7748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7748"
    },
    {
      "name": "CVE-2015-7750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7750"
    },
    {
      "name": "CVE-2015-7751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7751"
    },
    {
      "name": "CVE-2011-0411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
    },
    {
      "name": "CVE-2008-3834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3834"
    },
    {
      "name": "CVE-2010-0624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0624"
    },
    {
      "name": "CVE-2014-0062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0062"
    },
    {
      "name": "CVE-2011-1025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1025"
    },
    {
      "name": "CVE-2014-6448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6448"
    },
    {
      "name": "CVE-2011-3597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3597"
    },
    {
      "name": "CVE-2010-0212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0212"
    },
    {
      "name": "CVE-2009-1185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1185"
    },
    {
      "name": "CVE-2009-4901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4901"
    },
    {
      "name": "CVE-2010-1172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1172"
    },
    {
      "name": "CVE-2010-4530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4530"
    },
    {
      "name": "CVE-2011-1024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1024"
    },
    {
      "name": "CVE-2014-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
    },
    {
      "name": "CVE-2014-0060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0060"
    },
    {
      "name": "CVE-1999-0524",
      "url": "https://www.cve.org/CVERecord?id=CVE-1999-0524"
    },
    {
      "name": "CVE-2010-4015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4015"
    },
    {
      "name": "CVE-2011-0002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0002"
    },
    {
      "name": "CVE-2009-1574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1574"
    },
    {
      "name": "CVE-2009-3736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3736"
    },
    {
      "name": "CVE-2015-1790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1790"
    },
    {
      "name": "CVE-2012-2143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2143"
    },
    {
      "name": "CVE-2014-0066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0066"
    },
    {
      "name": "CVE-2010-0001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0001"
    }
  ],
  "initial_release_date": "2015-10-15T00:00:00",
  "last_revision_date": "2015-10-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2015-AVI-431",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-10-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10694 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10700 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10700\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10703 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10703\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10708 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10708\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10705 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10706 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10706\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10695 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10695\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10699 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10699\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10697 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10697\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10707 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10707\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10702 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10702\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10704 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10704\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10696 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10696\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10701 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10701\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

GSD-2012-0868

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-0868

Aliases

CVE-2012-0868

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-0868",
    "description": "CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.",
    "id": "GSD-2012-0868",
    "references": [
      "https://www.suse.com/security/cve/CVE-2012-0868.html",
      "https://www.debian.org/security/2012/dsa-2418",
      "https://access.redhat.com/errata/RHSA-2012:0678",
      "https://access.redhat.com/errata/RHSA-2012:0677",
      "https://alas.aws.amazon.com/cve/html/CVE-2012-0868.html",
      "https://linux.oracle.com/cve/CVE-2012-0868.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-0868"
      ],
      "details": "CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.",
      "id": "GSD-2012-0868",
      "modified": "2023-12-13T01:20:13.884644Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2012-0868",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
            "refsource": "MISC",
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2012-0677.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0677.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2012-0678.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0678.html"
          },
          {
            "name": "http://secunia.com/advisories/49272",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/49272"
          },
          {
            "name": "http://secunia.com/advisories/49273",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/49273"
          },
          {
            "name": "http://www.debian.org/security/2012/dsa-2418",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2012/dsa-2418"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:026",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:026"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:027",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:027"
          },
          {
            "name": "http://www.postgresql.org/about/news/1377/",
            "refsource": "MISC",
            "url": "http://www.postgresql.org/about/news/1377/"
          },
          {
            "name": "http://www.postgresql.org/docs/8.3/static/release-8-3-18.html",
            "refsource": "MISC",
            "url": "http://www.postgresql.org/docs/8.3/static/release-8-3-18.html"
          },
          {
            "name": "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html",
            "refsource": "MISC",
            "url": "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html"
          },
          {
            "name": "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html",
            "refsource": "MISC",
            "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html"
          },
          {
            "name": "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html",
            "refsource": "MISC",
            "url": "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.3.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.3.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.3.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.3.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.3.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.3.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.3.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.4.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.4.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-0868"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDVSA-2012:026",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:026"
            },
            {
              "name": "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html"
            },
            {
              "name": "MDVSA-2012:027",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:027"
            },
            {
              "name": "http://www.postgresql.org/docs/8.3/static/release-8-3-18.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.postgresql.org/docs/8.3/static/release-8-3-18.html"
            },
            {
              "name": "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html"
            },
            {
              "name": "RHSA-2012:0677",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0677.html"
            },
            {
              "name": "RHSA-2012:0678",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0678.html"
            },
            {
              "name": "DSA-2418",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2012/dsa-2418"
            },
            {
              "name": "http://www.postgresql.org/about/news/1377/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.postgresql.org/about/news/1377/"
            },
            {
              "name": "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html"
            },
            {
              "name": "openSUSE-SU-2012:1173",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html"
            },
            {
              "name": "49272",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/49272"
            },
            {
              "name": "49273",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/49273"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2016-12-08T03:02Z",
      "publishedDate": "2012-07-18T23:55Z"
    }
  }
}

FKIE_CVE-2012-0868

Vulnerability from fkie_nvd - Published: 2012-07-18 23:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2012-0677.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2012-0678.html
secalert@redhat.com	http://secunia.com/advisories/49272
secalert@redhat.com	http://secunia.com/advisories/49273
secalert@redhat.com	http://www.debian.org/security/2012/dsa-2418
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2012:026
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2012:027
secalert@redhat.com	http://www.postgresql.org/about/news/1377/	Vendor Advisory
secalert@redhat.com	http://www.postgresql.org/docs/8.3/static/release-8-3-18.html
secalert@redhat.com	http://www.postgresql.org/docs/8.4/static/release-8-4-11.html
secalert@redhat.com	http://www.postgresql.org/docs/9.0/static/release-9-0-7.html
secalert@redhat.com	http://www.postgresql.org/docs/9.1/static/release-9-1-3.html
af854a3a-2127-422b-91ae-364da2661108	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-0677.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-0678.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49272
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49273
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2418
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2012:026
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2012:027
af854a3a-2127-422b-91ae-364da2661108	http://www.postgresql.org/about/news/1377/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.postgresql.org/docs/8.3/static/release-8-3-18.html
af854a3a-2127-422b-91ae-364da2661108	http://www.postgresql.org/docs/8.4/static/release-8-4-11.html
af854a3a-2127-422b-91ae-364da2661108	http://www.postgresql.org/docs/9.0/static/release-9-0-7.html
af854a3a-2127-422b-91ae-364da2661108	http://www.postgresql.org/docs/9.1/static/release-9-1-3.html

Impacted products

Vendor	Product	Version
postgresql	postgresql	8.3
postgresql	postgresql	8.3.1
postgresql	postgresql	8.3.2
postgresql	postgresql	8.3.3
postgresql	postgresql	8.3.4
postgresql	postgresql	8.3.5
postgresql	postgresql	8.3.6
postgresql	postgresql	8.3.7
postgresql	postgresql	8.3.8
postgresql	postgresql	8.3.9
postgresql	postgresql	8.3.10
postgresql	postgresql	8.3.11
postgresql	postgresql	8.3.12
postgresql	postgresql	8.3.13
postgresql	postgresql	8.3.14
postgresql	postgresql	8.3.15
postgresql	postgresql	8.3.16
postgresql	postgresql	8.3.17
postgresql	postgresql	8.4
postgresql	postgresql	8.4.1
postgresql	postgresql	8.4.2
postgresql	postgresql	8.4.3
postgresql	postgresql	8.4.4
postgresql	postgresql	8.4.5
postgresql	postgresql	8.4.6
postgresql	postgresql	8.4.7
postgresql	postgresql	8.4.8
postgresql	postgresql	8.4.9
postgresql	postgresql	8.4.10
postgresql	postgresql	9.0
postgresql	postgresql	9.0.1
postgresql	postgresql	9.0.2
postgresql	postgresql	9.0.3
postgresql	postgresql	9.0.4
postgresql	postgresql	9.0.5
postgresql	postgresql	9.0.6
postgresql	postgresql	9.1
postgresql	postgresql	9.1.1
postgresql	postgresql	9.1.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2A705DF-3654-427F-8B11-62DB0B6C9813",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "05AD5D33-86F4-4BFF-BA84-02AA1347BEEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02FDCF30-D0F7-48AA-9633-9CC060495F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "788975F6-B3F1-4C21-B963-6BA59F14B71C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6713D96-338B-4467-9F05-3153997F62E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "01EB1A77-92AD-47FB-8290-D05C9B6C19C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74857259-30C7-422D-A24D-BE1E33F09466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD80066B-787E-496B-88FD-F0AE291468C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "88C9F0AB-A125-4DCD-A02B-E04D4D95FB5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FF13F89-F4C3-43EC-A36A-2F9283E923B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2631F09-73DD-4A28-8082-3939D89DDBE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "82DDE9E7-EBF9-452B-8380-F9E87CF30ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BAE68CF-198D-4F01-92F3-4DED7E50ACA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF798CBC-C8BB-4F88-A927-B385A0DD8F19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF8F568F-7D23-4553-95C5-C7C6B6584EB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1DB64EA-DE7B-4CA4-8121-90612409152D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A932403-9187-471B-BE65-4B6907D57D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CC6D76B-EF54-4F03-84BB-4CEAE31C4FFD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F30CA60-0A82-45CD-8044-CE245393593D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C991F71-1E27-47A6-97DC-424FC3EF6011",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5740C7AA-1772-41D8-9851-3E3669CD8521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "970338CD-A680-4DD0-BD27-459B0DDA4002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A99C579D-44C0-40A4-A4EB-CBCF40D0C2FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E9E57FA-5EAE-4698-992D-146C6310E0B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C66CDEC1-FB2E-49B7-A8BE-38E43C8ED652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "87DF2937-9C51-4768-BAB1-901BCA636ADD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "515C0ECD-2D95-4B6E-8E2F-DAF94E4A310F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA0EB754-7A71-40FA-9EAD-44914EB758C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1089D316-D5A3-4F2D-9E52-57FD626A1D06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DD4DE67-9E3C-4F79-8AAB-344C1C46C618",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCB718D2-97AA-4D61-AA4B-2216EEF55F67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:9.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "605C06BF-54A0-40F8-A01E-8641B4A83035",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:9.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F1F5B75-78D5-408E-8148-CA23DCED9CBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:9.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "88DE8C27-0E0A-4428-B25D-054D4FC6FEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:9.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F609DDE4-0858-4F83-B8E6-7870196E21CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:9.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "349F02AF-013E-4264-9717-010293A3D6E4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796DBEC-FF4F-4749-90D5-AD83D8B5E086",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "79108278-D644-4506-BD9C-F464C6E817B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "10CF0AA0-41CD-4D50-BA7A-BF8846115C95",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n CRLF en pg_dump en PostgreSQL v8.3.x antes de v8.3.18, v8.4.x antes de v8.4.11, v9.0.x antes de v9.0.7 y v9.1.x antes de v9.1.3 permite a atacantes remotos asistida por el usuario ejecutar comandos SQL a trav\u00e9s de un archivo modificado que contiene los nombres de objeto con saltos de l\u00ednea que se insertan en una secuencia de comandos SQL que se utiliza cuando la base de datos se restaura."
    }
  ],
  "id": "CVE-2012-0868",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-07-18T23:55:01.873",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0677.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0678.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/49272"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/49273"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2012/dsa-2418"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:026"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:027"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.postgresql.org/about/news/1377/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.postgresql.org/docs/8.3/static/release-8-3-18.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0677.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0678.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49272"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49273"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2418"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:027"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.postgresql.org/about/news/1377/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.postgresql.org/docs/8.3/static/release-8-3-18.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-0868 (GCVE-0-2012-0868)

GHSA-4X75-J285-XP55

CERTA-2012-AVI-101

Description

Solution

CERTFR-2025-AVI-0947

Solutions

CERTFR-2015-AVI-431

Solution

GSD-2012-0868

FKIE_CVE-2012-0868

Tags

Sightings

Nomenclature