admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-02 16:01:36 +00:00
parent 6a8d3b8eb2
commit 00c32cc139
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
20 changed files with 2617 additions and 1231 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
2013/2xxx/CVE-2013-2119.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2119",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary \"config\" file in a directory with a predictable name in /tmp/ before it is used by the gem."
"value": "CVE-2013-2119 rubygem-passenger: incorrect temporary file usage"
}
]
},
@ -44,33 +21,101 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Insecure Temporary File",
"cweId": "CWE-377"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "RHEL 6 Version of OpenShift Enterprise 1.2",
"version": {
"version_data": [
{
"version_value": "0:3.0.21-3.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.0.5-4.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.2.5-4.el6op",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=892813",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=892813"
"url": "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/",
"refsource": "MISC",
"name": "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/"
},
{
"name": "RHSA-2013:1136",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1136.html"
"url": "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/",
"refsource": "MISC",
"name": "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/"
},
{
"name": "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/",
"refsource": "CONFIRM",
"url": "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1136.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1136.html"
},
{
"name": "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/",
"refsource": "CONFIRM",
"url": "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/"
"url": "https://access.redhat.com/errata/RHSA-2013:1136",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1136"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-2119",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-2119"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=892813",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=892813"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

199
2013/2xxx/CVE-2013-2141.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2141",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call."
"value": "CVE-2013-2141 Kernel: signal: information leak in tkill/tgkill"
}
]
},
@ -44,73 +21,165 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.6.18-348.18.1.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-431.1.2.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "0:3.6.11.5-rt37.55.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=970873",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=970873"
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9"
},
{
"name": "USN-1899-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1899-1"
"url": "http://www.debian.org/security/2013/dsa-2766",
"refsource": "MISC",
"name": "http://www.debian.org/security/2013/dsa-2766"
},
{
"name": "MDVSA-2013:176",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
"url": "http://secunia.com/advisories/55055",
"refsource": "MISC",
"name": "http://secunia.com/advisories/55055"
},
{
"name": "[oss-security] 20130604 Re: CVE Request: kernel info leak in tkill/tgkill",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/06/04/10"
"url": "https://access.redhat.com/errata/RHSA-2013:1292",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1292"
},
{
"name": "https://github.com/torvalds/linux/commit/b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
},
{
"name": "DSA-2766",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2766"
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f"
},
{
"name": "openSUSE-SU-2013:1971",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1801.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1801.html"
},
{
"name": "RHSA-2013:1801",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1801.html"
"url": "http://www.openwall.com/lists/oss-security/2013/06/04/10",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/06/04/10"
},
{
"name": "55055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55055"
"url": "http://www.ubuntu.com/usn/USN-1899-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1899-1"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f"
"url": "http://www.ubuntu.com/usn/USN-1900-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1900-1"
},
{
"name": "USN-1900-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1900-1"
"url": "https://access.redhat.com/errata/RHSA-2013:1264",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1264"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1801",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1801"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-2141",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-2141"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=970873",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=970873"
},
{
"url": "https://github.com/torvalds/linux/commit/b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
]
}

282
2013/2xxx/CVE-2013-2165.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2165",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data."
"value": "CVE-2013-2165 JBoss RichFaces: Remote code execution due to insecure deserialization"
}
]
},
@ -44,68 +21,215 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "JBEWP 5 for RHEL 5",
"version": {
"version_data": [
{
"version_value": "0:3.3.1-6.SP3_patch_01.ep5.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "JBEWP 5 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:3.3.1-3.SP3_patch_01.ep5.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4",
"version": {
"version_data": [
{
"version_value": "0:2.0.2.FP_SEC1-1.ep2.6.el4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5",
"version": {
"version_data": [
{
"version_value": "0:2.0.2.FP_SEC1-1.ep2.6.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4",
"version": {
"version_data": [
{
"version_value": "0:3.3.1-11.SP3_patch_01.ep5.el4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5",
"version": {
"version_data": [
{
"version_value": "0:3.3.1-6.SP3_patch_01.ep5.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:3.3.1-3.SP3_patch_01.ep5.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "JVN#38787103",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN38787103/index.html"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2013-2165",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/cve/CVE-2013-2165"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=973570",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=973570"
},
{
"name": "RHSA-2013:1045",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1045.html"
},
{
"name": "RHSA-2013:1041",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1041.html"
},
{
"name": "RHSA-2013:1043",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1043.html"
},
{
"name": "RHSA-2013:1044",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1044.html"
},
{
"name": "JVNDB-2013-000072",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072"
},
{
"name": "RHSA-2013:1042",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1042.html"
},
{
"url": "http://jvn.jp/en/jp/JVN38787103/index.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html",
"url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html"
"name": "http://jvn.jp/en/jp/JVN38787103/index.html"
},
{
"refsource": "FULLDISC",
"name": "20200313 RichFaces exploitation toolkit",
"url": "http://seclists.org/fulldisclosure/2020/Mar/21"
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072",
"refsource": "MISC",
"name": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072"
},
{
"url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-1041.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1041.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-1042.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1042.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-1043.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1043.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-1044.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1044.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-1045.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1045.html"
},
{
"url": "http://seclists.org/fulldisclosure/2020/Mar/21",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2020/Mar/21"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1041",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1041"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1042",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1042"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1043",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1043"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1044",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1044"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1045",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1045"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-2165",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-2165"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=973570",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=973570"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Takeshi Terada (Mitsui Bussan Secure Directions, Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

214
2013/4xxx/CVE-2013-4148.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4148",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow."
"value": "CVE-2013-4148 qemu: virtio-net: buffer overflow on invalid state load"
}
]
},
@ -44,38 +21,187 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "OpenStack 3 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.415.el6_5.10",
"version_affected": "!"
}
]
}
},
{
"product_name": "OpenStack 4 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.415.el6_5.10",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.415.el6_5.10",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:1.5.3-60.el7_0.5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:1.5.3-60.el7_0.7",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.415.el6_5.10",
"version_affected": "!"
},
{
"version_value": "0:6.5-20140603.2.el6ev",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0743",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=71f7fe48e10a8437c9d42d859389f37157f59980",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=71f7fe48e10a8437c9d42d859389f37157f59980"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
},
{
"name": "RHSA-2014:0744",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html",
"refsource": "MISC",
"name": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=71f7fe48e10a8437c9d42d859389f37157f59980",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=71f7fe48e10a8437c9d42d859389f37157f59980"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
},
{
"name": "FEDORA-2014-6288",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:0674",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0674"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:0743",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0743"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:0744",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0744"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:0888",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0888"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:0927",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0927"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:1268",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1268"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-4148",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-4148"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066334",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1066334"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.7,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

107
2013/4xxx/CVE-2013-4181.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4181",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the addAlert function in the RedirectServlet servlet in oVirt Engine and Red Hat Enterprise Virtualization Manager (RHEV-M), as used in Red Hat Enterprise Virtualization 3 and 3.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
"value": "CVE-2013-4181 ovirt-engine: RedirectServlet cross-site scripting flaw"
}
]
},
@ -44,23 +21,83 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "RHEV Manager version 3.2",
"version": {
"version_data": [
{
"version_value": "0:3.2.0-42",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=988774",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=988774"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1210.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1210.html"
},
{
"name": "RHSA-2013:1210",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1210.html"
"url": "https://access.redhat.com/errata/RHSA-2013:1210",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1210"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-4181",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-4181"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=988774",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=988774"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

119
2013/4xxx/CVE-2013-4204.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4204",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the JUnit files in the GWTTestCase in Google Web Toolkit (GWT) before 2.5.1 RC1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
"value": "CVE-2013-4204 GWT: reflected XSS in HTML files used by GWTTestCase"
}
]
},
@ -44,33 +21,93 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130805 CVE request: XSS in Google Web Toolkit (GWT)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/08/05/1"
"url": "http://www.gwtproject.org/release-notes.html#Release_Notes_2_5_1_RC1",
"refsource": "MISC",
"name": "http://www.gwtproject.org/release-notes.html#Release_Notes_2_5_1_RC1"
},
{
"name": "61590",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61590"
"url": "http://www.openwall.com/lists/oss-security/2013/08/05/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/08/05/1"
},
{
"name": "[oss-security] 20130804 Re: CVE request: XSS in Google Web Toolkit (GWT)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/08/05/3"
"url": "http://www.openwall.com/lists/oss-security/2013/08/05/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/08/05/3"
},
{
"name": "http://www.gwtproject.org/release-notes.html#Release_Notes_2_5_1_RC1",
"refsource": "CONFIRM",
"url": "http://www.gwtproject.org/release-notes.html#Release_Notes_2_5_1_RC1"
"url": "http://www.securityfocus.com/bid/61590",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/61590"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-4204",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-4204"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=992911",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=992911"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

119
2013/4xxx/CVE-2013-4214.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4214",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache."
"value": "CVE-2013-4214 Nagios core: html/rss-newsfeed.php insecure temporary file usage"
}
]
},
@ -44,33 +21,93 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Insecure Temporary File",
"cweId": "CWE-377"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "OpenStack 3 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:3.5.1-2.el6ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:1526",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1526.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1526.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1526.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=958002",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=958002"
"url": "http://www.securityfocus.com/bid/61747",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/61747"
},
{
"name": "https://www.nagios.org/projects/nagios-core/history/4x/",
"refsource": "CONFIRM",
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
"url": "https://access.redhat.com/errata/RHSA-2013:1526",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1526"
},
{
"name": "61747",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61747"
"url": "https://access.redhat.com/security/cve/CVE-2013-4214",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-4214"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=958002",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=958002"
},
{
"url": "https://www.nagios.org/projects/nagios-core/history/4x/",
"refsource": "MISC",
"name": "https://www.nagios.org/projects/nagios-core/history/4x/"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}

190
2013/4xxx/CVE-2013-4288.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4288",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck."
"value": "CVE-2013-4288 polkit: unix-process subject for authorization is racy"
}
]
},
@ -44,63 +21,128 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
"cweId": "CWE-362"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:0.96-5.el6_4",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:1528",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00005.html"
},
{
"name": "RHSA-2013:1270",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1270.html"
},
{
"name": "openSUSE-SU-2013:1527",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00004.html"
},
{
"name": "[oss-security] 20130918 Fwd: [vs-plain] polkit races",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/09/18/4"
},
{
"name": "[oss-security] 20130918 Re: Fwd: [vs-plain] polkit races",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q3/626"
},
{
"name": "openSUSE-SU-2013:1617",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00062.html"
},
{
"name": "openSUSE-SU-2013:1620",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00000.html"
},
{
"name": "RHSA-2013:1460",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1460.html"
},
{
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1002375",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00062.html",
"refsource": "MISC",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1002375"
"name": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00062.html"
},
{
"name": "USN-1953-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1953-1"
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00000.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00000.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-1460.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1460.html"
},
{
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1002375",
"refsource": "MISC",
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1002375"
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00004.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00004.html"
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00005.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00005.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-1270.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1270.html"
},
{
"url": "http://seclists.org/oss-sec/2013/q3/626",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2013/q3/626"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/09/18/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/09/18/4"
},
{
"url": "http://www.ubuntu.com/usn/USN-1953-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1953-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1270",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1270"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-4288",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-4288"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1002375",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1002375"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

229
2013/4xxx/CVE-2013-4387.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4387",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet."
"value": "CVE-2013-4387 Kernel: net: IPv6: panic when UFO=On for an interface"
}
]
},
@ -44,98 +21,190 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-431.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-358.37.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "0:3.8.13-rt14.25.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-2024-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2024-1"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1011927",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1011927"
"url": "http://www.ubuntu.com/usn/USN-2049-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2049-1"
},
{
"name": "https://github.com/torvalds/linux/commit/2811ebac2521ceac84f2bdae402455baa6a7fb47",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/2811ebac2521ceac84f2bdae402455baa6a7fb47"
"url": "https://access.redhat.com/errata/RHSA-2013:1490",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1490"
},
{
"name": "RHSA-2013:1490",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
},
{
"name": "USN-2039-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2039-1"
"url": "http://www.ubuntu.com/usn/USN-2019-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2019-1"
},
{
"name": "USN-2022-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2022-1"
"url": "http://www.ubuntu.com/usn/USN-2021-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2021-1"
},
{
"name": "RHSA-2013:1645",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
"url": "http://www.ubuntu.com/usn/USN-2022-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2022-1"
},
{
"name": "USN-2038-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2038-1"
"url": "http://www.ubuntu.com/usn/USN-2024-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2024-1"
},
{
"name": "USN-2021-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2021-1"
"url": "http://www.ubuntu.com/usn/USN-2038-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2038-1"
},
{
"name": "USN-2019-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2019-1"
"url": "http://www.ubuntu.com/usn/USN-2039-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2039-1"
},
{
"name": "USN-2049-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2049-1"
"url": "http://www.ubuntu.com/usn/USN-2050-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2050-1"
},
{
"name": "RHSA-2014:0284",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0284.html"
"url": "https://access.redhat.com/errata/RHSA-2013:1645",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1645"
},
{
"name": "USN-2045-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2045-1"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2811ebac2521ceac84f2bdae402455baa6a7fb47",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2811ebac2521ceac84f2bdae402455baa6a7fb47"
},
{
"name": "USN-2050-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2050-1"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0284.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0284.html"
},
{
"name": "USN-2041-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2041-1"
"url": "http://www.openwall.com/lists/oss-security/2013/09/29/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/09/29/1"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2811ebac2521ceac84f2bdae402455baa6a7fb47",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2811ebac2521ceac84f2bdae402455baa6a7fb47"
"url": "http://www.ubuntu.com/usn/USN-2041-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2041-1"
},
{
"name": "[oss-security] 20130928 Re: linux kernel memory corruption with ipv6 udp offloading",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/09/29/1"
"url": "http://www.ubuntu.com/usn/USN-2045-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2045-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:0284",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0284"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-4387",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-4387"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1011927",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1011927"
},
{
"url": "https://github.com/torvalds/linux/commit/2811ebac2521ceac84f2bdae402455baa6a7fb47",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/2811ebac2521ceac84f2bdae402455baa6a7fb47"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
]
}

245
2013/4xxx/CVE-2013-4408.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4408",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet."
"value": "CVE-2013-4408 samba: Heap-based buffer overflow due to incorrect DCE-RPC fragment length field check"
}
]
},
@ -44,108 +21,204 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:3.6.6-0.138.el5_10",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:4.0.0-60.el6_5.rc4",
"version_affected": "!"
},
{
"version_value": "0:3.6.9-167.el6_5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Storage 2.1",
"version": {
"version_data": [
{
"version_value": "0:3.6.9-167.5.1.el6rhs",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "HPSBUX03087",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141660010015249&w=2"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html"
},
{
"name": "USN-2054-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2054-1"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html"
},
{
"name": "RHSA-2013:1805",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1805.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html"
},
{
"name": "http://www.samba.org/samba/security/CVE-2013-4408",
"refsource": "CONFIRM",
"url": "http://www.samba.org/samba/security/CVE-2013-4408"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html"
},
{
"name": "FEDORA-2014-9132",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html"
},
{
"name": "SSRT101413",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141660010015249&w=2"
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html"
},
{
"name": "http://www.samba.org/samba/ftp/patches/security/samba-4.1.2-CVE-2013-4408-CVE-2012-6150.patch",
"refsource": "CONFIRM",
"url": "http://www.samba.org/samba/ftp/patches/security/samba-4.1.2-CVE-2013-4408-CVE-2012-6150.patch"
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html"
},
{
"name": "DSA-2812",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2812"
"url": "http://marc.info/?l=bugtraq&m=141660010015249&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=141660010015249&w=2"
},
{
"name": "SUSE-SU-2014:0024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html"
"url": "http://security.gentoo.org/glsa/glsa-201502-15.xml",
"refsource": "MISC",
"name": "http://security.gentoo.org/glsa/glsa-201502-15.xml"
},
{
"name": "openSUSE-SU-2014:0405",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:299",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:299"
},
{
"name": "GLSA-201502-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-15.xml"
"url": "http://www.ubuntu.com/usn/USN-2054-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2054-1"
},
{
"name": "FEDORA-2014-7672",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1805.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1805.html"
},
{
"name": "openSUSE-SU-2013:1921",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1806.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1806.html"
},
{
"name": "openSUSE-SU-2016:1106",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0009.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0009.html"
},
{
"name": "RHSA-2013:1806",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1806.html"
"url": "http://www.debian.org/security/2013/dsa-2812",
"refsource": "MISC",
"name": "http://www.debian.org/security/2013/dsa-2812"
},
{
"name": "openSUSE-SU-2016:1107",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html"
"url": "http://www.samba.org/samba/ftp/patches/security/samba-4.1.2-CVE-2013-4408-CVE-2012-6150.patch",
"refsource": "MISC",
"name": "http://www.samba.org/samba/ftp/patches/security/samba-4.1.2-CVE-2013-4408-CVE-2012-6150.patch"
},
{
"name": "64191",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64191"
"url": "http://www.samba.org/samba/security/CVE-2013-4408",
"refsource": "MISC",
"name": "http://www.samba.org/samba/security/CVE-2013-4408"
},
{
"name": "RHSA-2014:0009",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0009.html"
"url": "http://www.securityfocus.com/bid/64191",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/64191"
},
{
"name": "MDVSA-2013:299",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:299"
"url": "https://access.redhat.com/errata/RHSA-2013:1805",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1805"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1806",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1806"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:0009",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0009"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-4408",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-4408"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018032",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1018032"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

265
2013/4xxx/CVE-2013-4470.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4470",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c."
"value": "CVE-2013-4470 Kernel: net: memory corruption with UDP_CORK and UFO"
}
]
},
@ -44,128 +21,220 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Missing Initialization of a Variable",
"cweId": "CWE-456"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-431.1.2.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-358.37.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "0:3.8.13-rt27.33.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c547dbf55d5f8cf615ccc0e7265e98db27d3fb8b",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c547dbf55d5f8cf615ccc0e7265e98db27d3fb8b"
"url": "http://www.ubuntu.com/usn/USN-2066-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2066-1"
},
{
"name": "[oss-security] 20131025 Re: CVE request: Linux kernel: net: memory corruption with UDP_CORK and UFO",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/25/5"
"url": "http://www.ubuntu.com/usn/USN-2067-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2067-1"
},
{
"name": "USN-2043-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2043-1"
"url": "http://www.ubuntu.com/usn/USN-2069-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2069-1"
},
{
"name": "USN-2073-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2073-1"
"url": "http://www.ubuntu.com/usn/USN-2073-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2073-1"
},
{
"name": "USN-2040-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2040-1"
"url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.12.bz2",
"refsource": "MISC",
"name": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.12.bz2"
},
{
"name": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.12.bz2",
"refsource": "CONFIRM",
"url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.12.bz2"
"url": "http://www.ubuntu.com/usn/USN-2049-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2049-1"
},
{
"name": "USN-2069-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2069-1"
"url": "http://www.ubuntu.com/usn/USN-2050-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2050-1"
},
{
"name": "USN-2044-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2044-1"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1801.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1801.html"
},
{
"name": "RHSA-2013:1801",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1801.html"
"url": "https://access.redhat.com/errata/RHSA-2013:1801",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1801"
},
{
"name": "USN-2066-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2066-1"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0284.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0284.html"
},
{
"name": "SUSE-SU-2014:0459",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html"
"url": "https://access.redhat.com/errata/RHSA-2014:0284",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0284"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1023477",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1023477"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c547dbf55d5f8cf615ccc0e7265e98db27d3fb8b",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c547dbf55d5f8cf615ccc0e7265e98db27d3fb8b"
},
{
"name": "https://github.com/torvalds/linux/commit/c547dbf55d5f8cf615ccc0e7265e98db27d3fb8b",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/c547dbf55d5f8cf615ccc0e7265e98db27d3fb8b"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e93b7d748be887cd7639b113ba7d7ef792a7efb9",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e93b7d748be887cd7639b113ba7d7ef792a7efb9"
},
{
"name": "USN-2049-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2049-1"
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html"
},
{
"name": "RHSA-2014:0284",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0284.html"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0100.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0100.html"
},
{
"name": "63359",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63359"
"url": "http://www.openwall.com/lists/oss-security/2013/10/25/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/10/25/5"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e93b7d748be887cd7639b113ba7d7ef792a7efb9",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e93b7d748be887cd7639b113ba7d7ef792a7efb9"
"url": "http://www.securityfocus.com/bid/63359",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/63359"
},
{
"name": "USN-2050-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2050-1"
"url": "http://www.ubuntu.com/usn/USN-2040-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2040-1"
},
{
"name": "USN-2042-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2042-1"
"url": "http://www.ubuntu.com/usn/USN-2042-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2042-1"
},
{
"name": "https://github.com/torvalds/linux/commit/e93b7d748be887cd7639b113ba7d7ef792a7efb9",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/e93b7d748be887cd7639b113ba7d7ef792a7efb9"
"url": "http://www.ubuntu.com/usn/USN-2043-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2043-1"
},
{
"name": "RHSA-2014:0100",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0100.html"
"url": "http://www.ubuntu.com/usn/USN-2044-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2044-1"
},
{
"name": "USN-2067-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2067-1"
"url": "http://www.ubuntu.com/usn/USN-2046-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2046-1"
},
{
"name": "USN-2046-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2046-1"
"url": "https://access.redhat.com/errata/RHSA-2014:0100",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0100"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-4470",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-4470"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1023477",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1023477"
},
{
"url": "https://github.com/torvalds/linux/commit/c547dbf55d5f8cf615ccc0e7265e98db27d3fb8b",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/c547dbf55d5f8cf615ccc0e7265e98db27d3fb8b"
},
{
"url": "https://github.com/torvalds/linux/commit/e93b7d748be887cd7639b113ba7d7ef792a7efb9",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/e93b7d748be887cd7639b113ba7d7ef792a7efb9"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.2,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

447
2017/2xxx/CVE-2017-2615.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2615",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "display",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "qemu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,140 +15,396 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.5/CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
],
[
{
"vectorString": "4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
"value": "Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:83-277.el5_11",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.491.el6_8.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:1.5.3-126.el7_3.5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.491.el6_8.7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-28.el7_3.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-28.el7_3.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-28.el7_3.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-28.el7_3.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-28.el7_3.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-28.el7_3.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-28.el7_3.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.491.el6_8.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-7",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-28.el7_3.6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0329",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html"
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "RHSA-2017:0334",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
"url": "https://security.gentoo.org/glsa/201702-28",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0309.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0309.html"
},
{
"name": "1037804",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037804"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0328.html"
},
{
"name": "RHSA-2017:0328",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0329.html"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0330.html"
},
{
"name": "95990",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95990"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0331.html"
},
{
"name": "RHSA-2017:0333",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0332.html"
},
{
"name": "GLSA-201702-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-27"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0333.html"
},
{
"name": "[oss-security] 20170201 CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/01/6"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
},
{
"name": "RHSA-2017:0454",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0344.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0344.html"
},
{
"name": "[qemu-devel] 20170201 [PATCH v3] cirrus: fix oob access issue (CVE-2017-2615)",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
},
{
"name": "RHSA-2017:0331",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0396.html"
},
{
"name": "GLSA-201702-28",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-28"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0454.html"
},
{
"name": "RHSA-2017:0350",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
"url": "http://www.openwall.com/lists/oss-security/2017/02/01/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/02/01/6"
},
{
"name": "RHSA-2017:0396",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html"
"url": "http://www.securityfocus.com/bid/95990",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/95990"
},
{
"name": "RHSA-2017:0309",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0309.html"
"url": "http://www.securitytracker.com/id/1037804",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037804"
},
{
"name": "RHSA-2017:0344",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0344.html"
"url": "https://access.redhat.com/errata/RHSA-2017:0309",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0309"
},
{
"name": "RHSA-2017:0330",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html"
"url": "https://access.redhat.com/errata/RHSA-2017:0328",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0328"
},
{
"name": "RHSA-2017:0332",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html"
"url": "https://access.redhat.com/errata/RHSA-2017:0329",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0329"
},
{
"name": "https://support.citrix.com/article/CTX220771",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX220771"
"url": "https://access.redhat.com/errata/RHSA-2017:0330",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0330"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0331",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0331"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0332",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0332"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0333",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0333"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0334",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0334"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0344",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0344"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0350",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0350"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0396",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0396"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0454",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0454"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-2615",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2615"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418200",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1418200"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html"
},
{
"url": "https://security.gentoo.org/glsa/201702-27",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201702-27"
},
{
"url": "https://support.citrix.com/article/CTX220771",
"refsource": "MISC",
"name": "https://support.citrix.com/article/CTX220771"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Li Qiang (360.cn Inc.) and Wjjzhang (Tencent.com Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
]
}

167
2017/2xxx/CVE-2017-2618.json
View File

@ -1,106 +1,147 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2618",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "4.9.10"
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory."
"value": "A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-193"
"value": "Off-by-one Error",
"cweId": "CWE-193"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.16.1.rt56.437.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-514.16.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-514.rt56.219.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[selinux] 20170131 [PATCH] selinux: fix off-by-one in setprocattr",
"refsource": "MLIST",
"url": "https://marc.info/?l=selinux&m=148588165923772&w=2"
"url": "http://www.securityfocus.com/bid/96272",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/96272"
},
{
"name": "DSA-3791",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3791"
"url": "https://access.redhat.com/errata/RHSA-2017:0931",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0931"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2618",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2618"
"url": "https://access.redhat.com/errata/RHSA-2017:0932",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0932"
},
{
"name": "RHSA-2017:0932",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0932"
"url": "https://access.redhat.com/errata/RHSA-2017:0933",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0933"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0c461cb727d146c9ef2d3e86214f498b78b7d125",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0c461cb727d146c9ef2d3e86214f498b78b7d125"
"url": "https://access.redhat.com/security/cve/CVE-2017-2618",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2618"
},
{
"name": "RHSA-2017:0933",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0933"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1419916",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1419916"
},
{
"name": "RHSA-2017:0931",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0931"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2618",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2618"
},
{
"name": "96272",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96272"
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0c461cb727d146c9ef2d3e86214f498b78b7d125",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0c461cb727d146c9ef2d3e86214f498b78b7d125"
},
{
"url": "https://marc.info/?l=selinux&m=148588165923772&w=2",
"refsource": "MISC",
"name": "https://marc.info/?l=selinux&m=148588165923772&w=2"
},
{
"url": "https://www.debian.org/security/2017/dsa-3791",
"refsource": "MISC",
"name": "https://www.debian.org/security/2017/dsa-3791"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Paul Moore (Red Hat Engineering)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

183
2017/2xxx/CVE-2017-2634.json
View File

@ -1,101 +1,164 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2634",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel:",
"version": {
"version_data": [
{
"version_value": "2.6.22.17"
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system."
"value": "It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.6.18-419.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5.6 Long Life",
"version": {
"version_data": [
{
"version_value": "0:2.6.18-238.58.1.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5.9 Long Life",
"version": {
"version_data": [
{
"version_value": "0:2.6.18-348.33.1.el5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0323",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0323.html"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0323.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0323.html"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f53dc67c5e7babafe239b93a11678b0e05bead51",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f53dc67c5e7babafe239b93a11678b0e05bead51"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0346.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0346.html"
},
{
"name": "RHSA-2017:0347",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0347.html"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0347.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0347.html"
},
{
"name": "1037909",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037909"
"url": "http://www.securityfocus.com/bid/96529",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/96529"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2634",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2634"
"url": "http://www.securitytracker.com/id/1037909",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037909"
},
{
"name": "RHSA-2017:0346",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0346.html"
"url": "https://access.redhat.com/errata/RHSA-2017:0323",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0323"
},
{
"name": "96529",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96529"
"url": "https://access.redhat.com/errata/RHSA-2017:0346",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0346"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0347",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0347"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-2634",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2634"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1424751",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1424751"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2634",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2634"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f53dc67c5e7babafe239b93a11678b0e05bead51",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f53dc67c5e7babafe239b93a11678b0e05bead51"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Wade Mealing (Red Hat Product Security)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

332
2017/2xxx/CVE-2017-2636.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2636",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline."
"value": "A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system."
}
]
},
@ -44,93 +21,272 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
"cweId": "CWE-362"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-696.1.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-220.71.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.4 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-358.78.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-431.80.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.5 Telco Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-431.80.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.6 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-504.60.2.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.6 Telco Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-504.60.2.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.7 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-573.42.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.16.1.rt56.437.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-514.16.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.2 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-327.53.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-514.rt56.219.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0892",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0892"
},
{
"name": "96732",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96732"
},
{
"name": "1037963",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037963"
},
{
"name": "RHSA-2017:0932",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0932"
},
{
"name": "[oss-security] 20170307 Linux kernel: CVE-2017-2636: local privilege escalation flaw in n_hdlc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/03/07/6"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1428319",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1428319"
},
{
"name": "https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html",
"url": "http://www.debian.org/security/2017/dsa-3804",
"refsource": "MISC",
"url": "https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html"
"name": "http://www.debian.org/security/2017/dsa-3804"
},
{
"name": "RHSA-2017:1125",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1125"
"url": "https://access.redhat.com/errata/RHSA-2017:0931",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0931"
},
{
"name": "RHSA-2017:0933",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0933"
"url": "https://access.redhat.com/errata/RHSA-2017:0932",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0932"
},
{
"name": "RHSA-2017:1232",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1232"
"url": "https://access.redhat.com/errata/RHSA-2017:0933",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0933"
},
{
"name": "RHSA-2017:0931",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0931"
"url": "http://www.openwall.com/lists/oss-security/2017/03/07/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/03/07/6"
},
{
"name": "DSA-3804",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3804"
"url": "http://www.securityfocus.com/bid/96732",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/96732"
},
{
"name": "RHSA-2017:1233",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1233"
"url": "http://www.securitytracker.com/id/1037963",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037963"
},
{
"name": "RHSA-2017:1488",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1488"
"url": "https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html",
"refsource": "MISC",
"name": "https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html"
},
{
"name": "RHSA-2017:0986",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0986"
"url": "https://access.redhat.com/errata/RHSA-2017:0892",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0892"
},
{
"name": "RHSA-2017:1126",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1126"
"url": "https://access.redhat.com/errata/RHSA-2017:0986",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0986"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:1125",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1125"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:1126",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1126"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:1232",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1232"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:1233",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1233"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:1488",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1488"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-2636",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2636"
},
{
"url": "https://access.redhat.com/security/vulnerabilities/CVE-2017-2636",
"refsource": "MISC",
"name": "https://access.redhat.com/security/vulnerabilities/CVE-2017-2636"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1428319",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1428319"
}
]
},
"work_around": [
{
"lang": "en",
"value": "The n_hdlc kernel module will be automatically loaded when an application attempts to use the HDLC line discipline from userspace. This module can be prevented from being loaded by using the system-wide modprobe rules. The following command, run as root, will prevent accidental or intentional loading of the module. Red Hat Product Security believe this method is a robust method to prevent accidental loading of the module, even by privileged users.\n\n\u200b# echo \"install n_hdlc /bin/true\" >> /etc/modprobe.d/disable-n_hdlc.conf\n\nThe system will need to be restarted if the n_hdlc modules are already loaded. In most circumstances, the n_hdlc kernel modules will be unable to be unloaded if in use and while any current process using this line discipline is required.\n\nExploiting this flaw does not require Microgate or SyncLink hardware to be in use.\n\nIf further assistance is needed, see this KCS article ( https://access.redhat.com/solutions/41278 ) or contact Red Hat Global Support Services."
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Alexander Popov for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}

206
2017/2xxx/CVE-2017-2671.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2671",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call."
"value": "A race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system."
}
]
},
@ -44,73 +21,152 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
"cweId": "CWE-362"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-754.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.rt56.617.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-693.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-693.2.1.rt56.585.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "97407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97407"
},
{
"name": "https://github.com/torvalds/linux/commit/43a6684519ab0a6c52024b5e25322476cabad893",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/43a6684519ab0a6c52024b5e25322476cabad893"
},
{
"name": "[oss-security] 20170404 Re: Linux kernel ping socket / AF_LLC connect() sin_family race",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2017/04/04/8"
},
{
"name": "RHSA-2017:2669",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"name": "RHSA-2018:1854",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name": "USN-3754-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3754-1/"
},
{
"name": "https://twitter.com/danieljiang0415/status/845116665184497664",
"url": "https://access.redhat.com/errata/RHSA-2018:1854",
"refsource": "MISC",
"url": "https://twitter.com/danieljiang0415/status/845116665184497664"
"name": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name": "https://github.com/danieljiang0415/android_kernel_crash_poc",
"url": "https://usn.ubuntu.com/3754-1/",
"refsource": "MISC",
"url": "https://github.com/danieljiang0415/android_kernel_crash_poc"
"name": "https://usn.ubuntu.com/3754-1/"
},
{
"name": "42135",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42135/"
"url": "https://access.redhat.com/errata/RHSA-2017:2669",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"name": "RHSA-2017:2077",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2077"
"url": "https://access.redhat.com/errata/RHSA-2017:1842",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1842"
},
{
"name": "RHSA-2017:1842",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1842"
"url": "https://access.redhat.com/errata/RHSA-2017:2077",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/net/ipv4/ping.c?id=43a6684519ab0a6c52024b5e25322476cabad893",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/net/ipv4/ping.c?id=43a6684519ab0a6c52024b5e25322476cabad893"
"url": "http://openwall.com/lists/oss-security/2017/04/04/8",
"refsource": "MISC",
"name": "http://openwall.com/lists/oss-security/2017/04/04/8"
},
{
"url": "http://www.securityfocus.com/bid/97407",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/97407"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-2671",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2671"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1436649",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1436649"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/net/ipv4/ping.c?id=43a6684519ab0a6c52024b5e25322476cabad893",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/net/ipv4/ping.c?id=43a6684519ab0a6c52024b5e25322476cabad893"
},
{
"url": "https://github.com/danieljiang0415/android_kernel_crash_poc",
"refsource": "MISC",
"name": "https://github.com/danieljiang0415/android_kernel_crash_poc"
},
{
"url": "https://github.com/torvalds/linux/commit/43a6684519ab0a6c52024b5e25322476cabad893",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/43a6684519ab0a6c52024b5e25322476cabad893"
},
{
"url": "https://twitter.com/danieljiang0415/status/845116665184497664",
"refsource": "MISC",
"name": "https://twitter.com/danieljiang0415/status/845116665184497664"
},
{
"url": "https://www.exploit-db.com/exploits/42135/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/42135/"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}

149
2017/2xxx/CVE-2017-2673.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2673",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openstack-keystone",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,59 +15,119 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.8/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863"
"value": "Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"version": {
"version_data": [
{
"version_value": "1:10.0.1-3.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
"version": {
"version_data": [
{
"version_value": "1:9.3.0-2.el7ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170425 [OSSA-2017-004] federated user gets wrong role (CVE-2017-2673)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2017/q2/125"
"url": "http://seclists.org/oss-sec/2017/q2/125",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2017/q2/125"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2673",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2673"
"url": "http://www.securityfocus.com/bid/98032",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/98032"
},
{
"name": "https://bugs.launchpad.net/keystone/+bug/1677723",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/keystone/+bug/1677723"
"url": "https://access.redhat.com/errata/RHSA-2017:1461",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1461"
},
{
"name": "RHSA-2017:1461",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1461"
"url": "https://access.redhat.com/errata/RHSA-2017:1597",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1597"
},
{
"name": "RHSA-2017:1597",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1597"
"url": "https://access.redhat.com/security/cve/CVE-2017-2673",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2673"
},
{
"name": "98032",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98032"
"url": "https://bugs.launchpad.net/keystone/+bug/1677723",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/keystone/+bug/1677723"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1439586",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1439586"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2673",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2673"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank the Openstack project for reporting this issue. Upstream acknowledges Boris Bobrov (Mail.Ru) as the original reporter."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
]
}

131
2017/7xxx/CVE-2017-7470.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7470",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "spacewalk-backend",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,44 +15,104 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863"
"value": "Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 5.6",
"version": {
"version_data": [
{
"version_value": "0:2.0.3-45.el6sat",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Satellite 5.7",
"version": {
"version_data": [
{
"version_value": "0:2.3.3-49.el6sat",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1259",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1259"
"url": "http://www.securityfocus.com/bid/98569",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/98569"
},
{
"name": "98569",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98569"
"url": "https://access.redhat.com/errata/RHSA-2017:1259",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1259"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7470",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7470"
"url": "https://access.redhat.com/security/cve/CVE-2017-7470",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-7470"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1439622",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1439622"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7470",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7470"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Bert Stel (SUSE) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
]
}

135
2017/7xxx/CVE-2017-7477.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7477",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux kernel",
"version": {
"version_data": [
{
"version_value": "Linux kernel"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function."
"value": "A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature are both used together. A remote user or process could use this flaw to potentially escalate their privilege on a system."
}
]
},
@ -44,48 +21,106 @@
"description": [
{
"lang": "eng",
"value": "heap overflow"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.26.1.rt56.442.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-514.26.1.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee"
"url": "https://access.redhat.com/errata/RHSA-2017:1615",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1615"
},
{
"name": "1038500",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038500"
"url": "https://access.redhat.com/errata/RHSA-2017:1616",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1616"
},
{
"name": "RHSA-2017:1615",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1615"
"url": "http://www.securityfocus.com/bid/98014",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/98014"
},
{
"name": "RHSA-2017:1616",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1616"
"url": "http://www.securitytracker.com/id/1038500",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1038500"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1445207",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445207"
"url": "https://access.redhat.com/security/cve/CVE-2017-7477",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-7477"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5294b83086cc1c35b4efeca03644cf9d12282e5b",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5294b83086cc1c35b4efeca03644cf9d12282e5b"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445207",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1445207"
},
{
"name": "98014",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98014"
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5294b83086cc1c35b4efeca03644cf9d12282e5b",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5294b83086cc1c35b4efeca03644cf9d12282e5b"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Red Hat recommends blacklisting the kernel module to prevent its use. This will prevent accidental version loading by administration and also mitigate the flaw if a kernel with the affected module is booted.\n\nAs the macsec module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\nRaw\n\n # echo \"install macsec /bin/true\" >> /etc/modprobe.d/disable-macsec.conf \n\nIf macsec functionality is in use as a functional part of the system a kernel upgrade is required."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}

2
2023/23xxx/CVE-2023-23128.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS)."
"value": "** DISPUTED ** Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not valid."
}
]
},