Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2012-2871 (GCVE-0-2012-2871)
Vulnerability from cvelistv5 – Published: 2012-08-31 19:00 – Updated: 2024-08-06 19:50
VLAI?
EPSS
Summary
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:04.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50838",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50838"
},
{
"name": "APPLE-SA-2013-10-22-8",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
},
{
"name": "DSA-2555",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2555"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?r1=56276\u0026r2=149930"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=138673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6001"
},
{
"name": "chrome-xsl-transforms-code-exec(78179)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78179"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html"
},
{
"name": "54886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5934"
},
{
"name": "openSUSE-SU-2012:1215",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromiumcodereview.appspot.com/10824157"
},
{
"name": "MDVSA-2012:164",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?view=log"
},
{
"name": "APPLE-SA-2013-09-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "50838",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50838"
},
{
"name": "APPLE-SA-2013-10-22-8",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
},
{
"name": "DSA-2555",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2555"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?r1=56276\u0026r2=149930"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=138673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6001"
},
{
"name": "chrome-xsl-transforms-code-exec(78179)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78179"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html"
},
{
"name": "54886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5934"
},
{
"name": "openSUSE-SU-2012:1215",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromiumcodereview.appspot.com/10824157"
},
{
"name": "MDVSA-2012:164",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?view=log"
},
{
"name": "APPLE-SA-2013-09-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-2871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50838",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50838"
},
{
"name": "APPLE-SA-2013-10-22-8",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
},
{
"name": "DSA-2555",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2555"
},
{
"name": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?r1=56276\u0026r2=149930",
"refsource": "CONFIRM",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?r1=56276\u0026r2=149930"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=138673",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=138673"
},
{
"name": "http://support.apple.com/kb/HT6001",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6001"
},
{
"name": "chrome-xsl-transforms-code-exec(78179)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78179"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html"
},
{
"name": "54886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54886"
},
{
"name": "http://support.apple.com/kb/HT5934",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5934"
},
{
"name": "openSUSE-SU-2012:1215",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html"
},
{
"name": "https://chromiumcodereview.appspot.com/10824157",
"refsource": "CONFIRM",
"url": "https://chromiumcodereview.appspot.com/10824157"
},
{
"name": "MDVSA-2012:164",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"name": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?view=log",
"refsource": "CONFIRM",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?view=log"
},
{
"name": "APPLE-SA-2013-09-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2012-2871",
"datePublished": "2012-08-31T19:00:00.000Z",
"dateReserved": "2012-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:50:04.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2014-AVI-041
Vulnerability from certfr_avis - Published: 2014-01-24 - Updated: 2014-01-24
De multiples vulnérabilités ont été corrigées dans Apple iTunes. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Apple iTunes versions antérieures à 11.1.4
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eApple iTunes versions ant\u00e9rieures \u00e0 11.1.4\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-5134",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
},
{
"name": "CVE-2013-1045",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1045"
},
{
"name": "CVE-2013-1040",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1040"
},
{
"name": "CVE-2013-1047",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1047"
},
{
"name": "CVE-2012-2871",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
},
{
"name": "CVE-2013-1042",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1042"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2013-1043",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1043"
},
{
"name": "CVE-2013-1037",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1037"
},
{
"name": "CVE-2011-3102",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
},
{
"name": "CVE-2013-1024",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1024"
},
{
"name": "CVE-2013-5125",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5125"
},
{
"name": "CVE-2013-1044",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1044"
},
{
"name": "CVE-2014-1242",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1242"
},
{
"name": "CVE-2013-5128",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5128"
},
{
"name": "CVE-2013-2842",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2842"
},
{
"name": "CVE-2013-5126",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5126"
},
{
"name": "CVE-2013-1039",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1039"
},
{
"name": "CVE-2012-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
},
{
"name": "CVE-2013-1038",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1038"
},
{
"name": "CVE-2013-1046",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1046"
},
{
"name": "CVE-2013-5127",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5127"
},
{
"name": "CVE-2012-2807",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
},
{
"name": "CVE-2013-1041",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1041"
},
{
"name": "CVE-2012-2825",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2825"
}
],
"initial_release_date": "2014-01-24T00:00:00",
"last_revision_date": "2014-01-24T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-041",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-01-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple iTunes\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iTunes",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT6001 du 22 janvier 2014",
"url": "http://support.apple.com/kb/HT6001"
}
]
}
CERTA-2013-AVI-088
Vulnerability from certfr_avis - Published: 2013-02-04 - Updated: 2013-02-04
De multiples vulnérabilités ont été corrigées dans VMware vSphere. Plusieurs composants tiers ont été corrigés comme libxml2, bind et xslt. La vulnérabilité la plus critique permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | N/A | VMware ESX versions antérieures à 4.1 mise à jour ESX410-201301401-SG | ||
| VMware | ESXi | VMware ESXi versions antérieures à 4.1 mise à jour ESXi410-201301401-SG | ||
| VMware | vCenter Server | VMware vCenter Server versions antérieures à 4.1 mise à jour 3a | ||
| VMware | N/A | VMware vCenter Client versions antérieures à 4.1 mise à jour 3a |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware ESX versions ant\u00e9rieures \u00e0 4.1 mise \u00e0 jour ESX410-201301401-SG",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi versions ant\u00e9rieures \u00e0 4.1 mise \u00e0 jour ESXi410-201301401-SG",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Server versions ant\u00e9rieures \u00e0 4.1 mise \u00e0 jour 3a",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Client versions ant\u00e9rieures \u00e0 4.1 mise \u00e0 jour 3a",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4244"
},
{
"name": "CVE-2011-3970",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3970"
},
{
"name": "CVE-2012-2871",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2013-1405",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1405"
},
{
"name": "CVE-2011-3102",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
},
{
"name": "CVE-2012-2807",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
},
{
"name": "CVE-2011-1202",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1202"
},
{
"name": "CVE-2012-2825",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2825"
}
],
"initial_release_date": "2013-02-04T00:00:00",
"last_revision_date": "2013-02-04T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2013-0001 du 31 janvier 2013",
"url": "http://www.vmware.com/security/advisories/VMSA-2013-0001.html"
}
],
"reference": "CERTA-2013-AVI-088",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-02-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eVMware vSphere\u003c/span\u003e. Plusieurs composants tiers ont \u00e9t\u00e9\ncorrig\u00e9s comme \u003cspan class=\"textit\"\u003elibxml2\u003c/span\u003e, \u003cspan\nclass=\"textit\"\u003ebind\u003c/span\u003e et \u003cspan class=\"textit\"\u003exslt\u003c/span\u003e. La\nvuln\u00e9rabilit\u00e9 la plus critique permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware vSphere",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2013-0001 du 31 janvier 2013",
"url": null
}
]
}
CERTFR-2014-AVI-112
Vulnerability from certfr_avis - Published: 2014-03-10 - Updated: 2014-03-10
De multiples vulnérabilités ont été corrigées dans Oracle Solaris. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Solaris 11.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris 9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-5718",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5718"
},
{
"name": "CVE-2013-1960",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1960"
},
{
"name": "CVE-2013-4123",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4123"
},
{
"name": "CVE-2013-5745",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5745"
},
{
"name": "CVE-2013-4231",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4231"
},
{
"name": "CVE-2006-4810",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4810"
},
{
"name": "CVE-2013-4164",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4164"
},
{
"name": "CVE-2012-6139",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
},
{
"name": "CVE-2013-4408",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4408"
},
{
"name": "CVE-2014-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0397"
},
{
"name": "CVE-2013-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6462"
},
{
"name": "CVE-2013-1418",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1418"
},
{
"name": "CVE-2011-3970",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3970"
},
{
"name": "CVE-2012-2871",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
},
{
"name": "CVE-2012-6150",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6150"
},
{
"name": "CVE-2013-5717",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5717"
},
{
"name": "CVE-2013-6340",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6340"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2013-6337",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6337"
},
{
"name": "CVE-2013-0900",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0900"
},
{
"name": "CVE-2013-6339",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6339"
},
{
"name": "CVE-2013-4363",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4363"
},
{
"name": "CVE-2013-5721",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5721"
},
{
"name": "CVE-2007-6750",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6750"
},
{
"name": "CVE-2008-0386",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0386"
},
{
"name": "CVE-2012-4504",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4504"
},
{
"name": "CVE-2012-2893",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2893"
},
{
"name": "CVE-2012-4505",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4505"
},
{
"name": "CVE-2013-1961",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1961"
},
{
"name": "CVE-2013-4287",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4287"
},
{
"name": "CVE-2009-0179",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0179"
},
{
"name": "CVE-2013-6338",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6338"
},
{
"name": "CVE-2013-6336",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6336"
},
{
"name": "CVE-2013-4232",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4232"
},
{
"name": "CVE-2013-4124",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4124"
},
{
"name": "CVE-2013-7112",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7112"
},
{
"name": "CVE-2013-2561",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2561"
},
{
"name": "CVE-2014-0591",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0591"
},
{
"name": "CVE-2013-5719",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5719"
},
{
"name": "CVE-2013-7114",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7114"
},
{
"name": "CVE-2013-1417",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1417"
},
{
"name": "CVE-2012-4564",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4564"
},
{
"name": "CVE-2013-5722",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5722"
},
{
"name": "CVE-2011-1202",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1202"
},
{
"name": "CVE-2012-0870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0870"
},
{
"name": "CVE-2013-5720",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5720"
},
{
"name": "CVE-2012-2825",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2825"
},
{
"name": "CVE-2013-4475",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4475"
}
],
"initial_release_date": "2014-03-10T00:00:00",
"last_revision_date": "2014-03-10T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-112",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-03-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Solaris\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nune ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Solaris",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 25 f\u00e9vrier 2014",
"url": "http://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html"
}
]
}
CERTFR-2014-AVI-193
Vulnerability from certfr_avis - Published: 2014-04-17 - Updated: 2014-04-17
De multiples vulnérabilités ont été corrigées dans Xerox FreeFlow Print Server. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Xerox FreeFlow Print Server version 7",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Xerox FreeFlow Print Server version 8",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Xerox FreeFlow Print Server version 9",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-0417",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0417"
},
{
"name": "CVE-2013-5910",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5910"
},
{
"name": "CVE-2012-6139",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
},
{
"name": "CVE-2014-0403",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0403"
},
{
"name": "CVE-2014-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0411"
},
{
"name": "CVE-2011-3970",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3970"
},
{
"name": "CVE-2012-2871",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
},
{
"name": "CVE-2014-0424",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0424"
},
{
"name": "CVE-2014-0422",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0422"
},
{
"name": "CVE-2013-5884",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5884"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2013-5907",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5907"
},
{
"name": "CVE-2013-5898",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5898"
},
{
"name": "CVE-2014-0387",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0387"
},
{
"name": "CVE-2007-6750",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6750"
},
{
"name": "CVE-2012-2893",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2893"
},
{
"name": "CVE-2014-0423",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0423"
},
{
"name": "CVE-2013-5821",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5821"
},
{
"name": "CVE-2014-0410",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0410"
},
{
"name": "CVE-2013-5888",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5888"
},
{
"name": "CVE-2014-0376",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0376"
},
{
"name": "CVE-2013-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5889"
},
{
"name": "CVE-2014-0416",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0416"
},
{
"name": "CVE-2013-5899",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5899"
},
{
"name": "CVE-2013-4124",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4124"
},
{
"name": "CVE-2013-5878",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5878"
},
{
"name": "CVE-2013-5906",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5906"
},
{
"name": "CVE-2014-0373",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0373"
},
{
"name": "CVE-2013-5905",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5905"
},
{
"name": "CVE-2014-0418",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0418"
},
{
"name": "CVE-2014-0415",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0415"
},
{
"name": "CVE-2014-0428",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0428"
},
{
"name": "CVE-2014-0375",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0375"
},
{
"name": "CVE-2014-0390",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0390"
},
{
"name": "CVE-2014-0368",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0368"
},
{
"name": "CVE-2013-5887",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5887"
},
{
"name": "CVE-2013-5872",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5872"
},
{
"name": "CVE-2013-5902",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5902"
},
{
"name": "CVE-2013-5896",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5896"
},
{
"name": "CVE-2011-1202",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1202"
},
{
"name": "CVE-2012-2825",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2825"
},
{
"name": "CVE-2013-4475",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4475"
}
],
"initial_release_date": "2014-04-17T00:00:00",
"last_revision_date": "2014-04-17T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-193",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-04-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eXerox FreeFlow Print Server\u003c/span\u003e. Certaines d\u0027entre\nelles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Xerox FreeFlow Print Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xerox XRX14-002 du 18 f\u00e9vrier 2014",
"url": "http://www.xerox.com/download/security/security-bulletin/10be6-4f72fbafb1868/cert_XRX14-002_v1.0.pdf"
}
]
}
CERTA-2014-AVI-008
Vulnerability from certfr_avis - Published: 2014-01-10 - Updated: 2014-01-10
De multiples vulnérabilités ont été corrigées dans Avaya Experience Portal. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Avaya Experience Portal versions antérieures à 7.0
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eAvaya Experience Portal versions ant\u00e9rieures \u00e0 7.0\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4244"
},
{
"name": "CVE-2012-3511",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3511"
},
{
"name": "CVE-2012-4405",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4405"
},
{
"name": "CVE-2011-3970",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3970"
},
{
"name": "CVE-2012-3400",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3400"
},
{
"name": "CVE-2012-2871",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2012-2133",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2133"
},
{
"name": "CVE-2012-3488",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3488"
},
{
"name": "CVE-2012-1568",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1568"
},
{
"name": "CVE-2012-2893",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2893"
},
{
"name": "CVE-2012-3546",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3546"
},
{
"name": "CVE-2012-3489",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3489"
},
{
"name": "CVE-2011-1202",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1202"
},
{
"name": "CVE-2012-2825",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2825"
}
],
"initial_release_date": "2014-01-10T00:00:00",
"last_revision_date": "2014-01-10T00:00:00",
"links": [],
"reference": "CERTA-2014-AVI-008",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAvaya Experience Portal\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Avaya Experience Portal",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2012-482 du 08 janvier 2014",
"url": "https://downloads.avaya.com/css/P8/documents/100167760"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2013-041 du 08 janvier 2014",
"url": "https://downloads.avaya.com/css/P8/documents/100169684"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2012-479 du 08 janvier 2014",
"url": "https://downloads.avaya.com/css/P8/documents/100167733"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2012-448 du 08 janvier 2014",
"url": "https://downloads.avaya.com/css/P8/documents/100167395"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2012-371 du 08 janvier 2014",
"url": "https://downloads.avaya.com/css/P8/documents/100166061"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2012-444 du 08 janvier 2014",
"url": "https://downloads.avaya.com/css/P8/documents/100167374"
}
]
}
CERTA-2013-AVI-605
Vulnerability from certfr_avis - Published: 2013-10-24 - Updated: 2013-10-24
De multiples vulnérabilités ont été corrigées dans Apple iTunes. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Versions antérieures à iTunes 11.1.2
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 iTunes 11.1.2\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-5134",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
},
{
"name": "CVE-2013-1045",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1045"
},
{
"name": "CVE-2013-1040",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1040"
},
{
"name": "CVE-2013-1047",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1047"
},
{
"name": "CVE-2012-2871",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
},
{
"name": "CVE-2013-1042",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1042"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2013-1043",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1043"
},
{
"name": "CVE-2013-1037",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1037"
},
{
"name": "CVE-2011-3102",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
},
{
"name": "CVE-2013-1024",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1024"
},
{
"name": "CVE-2013-5125",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5125"
},
{
"name": "CVE-2013-1044",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1044"
},
{
"name": "CVE-2013-5128",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5128"
},
{
"name": "CVE-2013-2842",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2842"
},
{
"name": "CVE-2013-5126",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5126"
},
{
"name": "CVE-2013-1039",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1039"
},
{
"name": "CVE-2012-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
},
{
"name": "CVE-2013-1038",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1038"
},
{
"name": "CVE-2013-1046",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1046"
},
{
"name": "CVE-2013-5127",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5127"
},
{
"name": "CVE-2012-2807",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
},
{
"name": "CVE-2013-1041",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1041"
},
{
"name": "CVE-2012-2825",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2825"
}
],
"initial_release_date": "2013-10-24T00:00:00",
"last_revision_date": "2013-10-24T00:00:00",
"links": [],
"reference": "CERTA-2013-AVI-605",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-10-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple iTunes\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iTunes",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT6001 du 22 octobre 2013",
"url": "http://support.apple.com/kb/HT6001"
}
]
}
CERTA-2013-AVI-145
Vulnerability from certfr_avis - Published: 2013-02-21 - Updated: 2013-02-21
De multiples vulnérabilités ont été corrigées dans Oracle Solaris. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Oracle Solaris versions antérieures à 11.1.4.5
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eOracle Solaris versions ant\u00e9rieures \u00e0 11.1.4.5\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-5886",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5886"
},
{
"name": "CVE-2012-5885",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5885"
},
{
"name": "CVE-2012-3403",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3403"
},
{
"name": "CVE-2012-4431",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4431"
},
{
"name": "CVE-2012-2871",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2012-2893",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2893"
},
{
"name": "CVE-2012-3546",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3546"
},
{
"name": "CVE-2012-3481",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3481"
},
{
"name": "CVE-2012-4534",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4534"
},
{
"name": "CVE-2012-5887",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5887"
},
{
"name": "CVE-2011-1202",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1202"
},
{
"name": "CVE-2012-2733",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2733"
},
{
"name": "CVE-2012-2825",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2825"
}
],
"initial_release_date": "2013-02-21T00:00:00",
"last_revision_date": "2013-02-21T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Solaris pour libxslt du 19 f\u00e9vrier 2013",
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_libxslt"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Solaris pour Apache Tomcat du 19 f\u00e9vrier 2013",
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_tomcat3"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Solaris pour Gimp du 19 f\u00e9vrier 2013",
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_gimp"
}
],
"reference": "CERTA-2013-AVI-145",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-02-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Solaris\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nun d\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Solaris",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 19 f\u00e9vrier 2013",
"url": "https://blogs.oracle.com/sunsecurity/"
}
]
}
CERTA-2013-AVI-146
Vulnerability from certfr_avis - Published: 2013-02-22 - Updated: 2013-02-22
De multiples vulnérabilités ont été corrigées dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | N/A | VMware ESX version 4.0 | ||
| VMware | N/A | VMware ESX version 4.1 | ||
| VMware | vCenter Server | VMware vCenter Server version 5.1 | ||
| VMware | ESXi | VMware ESXi version 3.5 | ||
| VMware | ESXi | VMware ESXi version 5.0 | ||
| VMware | ESXi | VMware ESXi version 5.1 | ||
| VMware | N/A | VMware ESX version 3.5 | ||
| VMware | ESXi | VMware ESXi version 4.1 | ||
| VMware | ESXi | VMware ESXi version 4.0 | ||
| VMware | vCenter Server | VMware vCenter Server version 5.0 | ||
| VMware | N/A | VMware VirtualCenter version 4.0 | ||
| VMware | vCenter Server | VMware vCenter Server version 4.0 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware ESX version 4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX version 4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Server version 5.1",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 3.5",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 5.0",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 5.1",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX version 3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 4.1",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 4.0",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Server version 5.0",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware VirtualCenter version 4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Server version 4.0",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
},
{
"name": "CVE-2012-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4244"
},
{
"name": "CVE-2012-2110",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
},
{
"name": "CVE-2009-5064",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5064"
},
{
"name": "CVE-2009-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
},
{
"name": "CVE-2011-3970",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3970"
},
{
"name": "CVE-2012-2871",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
},
{
"name": "CVE-2012-3404",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3404"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2013-1405",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1405"
},
{
"name": "CVE-2012-6324",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6324"
},
{
"name": "CVE-2011-3102",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
},
{
"name": "CVE-2012-3406",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3406"
},
{
"name": "CVE-2010-0830",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
},
{
"name": "CVE-2012-0864",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0864"
},
{
"name": "CVE-2012-6326",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6326"
},
{
"name": "CVE-2013-1659",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1659"
},
{
"name": "CVE-2012-2807",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
},
{
"name": "CVE-2012-3405",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3405"
},
{
"name": "CVE-2012-3480",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3480"
},
{
"name": "CVE-2012-6325",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6325"
},
{
"name": "CVE-2011-1202",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1202"
},
{
"name": "CVE-2011-1089",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
},
{
"name": "CVE-2012-2825",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2825"
}
],
"initial_release_date": "2013-02-22T00:00:00",
"last_revision_date": "2013-02-22T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2013-0003 VMSA-2012-0018 VMSA-2013-0001 du 21 f\u00e9vrier 2013",
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0018.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2013-0003 VMSA-2012-0018 VMSA-2013-0001 du 21 f\u00e9vrier 2013",
"url": "http://www.vmware.com/security/advisories/VMSA-2013-0001.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2013-0003 VMSA-2012-0018 VMSA-2013-0001 du 21 f\u00e9vrier 2013",
"url": "http://www.vmware.com/security/advisories/VMSA-2013-0003.html"
}
],
"reference": "CERTA-2013-AVI-146",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-02-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eVMware\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0018 du 21 f\u00e9vrier 2013",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2013-0003 du 21 f\u00e9vrier 2013",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2013-0001 du 21 f\u00e9vrier 2013",
"url": null
}
]
}
CERTA-2012-AVI-476
Vulnerability from certfr_avis - Published: 2012-08-31 - Updated: 2012-08-31
Huit vulnérabilités ont été corrigées dans Google Chrome. Elles concernent entre autres des accès concurrents en mémoire, des lectures de données non permises et des problèmes dans le traitement des transformations XSL.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Versions antérieures à Google Chrome 21.0.1180.89.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 Google Chrome 21.0.1180.89.\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2869",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2869"
},
{
"name": "CVE-2012-2865",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2865"
},
{
"name": "CVE-2012-2866",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2866"
},
{
"name": "CVE-2012-2871",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2012-2868",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2868"
},
{
"name": "CVE-2012-2867",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2867"
},
{
"name": "CVE-2012-2872",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2872"
}
],
"initial_release_date": "2012-08-31T00:00:00",
"last_revision_date": "2012-08-31T00:00:00",
"links": [
{
"title": "Note de version Google Chrome du 30 ao\u00fbt 2012 :",
"url": "http://googlechromereleases.blogspot.fr/2012/08/stable-channel-update_30.html"
}
],
"reference": "CERTA-2012-AVI-476",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-08-31T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Huit vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eGoogle\nChrome\u003c/span\u003e. Elles concernent entre autres des acc\u00e8s concurrents en\nm\u00e9moire, des lectures de donn\u00e9es non permises et des probl\u00e8mes dans le\ntraitement des transformations \u003cspan class=\"textit\"\u003eXSL\u003c/span\u003e.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google Chrome du 30 ao\u00fbt 2012",
"url": null
}
]
}
CERTA-2013-AVI-536
Vulnerability from certfr_avis - Published: 2013-09-19 - Updated: 2013-09-19
De multiples vulnérabilités ont été corrigées dans Apple iOS. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Versions antérieures à iOS 7
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 iOS 7\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-0993",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0993"
},
{
"name": "CVE-2013-1006",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1006"
},
{
"name": "CVE-2012-5134",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
},
{
"name": "CVE-2013-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5129"
},
{
"name": "CVE-2013-0998",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0998"
},
{
"name": "CVE-2013-5150",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5150"
},
{
"name": "CVE-2013-1045",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1045"
},
{
"name": "CVE-2013-1040",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1040"
},
{
"name": "CVE-2013-2848",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2848"
},
{
"name": "CVE-2013-1047",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1047"
},
{
"name": "CVE-2013-5147",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5147"
},
{
"name": "CVE-2013-1001",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1001"
},
{
"name": "CVE-2013-1012",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1012"
},
{
"name": "CVE-2013-3954",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3954"
},
{
"name": "CVE-2013-4616",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4616"
},
{
"name": "CVE-2013-1019",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1019"
},
{
"name": "CVE-2013-5140",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5140"
},
{
"name": "CVE-2013-1005",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1005"
},
{
"name": "CVE-2012-2871",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
},
{
"name": "CVE-2013-5152",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5152"
},
{
"name": "CVE-2013-0992",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0992"
},
{
"name": "CVE-2013-1042",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1042"
},
{
"name": "CVE-2013-5154",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5154"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2013-0994",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0994"
},
{
"name": "CVE-2013-1010",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1010"
},
{
"name": "CVE-2013-5134",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5134"
},
{
"name": "CVE-2013-0879",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0879"
},
{
"name": "CVE-2013-0926",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0926"
},
{
"name": "CVE-2013-5157",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5157"
},
{
"name": "CVE-2013-5158",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5158"
},
{
"name": "CVE-2013-1043",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1043"
},
{
"name": "CVE-2013-1007",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1007"
},
{
"name": "CVE-2013-0995",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0995"
},
{
"name": "CVE-2013-1037",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1037"
},
{
"name": "CVE-2011-3102",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
},
{
"name": "CVE-2013-1036",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1036"
},
{
"name": "CVE-2013-0957",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0957"
},
{
"name": "CVE-2013-5153",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5153"
},
{
"name": "CVE-2013-1025",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1025"
},
{
"name": "CVE-2013-1028",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1028"
},
{
"name": "CVE-2013-0991",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0991"
},
{
"name": "CVE-2013-1000",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1000"
},
{
"name": "CVE-2013-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5156"
},
{
"name": "CVE-2013-5125",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5125"
},
{
"name": "CVE-2013-5159",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5159"
},
{
"name": "CVE-2013-1044",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1044"
},
{
"name": "CVE-2013-1008",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1008"
},
{
"name": "CVE-2013-1003",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1003"
},
{
"name": "CVE-2013-5128",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5128"
},
{
"name": "CVE-2013-1004",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1004"
},
{
"name": "CVE-2013-5145",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5145"
},
{
"name": "CVE-2013-2842",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2842"
},
{
"name": "CVE-2013-5142",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5142"
},
{
"name": "CVE-2013-5126",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5126"
},
{
"name": "CVE-2013-1039",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1039"
},
{
"name": "CVE-2013-1002",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1002"
},
{
"name": "CVE-2013-5155",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5155"
},
{
"name": "CVE-2013-0996",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0996"
},
{
"name": "CVE-2013-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5131"
},
{
"name": "CVE-2013-3953",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3953"
},
{
"name": "CVE-2013-5141",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5141"
},
{
"name": "CVE-2012-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
},
{
"name": "CVE-2013-0997",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0997"
},
{
"name": "CVE-2013-5139",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5139"
},
{
"name": "CVE-2013-3950",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3950"
},
{
"name": "CVE-2013-1038",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1038"
},
{
"name": "CVE-2013-5151",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5151"
},
{
"name": "CVE-2013-0999",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0999"
},
{
"name": "CVE-2013-1026",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1026"
},
{
"name": "CVE-2013-1046",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1046"
},
{
"name": "CVE-2013-3955",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3955"
},
{
"name": "CVE-2013-5127",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5127"
},
{
"name": "CVE-2012-2807",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
},
{
"name": "CVE-2013-5149",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5149"
},
{
"name": "CVE-2013-5138",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5138"
},
{
"name": "CVE-2011-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2391"
},
{
"name": "CVE-2013-1041",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1041"
},
{
"name": "CVE-2012-2825",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2825"
},
{
"name": "CVE-2013-5137",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5137"
}
],
"initial_release_date": "2013-09-19T00:00:00",
"last_revision_date": "2013-09-19T00:00:00",
"links": [],
"reference": "CERTA-2013-AVI-536",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-09-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple iOS\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iOS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT5934 du 18 septembre 2013",
"url": "http://support.apple.com/kb/HT5934"
}
]
}
CERTFR-2023-AVI-0499
Vulnerability from certfr_avis - Published: 2023-06-30 - Updated: 2023-06-30
De multiples vulnérabilités ont été découvertes dans Tenable Nessus Network Monitor. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Tenable | Nessus Network Monitor | Nessus Network Monitor versions antérieures à 6.2.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus Network Monitor versions ant\u00e9rieures \u00e0 6.2.2",
"product": {
"name": "Nessus Network Monitor",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2020-13871",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13871"
},
{
"name": "CVE-2022-46908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46908"
},
{
"name": "CVE-2016-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
},
{
"name": "CVE-2019-19317",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19317"
},
{
"name": "CVE-2020-24977",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24977"
},
{
"name": "CVE-2012-5134",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
},
{
"name": "CVE-2016-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4609"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2020-13434",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2016-9596",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9596"
},
{
"name": "CVE-2021-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3517"
},
{
"name": "CVE-2013-0338",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0338"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2021-3537",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3537"
},
{
"name": "CVE-2019-19244",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19244"
},
{
"name": "CVE-2017-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
},
{
"name": "CVE-2017-1000381",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000381"
},
{
"name": "CVE-2021-36690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36690"
},
{
"name": "CVE-2023-31124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31124"
},
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2020-13632",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
},
{
"name": "CVE-2019-20838",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2022-23395",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23395"
},
{
"name": "CVE-2022-4904",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4904"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2017-1000061",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000061"
},
{
"name": "CVE-2017-9048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9048"
},
{
"name": "CVE-2019-19926",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19926"
},
{
"name": "CVE-2020-9327",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9327"
},
{
"name": "CVE-2019-9936",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9936"
},
{
"name": "CVE-2012-6139",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2020-35525",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35525"
},
{
"name": "CVE-2017-9050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9050"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2017-15412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2017-16932",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
},
{
"name": "CVE-2013-1969",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1969"
},
{
"name": "CVE-2017-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5029"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2010-4494",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4494"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2019-19956",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19956"
},
{
"name": "CVE-2015-9019",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2016-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3705"
},
{
"name": "CVE-2020-13630",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
},
{
"name": "CVE-2015-8241",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8241"
},
{
"name": "CVE-2016-3189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3189"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2011-3970",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3970"
},
{
"name": "CVE-2019-19646",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19646"
},
{
"name": "CVE-2012-2871",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
},
{
"name": "CVE-2023-28484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
},
{
"name": "CVE-2011-1944",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2016-1834",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
},
{
"name": "CVE-2019-19925",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19925"
},
{
"name": "CVE-2019-11068",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11068"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2019-19924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19924"
},
{
"name": "CVE-2022-29824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29824"
},
{
"name": "CVE-2013-0339",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0339"
},
{
"name": "CVE-2016-1684",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
},
{
"name": "CVE-2020-11656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2019-20388",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20388"
},
{
"name": "CVE-2019-13117",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13117"
},
{
"name": "CVE-2019-20218",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20218"
},
{
"name": "CVE-2023-31147",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31147"
},
{
"name": "CVE-2018-14567",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14567"
},
{
"name": "CVE-2015-7499",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
},
{
"name": "CVE-2023-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29469"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2016-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
},
{
"name": "CVE-2017-5130",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5130"
},
{
"name": "CVE-2019-8457",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8457"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2015-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2022-40303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40303"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2015-5312",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2020-15358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
},
{
"name": "CVE-2022-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
},
{
"name": "CVE-2019-19242",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19242"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2020-7595",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7595"
},
{
"name": "CVE-2016-2073",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2073"
},
{
"name": "CVE-2015-7497",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7497"
},
{
"name": "CVE-2015-7941",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7941"
},
{
"name": "CVE-2016-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-7942",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7942"
},
{
"name": "CVE-2015-8710",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8710"
},
{
"name": "CVE-2019-19880",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19880"
},
{
"name": "CVE-2015-7498",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7498"
},
{
"name": "CVE-2015-8317",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8317"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2021-3672",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3672"
},
{
"name": "CVE-2015-8242",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2016-1840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
},
{
"name": "CVE-2021-31239",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31239"
},
{
"name": "CVE-2016-9598",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9598"
},
{
"name": "CVE-2022-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
},
{
"name": "CVE-2019-13118",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13118"
},
{
"name": "CVE-2016-4607",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4607"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2020-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
},
{
"name": "CVE-2018-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2016-3709",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3709"
},
{
"name": "CVE-2016-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
},
{
"name": "CVE-2012-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2016-9597",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9597"
},
{
"name": "CVE-2015-8806",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8806"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2019-19645",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19645"
},
{
"name": "CVE-2016-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
},
{
"name": "CVE-2016-5180",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5180"
},
{
"name": "CVE-2013-2877",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2877"
},
{
"name": "CVE-2021-45346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45346"
},
{
"name": "CVE-2020-11655",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
},
{
"name": "CVE-2010-4008",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
},
{
"name": "CVE-2021-3541",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3541"
},
{
"name": "CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"name": "CVE-2019-16168",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16168"
},
{
"name": "CVE-2021-30560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30560"
},
{
"name": "CVE-2021-20227",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20227"
},
{
"name": "CVE-2017-7376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7376"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2022-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
},
{
"name": "CVE-2014-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
},
{
"name": "CVE-2017-9049",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9049"
},
{
"name": "CVE-2019-19923",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19923"
},
{
"name": "CVE-2023-31130",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2019-9937",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9937"
},
{
"name": "CVE-2019-5815",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5815"
},
{
"name": "CVE-2019-19959",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19959"
},
{
"name": "CVE-2019-19603",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19603"
},
{
"name": "CVE-2011-1202",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1202"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2017-8872",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8872"
},
{
"name": "CVE-2020-35527",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35527"
},
{
"name": "CVE-2016-1683",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
},
{
"name": "CVE-2021-3518",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3518"
},
{
"name": "CVE-2017-5969",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5969"
},
{
"name": "CVE-2020-13435",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
},
{
"name": "CVE-2016-4483",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4483"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"name": "CVE-2013-4520",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4520"
}
],
"initial_release_date": "2023-06-30T00:00:00",
"last_revision_date": "2023-06-30T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0499",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus\nNetwork Monitor. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une\nex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus Network Monitor",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2023-23 du 29 juin 2023",
"url": "https://www.tenable.com/security/tns-2023-23"
}
]
}
CERTA-2013-AVI-541
Vulnerability from certfr_avis - Published: 2013-09-23 - Updated: 2013-09-23
De multiples vulnérabilités ont été corrigées dans Apple TV. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Apple TV versions antérieures à 6.0
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eApple TV versions ant\u00e9rieures \u00e0 6.0\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-0993",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0993"
},
{
"name": "CVE-2013-1006",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1006"
},
{
"name": "CVE-2012-5134",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
},
{
"name": "CVE-2013-0998",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0998"
},
{
"name": "CVE-2013-1045",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1045"
},
{
"name": "CVE-2013-1040",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1040"
},
{
"name": "CVE-2013-1047",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1047"
},
{
"name": "CVE-2013-1001",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1001"
},
{
"name": "CVE-2013-3954",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3954"
},
{
"name": "CVE-2013-1019",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1019"
},
{
"name": "CVE-2013-5140",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5140"
},
{
"name": "CVE-2013-1005",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1005"
},
{
"name": "CVE-2012-2871",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
},
{
"name": "CVE-2013-0992",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0992"
},
{
"name": "CVE-2013-1042",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1042"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2013-0994",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0994"
},
{
"name": "CVE-2013-1010",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1010"
},
{
"name": "CVE-2013-5134",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5134"
},
{
"name": "CVE-2013-0879",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0879"
},
{
"name": "CVE-2013-1043",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1043"
},
{
"name": "CVE-2013-1007",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1007"
},
{
"name": "CVE-2013-0995",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0995"
},
{
"name": "CVE-2013-1037",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1037"
},
{
"name": "CVE-2011-3102",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
},
{
"name": "CVE-2013-1025",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1025"
},
{
"name": "CVE-2013-0991",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0991"
},
{
"name": "CVE-2013-1000",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1000"
},
{
"name": "CVE-2013-5125",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5125"
},
{
"name": "CVE-2013-1044",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1044"
},
{
"name": "CVE-2013-1008",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1008"
},
{
"name": "CVE-2013-1003",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1003"
},
{
"name": "CVE-2013-5128",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5128"
},
{
"name": "CVE-2013-1004",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1004"
},
{
"name": "CVE-2013-5145",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5145"
},
{
"name": "CVE-2013-2842",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2842"
},
{
"name": "CVE-2013-5142",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5142"
},
{
"name": "CVE-2013-5126",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5126"
},
{
"name": "CVE-2013-1039",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1039"
},
{
"name": "CVE-2013-1002",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1002"
},
{
"name": "CVE-2013-0996",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0996"
},
{
"name": "CVE-2013-3953",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3953"
},
{
"name": "CVE-2012-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
},
{
"name": "CVE-2013-0997",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0997"
},
{
"name": "CVE-2013-5139",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5139"
},
{
"name": "CVE-2013-3950",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3950"
},
{
"name": "CVE-2013-1011",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1011"
},
{
"name": "CVE-2013-1038",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1038"
},
{
"name": "CVE-2013-0999",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0999"
},
{
"name": "CVE-2013-1026",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1026"
},
{
"name": "CVE-2013-1046",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1046"
},
{
"name": "CVE-2013-5127",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5127"
},
{
"name": "CVE-2012-2807",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
},
{
"name": "CVE-2013-5138",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5138"
},
{
"name": "CVE-2011-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2391"
},
{
"name": "CVE-2013-1041",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1041"
},
{
"name": "CVE-2012-2825",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2825"
}
],
"initial_release_date": "2013-09-23T00:00:00",
"last_revision_date": "2013-09-23T00:00:00",
"links": [],
"reference": "CERTA-2013-AVI-541",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-09-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple TV\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple TV",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT5935 du 19 septembre 2013",
"url": "http://support.apple.com/kb/HT5935"
}
]
}
GSD-2012-2871
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2012-2871",
"description": "libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.",
"id": "GSD-2012-2871",
"references": [
"https://www.suse.com/security/cve/CVE-2012-2871.html",
"https://www.debian.org/security/2012/dsa-2555",
"https://access.redhat.com/errata/RHSA-2012:1265",
"https://alas.aws.amazon.com/cve/html/CVE-2012-2871.html",
"https://linux.oracle.com/cve/CVE-2012-2871.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2012-2871"
],
"details": "libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.",
"id": "GSD-2012-2871",
"modified": "2023-12-13T01:20:16.655352Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-2871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50838",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50838"
},
{
"name": "APPLE-SA-2013-10-22-8",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
},
{
"name": "DSA-2555",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2555"
},
{
"name": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?r1=56276\u0026r2=149930",
"refsource": "CONFIRM",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?r1=56276\u0026r2=149930"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=138673",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=138673"
},
{
"name": "http://support.apple.com/kb/HT6001",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6001"
},
{
"name": "chrome-xsl-transforms-code-exec(78179)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78179"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html"
},
{
"name": "54886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54886"
},
{
"name": "http://support.apple.com/kb/HT5934",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5934"
},
{
"name": "openSUSE-SU-2012:1215",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html"
},
{
"name": "https://chromiumcodereview.appspot.com/10824157",
"refsource": "CONFIRM",
"url": "https://chromiumcodereview.appspot.com/10824157"
},
{
"name": "MDVSA-2012:164",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"name": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?view=log",
"refsource": "CONFIRM",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?view=log"
},
{
"name": "APPLE-SA-2013-09-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,2.9.0]",
"affected_versions": "All versions up to 2.9.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2017-08-29",
"description": "libxml2, as used in Google Chrome, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.",
"fixed_versions": [],
"identifier": "CVE-2012-2871",
"identifiers": [
"CVE-2012-2871"
],
"not_impacted": "",
"package_slug": "nuget/libxml2",
"pubdate": "2012-08-31",
"solution": "Unfortunately, there is no solution available yet.",
"title": "Uncontrolled Resource Consumption",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2012-2871"
],
"uuid": "29a1f2d1-5d16-476f-92da-c9bc6df69dbb"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:6.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:5.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:6.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.80:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.81:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.0.1180.88",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.61:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.63:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.70:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.69:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.52:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.53:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.39:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.41:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.76:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.77:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.84:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.85:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.71:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.48:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.49:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxml2:*:rc1:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.74:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.75:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.82:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.83:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.62:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.72:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.59:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.51:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.78:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.79:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.86:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.87:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.68:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.64:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.54:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.55:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.47:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-2871"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/chromium/issues/detail?id=138673",
"refsource": "CONFIRM",
"tags": [],
"url": "http://code.google.com/p/chromium/issues/detail?id=138673"
},
{
"name": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?view=log",
"refsource": "CONFIRM",
"tags": [],
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?view=log"
},
{
"name": "https://chromiumcodereview.appspot.com/10824157",
"refsource": "CONFIRM",
"tags": [],
"url": "https://chromiumcodereview.appspot.com/10824157"
},
{
"name": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?r1=56276\u0026r2=149930",
"refsource": "CONFIRM",
"tags": [],
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?r1=56276\u0026r2=149930"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html"
},
{
"name": "DSA-2555",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2012/dsa-2555"
},
{
"name": "openSUSE-SU-2012:1215",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html"
},
{
"name": "50838",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/50838"
},
{
"name": "MDVSA-2012:164",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"name": "http://support.apple.com/kb/HT5934",
"refsource": "CONFIRM",
"tags": [],
"url": "http://support.apple.com/kb/HT5934"
},
{
"name": "APPLE-SA-2013-09-18-2",
"refsource": "APPLE",
"tags": [],
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
},
{
"name": "54886",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/54886"
},
{
"name": "APPLE-SA-2013-10-22-8",
"refsource": "APPLE",
"tags": [],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
},
{
"name": "http://support.apple.com/kb/HT6001",
"refsource": "CONFIRM",
"tags": [],
"url": "http://support.apple.com/kb/HT6001"
},
{
"name": "chrome-xsl-transforms-code-exec(78179)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78179"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2017-08-29T01:31Z",
"publishedDate": "2012-08-31T19:55Z"
}
}
}
GHSA-259F-5JP2-PGMR
Vulnerability from github – Published: 2022-05-17 01:45 – Updated: 2022-05-17 01:45
VLAI?
Details
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.
{
"affected": [],
"aliases": [
"CVE-2012-2871"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-08-31T19:55:00Z",
"severity": "MODERATE"
},
"details": "libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.",
"id": "GHSA-259f-5jp2-pgmr",
"modified": "2022-05-17T01:45:17Z",
"published": "2022-05-17T01:45:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2871"
},
{
"type": "WEB",
"url": "https://chromiumcodereview.appspot.com/10824157"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78179"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=138673"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/50838"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/54886"
},
{
"type": "WEB",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?r1=56276\u0026r2=149930"
},
{
"type": "WEB",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?view=log"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5934"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT6001"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2012/dsa-2555"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
}
],
"schema_version": "1.4.0",
"severity": []
}
FKIE_CVE-2012-2871
Vulnerability from fkie_nvd - Published: 2012-08-31 19:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.
References
| URL | Tags | ||
|---|---|---|---|
| chrome-cve-admin@google.com | http://code.google.com/p/chromium/issues/detail?id=138673 | ||
| chrome-cve-admin@google.com | http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html | ||
| chrome-cve-admin@google.com | http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html | ||
| chrome-cve-admin@google.com | http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html | ||
| chrome-cve-admin@google.com | http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html | ||
| chrome-cve-admin@google.com | http://secunia.com/advisories/50838 | ||
| chrome-cve-admin@google.com | http://secunia.com/advisories/54886 | ||
| chrome-cve-admin@google.com | http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?r1=56276&r2=149930 | ||
| chrome-cve-admin@google.com | http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?view=log | ||
| chrome-cve-admin@google.com | http://support.apple.com/kb/HT5934 | ||
| chrome-cve-admin@google.com | http://support.apple.com/kb/HT6001 | ||
| chrome-cve-admin@google.com | http://www.debian.org/security/2012/dsa-2555 | ||
| chrome-cve-admin@google.com | http://www.mandriva.com/security/advisories?name=MDVSA-2012:164 | ||
| chrome-cve-admin@google.com | https://chromiumcodereview.appspot.com/10824157 | ||
| chrome-cve-admin@google.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/78179 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://code.google.com/p/chromium/issues/detail?id=138673 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/50838 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/54886 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?r1=56276&r2=149930 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?view=log | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT5934 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT6001 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2555 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:164 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://chromiumcodereview.appspot.com/10824157 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/78179 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone_os | * | |
| apple | iphone_os | 1.0.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2 | |
| apple | iphone_os | 2.2.1 | |
| apple | iphone_os | 3.0 | |
| apple | iphone_os | 3.0.1 | |
| apple | iphone_os | 3.1 | |
| apple | iphone_os | 3.1.2 | |
| apple | iphone_os | 3.1.3 | |
| apple | iphone_os | 3.2 | |
| apple | iphone_os | 3.2.1 | |
| apple | iphone_os | 3.2.2 | |
| apple | iphone_os | 4.0 | |
| apple | iphone_os | 4.0.1 | |
| apple | iphone_os | 4.0.2 | |
| apple | iphone_os | 4.1 | |
| apple | iphone_os | 4.2.1 | |
| apple | iphone_os | 4.2.5 | |
| apple | iphone_os | 4.2.8 | |
| apple | iphone_os | 4.3.0 | |
| apple | iphone_os | 4.3.1 | |
| apple | iphone_os | 4.3.2 | |
| apple | iphone_os | 4.3.3 | |
| apple | iphone_os | 4.3.5 | |
| apple | iphone_os | 5.0 | |
| apple | iphone_os | 5.0.1 | |
| apple | iphone_os | 5.1 | |
| apple | iphone_os | 5.1.1 | |
| apple | iphone_os | 6.0 | |
| apple | iphone_os | 6.0.1 | |
| apple | iphone_os | 6.0.2 | |
| apple | iphone_os | 6.1 | |
| apple | iphone_os | 6.1.2 | |
| apple | iphone_os | 6.1.3 | |
| chrome | * | ||
| chrome | 21.0.1180.0 | ||
| chrome | 21.0.1180.1 | ||
| chrome | 21.0.1180.2 | ||
| chrome | 21.0.1180.31 | ||
| chrome | 21.0.1180.32 | ||
| chrome | 21.0.1180.33 | ||
| chrome | 21.0.1180.34 | ||
| chrome | 21.0.1180.35 | ||
| chrome | 21.0.1180.36 | ||
| chrome | 21.0.1180.37 | ||
| chrome | 21.0.1180.38 | ||
| chrome | 21.0.1180.39 | ||
| chrome | 21.0.1180.41 | ||
| chrome | 21.0.1180.46 | ||
| chrome | 21.0.1180.47 | ||
| chrome | 21.0.1180.48 | ||
| chrome | 21.0.1180.49 | ||
| chrome | 21.0.1180.50 | ||
| chrome | 21.0.1180.51 | ||
| chrome | 21.0.1180.52 | ||
| chrome | 21.0.1180.53 | ||
| chrome | 21.0.1180.54 | ||
| chrome | 21.0.1180.55 | ||
| chrome | 21.0.1180.56 | ||
| chrome | 21.0.1180.57 | ||
| chrome | 21.0.1180.59 | ||
| chrome | 21.0.1180.60 | ||
| chrome | 21.0.1180.61 | ||
| chrome | 21.0.1180.62 | ||
| chrome | 21.0.1180.63 | ||
| chrome | 21.0.1180.64 | ||
| chrome | 21.0.1180.68 | ||
| chrome | 21.0.1180.69 | ||
| chrome | 21.0.1180.70 | ||
| chrome | 21.0.1180.71 | ||
| chrome | 21.0.1180.72 | ||
| chrome | 21.0.1180.73 | ||
| chrome | 21.0.1180.74 | ||
| chrome | 21.0.1180.75 | ||
| chrome | 21.0.1180.76 | ||
| chrome | 21.0.1180.77 | ||
| chrome | 21.0.1180.78 | ||
| chrome | 21.0.1180.79 | ||
| chrome | 21.0.1180.80 | ||
| chrome | 21.0.1180.81 | ||
| chrome | 21.0.1180.82 | ||
| chrome | 21.0.1180.83 | ||
| chrome | 21.0.1180.84 | ||
| chrome | 21.0.1180.85 | ||
| chrome | 21.0.1180.86 | ||
| chrome | 21.0.1180.87 | ||
| xmlsoft | libxml2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D746FCB4-9ACA-425D-929F-F46EDDEC1B56",
"versionEndIncluding": "6.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "863383DA-0BC6-4A96-835A-A96128EC0202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFF5BE7-2BF6-48CE-B74B-B1A05383C10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51D3BE2B-5A01-4AD4-A436-0056B50A535D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A20F171-79FE-43B9-8309-B18341639FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "126EF22D-29BC-4366-97BC-B261311E6251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3DD7B3-DA4C-4B0A-A94E-6BF66B358B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A939B80-0AD0-48AF-81A7-370716F56639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D28528CE-4943-4F82-80C0-A629DA3E6702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12E22AF0-2B66-425A-A1EE-4F0E3B0433E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB34ECBE-33E8-40E1-936B-7800D2525AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "107C59BE-D8CF-4A17-8DFB-BED2AB12388D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36C86BB9-0328-4E34-BC2B-47B3471EC262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A54A8681-2D8A-4B0B-A947-82F3CE1FB03C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E0070D83-2E27-4DA8-8D10-A6A697216F36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8C9ACA63-4528-4090-B1EA-1FE57A6B0555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7252935C-E421-4339-B61F-0299E28888DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD342BF-096A-4082-B700-19629F2BDE87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93141AB6-26F2-4C6D-95B3-D383EABB4034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5C61FF-7CD3-410A-94F2-5DE701466B1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "28A01C87-B02A-4239-8340-B396D0E6B21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06980521-B0EA-434D-89AD-A951EAF1D23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AE6A93-3977-4B32-B2F6-55C94387DDE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E78F1F2C-2BFF-4D55-A754-102D6C42081B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A4AF71-8E71-432A-B908-361DAF99F4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE0068D-C699-4646-9658-610409925A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "87C215DD-BC98-4283-BF13-69556EF7CB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C3966E-C136-47A9-B5B4-70613756ED27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22AD2A1F-A637-47DE-A69F-DAE4ABDFA4BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D398B8-821B-4DE9-ADF1-4983051F964C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CCE5F2-4D32-404B-BAAC-E64F11BD41FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9EB400-8080-4519-ADE0-DF99113483AE",
"versionEndIncluding": "21.0.1180.88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.0:*:*:*:*:*:*:*",
"matchCriteriaId": "767C0C1A-EAC4-4F98-9E80-CFDA5069F118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2554F0-0DEB-41A0-A595-6A524F9EC001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F542051-CEED-45A4-BB83-937069D07CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.31:*:*:*:*:*:*:*",
"matchCriteriaId": "AC926FFC-EF03-46F0-B5B5-02B34571D6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.32:*:*:*:*:*:*:*",
"matchCriteriaId": "24849FF0-F873-4365-9B82-F16AD7F4A291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.33:*:*:*:*:*:*:*",
"matchCriteriaId": "8E784307-0538-4524-94EA-A88B1ABD0E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.34:*:*:*:*:*:*:*",
"matchCriteriaId": "5655EFE7-69CB-469F-A00A-D6F3F7F492E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.35:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B22D68-9E32-4566-8ED1-F1CE87903F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.36:*:*:*:*:*:*:*",
"matchCriteriaId": "40DB1183-DFF5-4251-BCDF-2F7696ABBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.37:*:*:*:*:*:*:*",
"matchCriteriaId": "8BD5341A-E508-4E5B-B03F-677D97E5A464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.38:*:*:*:*:*:*:*",
"matchCriteriaId": "E096479F-4C69-445A-8C2B-7201896F401B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.39:*:*:*:*:*:*:*",
"matchCriteriaId": "25756B8C-FBEB-4D7F-99E6-EA7D27B07B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.41:*:*:*:*:*:*:*",
"matchCriteriaId": "41371794-2083-4188-90BE-506419DC0B82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.46:*:*:*:*:*:*:*",
"matchCriteriaId": "51FF3E52-3E8E-4D2F-ABA3-B7D83219D723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.47:*:*:*:*:*:*:*",
"matchCriteriaId": "981570FA-6B44-49A8-9C9B-7D5127E90F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.48:*:*:*:*:*:*:*",
"matchCriteriaId": "36D2B7FE-2B20-47CA-9B3C-B726E21659E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.49:*:*:*:*:*:*:*",
"matchCriteriaId": "858BDFA4-E9CB-4537-ABA7-4283318CA501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.50:*:*:*:*:*:*:*",
"matchCriteriaId": "76D0CD04-8EF4-4B6A-BD4F-1DFCDDDD4DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.51:*:*:*:*:*:*:*",
"matchCriteriaId": "9E912B5D-81F3-4A93-A0E6-B1CFDE2B46EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.52:*:*:*:*:*:*:*",
"matchCriteriaId": "B578A2BC-9360-428C-9AFE-DC9DB9E0A621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.53:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCB6048-5A18-4FD6-A21B-95B595CF943C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.54:*:*:*:*:*:*:*",
"matchCriteriaId": "28882288-859D-425C-8BA3-F46D058B61D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.55:*:*:*:*:*:*:*",
"matchCriteriaId": "444AD7BB-FE0B-4A51-BA89-EE2647F4E8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.56:*:*:*:*:*:*:*",
"matchCriteriaId": "A0692DD3-562D-4BE7-BB61-1549EFFF9CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.57:*:*:*:*:*:*:*",
"matchCriteriaId": "5FF70696-70A8-4DFA-A0C3-172A103F3F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.59:*:*:*:*:*:*:*",
"matchCriteriaId": "25241621-CBB0-4E39-B901-2F70EE476722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.60:*:*:*:*:*:*:*",
"matchCriteriaId": "1355883C-C184-46C1-9CF7-AA59B0FC61B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.61:*:*:*:*:*:*:*",
"matchCriteriaId": "DB090D01-9F7E-49CF-8356-80CC03999121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.62:*:*:*:*:*:*:*",
"matchCriteriaId": "A37AB354-581C-42CA-B8E9-9AEAC0B326AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.63:*:*:*:*:*:*:*",
"matchCriteriaId": "885EFC87-061C-4EEF-880A-68D7D53BACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.64:*:*:*:*:*:*:*",
"matchCriteriaId": "D58B0932-1DF3-4308-8D82-B20564E974F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.68:*:*:*:*:*:*:*",
"matchCriteriaId": "A8FAD1E6-788F-4295-BFD2-F3CE99B14934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.69:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8AB897-7A45-4360-AFA7-EB7C8690ADD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.70:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF0FA83-C464-4270-A4E8-1441DF4ECFAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.71:*:*:*:*:*:*:*",
"matchCriteriaId": "86B70015-F651-467C-A846-5C97772D91EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.72:*:*:*:*:*:*:*",
"matchCriteriaId": "C07A549D-48EF-434C-ABBA-0FF7078060D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.73:*:*:*:*:*:*:*",
"matchCriteriaId": "B573E86E-3512-4DB9-911E-1B27A3BB69DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.74:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BDB997-D125-4B5D-9680-9AED7D89FD0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.75:*:*:*:*:*:*:*",
"matchCriteriaId": "0BAF7E49-6795-4848-AADD-40D8B2D5F5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.76:*:*:*:*:*:*:*",
"matchCriteriaId": "B7B244B3-86E0-4E1D-96A5-E0B9B50F2ADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.77:*:*:*:*:*:*:*",
"matchCriteriaId": "A0FF1C67-9CB7-4C78-9F3C-C88AB5A6284D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.78:*:*:*:*:*:*:*",
"matchCriteriaId": "3371BBF5-0B82-4005-96AE-9B604A2FA70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.79:*:*:*:*:*:*:*",
"matchCriteriaId": "5916EA0D-D763-4650-9AC4-A38C6E8EB052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.80:*:*:*:*:*:*:*",
"matchCriteriaId": "443C5B0F-8FC6-40E3-AA95-BB8884176002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.81:*:*:*:*:*:*:*",
"matchCriteriaId": "7CEE1054-F275-4C04-9F1E-994AD053827A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.82:*:*:*:*:*:*:*",
"matchCriteriaId": "FA50A727-8EBA-4E97-A003-FAA2258D9128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.83:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFF35D2-661A-4FCC-AB31-D354D1F204F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.84:*:*:*:*:*:*:*",
"matchCriteriaId": "150E8749-5A22-4834-A165-1F9FAFE3F91D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.85:*:*:*:*:*:*:*",
"matchCriteriaId": "DF534291-1F7A-486D-9574-CA9E734DBC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.86:*:*:*:*:*:*:*",
"matchCriteriaId": "A9ACB74A-3F0C-44FE-BC9D-4993AD58064F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.87:*:*:*:*:*:*:*",
"matchCriteriaId": "D1BF669C-3DAD-46B6-B2B9-A226CAC7B0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:rc1:*:*:*:*:*:*",
"matchCriteriaId": "30E8D5DA-7AF4-486B-AE33-B540F49D32EA",
"versionEndIncluding": "2.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h."
},
{
"lang": "es",
"value": "libxml2 v2.9.0-rc1 y anteriores, tal como se utiliza en Google Chrome antes de v21.0.1180.89, no admite correctamente un conversi\u00f3n de una variable no especificada durante la manipulaci\u00f3n de las transformaciones XSL, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio o posiblemente tener otro impacto desconocido a trav\u00e9s de un documento dise\u00f1ado para tal fin. Se trata de un problema relacionado con la estructura de datos _xmlNs en include/libxml/tree.h.\r\n"
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/704.html\n\n\u0027CWE-704: Incorrect Type Conversion or Cast\u0027",
"id": "CVE-2012-2871",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-31T19:55:01.123",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://code.google.com/p/chromium/issues/detail?id=138673"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://secunia.com/advisories/50838"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://secunia.com/advisories/54886"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?r1=56276\u0026r2=149930"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?view=log"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://support.apple.com/kb/HT5934"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://support.apple.com/kb/HT6001"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.debian.org/security/2012/dsa-2555"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://chromiumcodereview.appspot.com/10824157"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/chromium/issues/detail?id=138673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/54886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?r1=56276\u0026r2=149930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?view=log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT5934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT6001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://chromiumcodereview.appspot.com/10824157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78179"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…