diff --git a/2008/1xxx/CVE-2008-1947.json b/2008/1xxx/CVE-2008-1947.json index be916456b16..e3bf1aa850c 100644 --- a/2008/1xxx/CVE-2008-1947.json +++ b/2008/1xxx/CVE-2008-1947.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2008-1947", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add." + "value": "CVE-2008-1947 Tomcat host manager xss - name field" } ] }, @@ -44,278 +21,372 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Developer Suite V.3", + "version": { + "version_data": [ + { + "version_value": "0:5.5.23-0jpp_12rh", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 5", + "version": { + "version_data": [ + { + "version_value": "0:5.5.23-0jpp.7.el5_2.1", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Network Satellite Server v 5.0", + "version": { + "version_data": [ + { + "version_value": "0:5.0.30-0jpp_12rh", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Network Satellite Server v 5.1", + "version": { + "version_data": [ + { + "version_value": "0:5.0.30-0jpp_12rh", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "RHAPS Version 2 for RHEL 4", + "version": { + "version_data": [ + { + "version_value": "0:5.5.23-0jpp_4rh.9", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "20080602 [SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability", - "refsource": "BUGTRAQ", - "url": "http://www.securityfocus.com/archive/1/492958/100/0/threaded" + "url": "http://secunia.com/advisories/37460", + "refsource": "MISC", + "name": "http://secunia.com/advisories/37460" }, { - "name": "30500", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/30500" + "url": "http://tomcat.apache.org/security-5.html", + "refsource": "MISC", + "name": "http://tomcat.apache.org/security-5.html" }, { - "name": "RHSA-2008:0862", - "refsource": "REDHAT", - "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html" + "url": "http://tomcat.apache.org/security-6.html", + "refsource": "MISC", + "name": "http://tomcat.apache.org/security-6.html" }, { - "name": "34013", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/34013" + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded", + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { - "name": "[tomcat-user] 20080602 [SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability", - "refsource": "MLIST", - "url": "http://marc.info/?l=tomcat-user&m=121244319501278&w=2" + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "MISC", + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { - "name": "oval:org.mitre.oval:def:6009", - "refsource": "OVAL", - "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009" + "url": "http://www.vupen.com/english/advisories/2009/3316", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2009/3316" }, { - "name": "ADV-2008-2823", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2008/2823" + "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E" }, { - "name": "apache-tomcat-hostmanager-xss(42816)", - "refsource": "XF", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42816" + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E" }, { - "name": "37460", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/37460" + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E" }, { - "name": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html", - "refsource": "CONFIRM", - "url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html" + "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E" }, { - "name": "31681", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/31681" + "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html", + "refsource": "MISC", + "name": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" }, { - "name": "32120", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/32120" + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { - "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource": "CONFIRM", - "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2", + "refsource": "MISC", + "name": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" }, { - "name": "ADV-2008-1725", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2008/1725" + "url": "http://secunia.com/advisories/32120", + "refsource": "MISC", + "name": "http://secunia.com/advisories/32120" }, { - "name": "30592", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/30592" + "url": "http://secunia.com/advisories/32222", + "refsource": "MISC", + "name": "http://secunia.com/advisories/32222" }, { - "name": "33999", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/33999" + "url": "http://secunia.com/advisories/32266", + "refsource": "MISC", + "name": "http://secunia.com/advisories/32266" }, { - "name": "oval:org.mitre.oval:def:11534", - "refsource": "OVAL", - "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534" + "url": "http://secunia.com/advisories/57126", + "refsource": "MISC", + "name": "http://secunia.com/advisories/57126" }, { - "name": "29502", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/29502" + "url": "http://support.apple.com/kb/HT3216", + "refsource": "MISC", + "name": "http://support.apple.com/kb/HT3216" }, { - "name": "31865", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/31865" + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm", + "refsource": "MISC", + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm" }, { - "name": "FEDORA-2008-8130", - "refsource": "FEDORA", - "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html" + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188" }, { - "name": "31639", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/31639" + "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html", + "refsource": "MISC", + "name": "http://www.redhat.com/support/errata/RHSA-2008-0862.html" }, { - "name": "30967", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/30967" + "url": "http://www.securityfocus.com/bid/31681", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/31681" }, { - "name": "MDVSA-2008:188", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188" + "url": "http://www.vupen.com/english/advisories/2008/2780", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2008/2780" }, { - "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm", - "refsource": "CONFIRM", - "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm" + "url": "http://www.vupen.com/english/advisories/2008/2823", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2008/2823" }, { - "name": "ADV-2009-0320", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2009/0320" + "url": "https://access.redhat.com/errata/RHSA-2008:0862", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2008:0862" }, { - "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource": "BUGTRAQ", - "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + "url": "http://marc.info/?l=bugtraq&m=123376588623823&w=2", + "refsource": "MISC", + "name": "http://marc.info/?l=bugtraq&m=123376588623823&w=2" }, { - "name": "RHSA-2008:0864", - "refsource": "REDHAT", - "url": "http://www.redhat.com/support/errata/RHSA-2008-0864.html" + "url": "http://secunia.com/advisories/31639", + "refsource": "MISC", + "name": "http://secunia.com/advisories/31639" }, { - "name": "SUSE-SR:2009:004", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" + "url": "http://secunia.com/advisories/31865", + "refsource": "MISC", + "name": "http://secunia.com/advisories/31865" }, { - "name": "http://tomcat.apache.org/security-6.html", - "refsource": "CONFIRM", - "url": "http://tomcat.apache.org/security-6.html" + "url": "http://secunia.com/advisories/31891", + "refsource": "MISC", + "name": "http://secunia.com/advisories/31891" }, { - "name": "57126", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/57126" + "url": "http://secunia.com/advisories/33797", + "refsource": "MISC", + "name": "http://secunia.com/advisories/33797" }, { - "name": "32222", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/32222" + "url": "http://secunia.com/advisories/33999", + "refsource": "MISC", + "name": "http://secunia.com/advisories/33999" }, { - "name": "31891", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/31891" + "url": "http://secunia.com/advisories/34013", + "refsource": "MISC", + "name": "http://secunia.com/advisories/34013" }, { - "name": "33797", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/33797" + "url": "http://www.redhat.com/support/errata/RHSA-2008-0648.html", + "refsource": "MISC", + "name": "http://www.redhat.com/support/errata/RHSA-2008-0648.html" }, { - "name": "1020624", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id?1020624" + "url": "http://www.redhat.com/support/errata/RHSA-2008-0864.html", + "refsource": "MISC", + "name": "http://www.redhat.com/support/errata/RHSA-2008-0864.html" }, { - "name": "SUSE-SR:2008:014", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html" + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html", + "refsource": "MISC", + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html" }, { - "name": "FEDORA-2008-7977", - "refsource": "FEDORA", - "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html" + "url": "http://www.vupen.com/english/advisories/2009/0320", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2009/0320" }, { - "name": "FEDORA-2008-8113", - "refsource": "FEDORA", - "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html" + "url": "http://www.vupen.com/english/advisories/2009/0503", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2009/0503" }, { - "name": "http://tomcat.apache.org/security-5.html", - "refsource": "CONFIRM", - "url": "http://tomcat.apache.org/security-5.html" + "url": "https://access.redhat.com/errata/RHSA-2008:0648", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2008:0648" }, { - "name": "ADV-2008-2780", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2008/2780" + "url": "https://access.redhat.com/errata/RHSA-2008:0864", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2008:0864" }, { - "name": "HPSBUX02401", - "refsource": "HP", - "url": "http://marc.info/?l=bugtraq&m=123376588623823&w=2" + "url": "https://access.redhat.com/errata/RHSA-2008:1007", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2008:1007" }, { - "name": "HPSBST02955", - "refsource": "HP", - "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html", + "refsource": "MISC", + "name": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html" }, { - "name": "APPLE-SA-2008-10-09", - "refsource": "APPLE", - "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html", + "refsource": "MISC", + "name": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html" }, { - "name": "http://support.apple.com/kb/HT3216", - "refsource": "CONFIRM", - "url": "http://support.apple.com/kb/HT3216" + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html", + "refsource": "MISC", + "name": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html" }, { - "name": "ADV-2009-0503", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2009/0503" + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html" }, { - "name": "ADV-2009-3316", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2009/3316" + "url": "http://marc.info/?l=tomcat-user&m=121244319501278&w=2", + "refsource": "MISC", + "name": "http://marc.info/?l=tomcat-user&m=121244319501278&w=2" }, { - "name": "SSRT090005", - "refsource": "HP", - "url": "http://marc.info/?l=bugtraq&m=123376588623823&w=2" + "url": "http://secunia.com/advisories/30500", + "refsource": "MISC", + "name": "http://secunia.com/advisories/30500" }, { - "name": "DSA-1593", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2008/dsa-1593" + "url": "http://secunia.com/advisories/30592", + "refsource": "MISC", + "name": "http://secunia.com/advisories/30592" }, { - "name": "32266", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/32266" + "url": "http://secunia.com/advisories/30967", + "refsource": "MISC", + "name": "http://secunia.com/advisories/30967" }, { - "name": "RHSA-2008:0648", - "refsource": "REDHAT", - "url": "http://www.redhat.com/support/errata/RHSA-2008-0648.html" + "url": "http://www.debian.org/security/2008/dsa-1593", + "refsource": "MISC", + "name": "http://www.debian.org/security/2008/dsa-1593" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + "url": "http://www.securityfocus.com/archive/1/492958/100/0/threaded", + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/492958/100/0/threaded" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" + "url": "http://www.securityfocus.com/bid/29502", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/29502" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", - "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + "url": "http://www.securitytracker.com/id?1020624", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id?1020624" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", - "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" + "url": "http://www.vupen.com/english/advisories/2008/1725", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2008/1725" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2008-1947", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2008-1947" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=446393" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42816", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42816" + }, + { + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534", + "refsource": "MISC", + "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534" + }, + { + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009", + "refsource": "MISC", + "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009" } ] } diff --git a/2008/1xxx/CVE-2008-1951.json b/2008/1xxx/CVE-2008-1951.json index 1b81f7173c3..b5310b6ce52 100644 --- a/2008/1xxx/CVE-2008-1951.json +++ b/2008/1xxx/CVE-2008-1951.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2008-1951", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "Untrusted search path vulnerability in a certain Red Hat build script for Standards Based Linux Instrumentation for Manageability (sblim) libraries before 1-13a.el4_6.1 in Red Hat Enterprise Linux (RHEL) 4, and before 1-31.el5_2.1 in RHEL 5, allows local users to gain privileges via a malicious library in a certain subdirectory of /var/tmp, related to an incorrect RPATH setting, as demonstrated by a malicious libc.so library for tog-pegasus." + "value": "CVE-2008-1951 sblim: libraries built with insecure RPATH" } ] }, @@ -44,48 +21,119 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Untrusted Search Path", + "cweId": "CWE-426" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 4", + "version": { + "version_data": [ + { + "version_value": "0:1-13a.el4_6.1", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 5", + "version": { + "version_data": [ + { + "version_value": "0:1-31.el5_2.1", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "30803", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/30803" + "url": "http://secunia.com/advisories/30803", + "refsource": "MISC", + "name": "http://secunia.com/advisories/30803" }, { - "name": "oval:org.mitre.oval:def:9635", - "refsource": "OVAL", - "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9635" + "url": "http://www.securityfocus.com/bid/29913", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/29913" }, { - "name": "redhat-sblim-privilege-escalation(43315)", - "refsource": "XF", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43315" + "url": "http://www.securitytracker.com/id?1020354", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id?1020354" }, { - "name": "RHSA-2008:0497", - "refsource": "REDHAT", - "url": "https://rhn.redhat.com/errata/RHSA-2008-0497.html" + "url": "https://access.redhat.com/errata/RHSA-2008:0497", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2008:0497" }, { - "name": "1020354", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id?1020354" + "url": "https://access.redhat.com/security/cve/CVE-2008-1951", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2008-1951" }, { - "name": "29913", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/29913" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=447705", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=447705" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=447705", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=447705" + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43315", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43315" + }, + { + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9635", + "refsource": "MISC", + "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9635" + }, + { + "url": "https://rhn.redhat.com/errata/RHSA-2008-0497.html", + "refsource": "MISC", + "name": "https://rhn.redhat.com/errata/RHSA-2008-0497.html" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "LOW", + "accessVector": "LOCAL", + "authentication": "NONE", + "availabilityImpact": "COMPLETE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 7.2, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "COMPLETE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "COMPLETE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "version": "2.0" } ] } diff --git a/2008/2xxx/CVE-2008-2109.json b/2008/2xxx/CVE-2008-2109.json index 31b3947992c..b78fe00e5e3 100644 --- a/2008/2xxx/CVE-2008-2109.json +++ b/2008/2xxx/CVE-2008-2109.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2008-2109", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\\0', which triggers an infinite loop." + "value": "CVE-2008-2109 libid3tag: infinite loop in ID3_FIELD_TYPE_STRINGLIST parsing" } ] }, @@ -44,58 +21,93 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Loop with Unreachable Exit Condition ('Infinite Loop')", + "cweId": "CWE-835" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "MDVSA-2008:103", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:103" + "url": "http://bugs.gentoo.org/show_bug.cgi?id=210564", + "refsource": "MISC", + "name": "http://bugs.gentoo.org/show_bug.cgi?id=210564" }, { - "name": "GLSA-200805-15", - "refsource": "GENTOO", - "url": "http://security.gentoo.org/glsa/glsa-200805-15.xml" + "url": "http://secunia.com/advisories/30173", + "refsource": "MISC", + "name": "http://secunia.com/advisories/30173" }, { - "name": "FEDORA-2008-3757", - "refsource": "FEDORA", - "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00159.html" + "url": "http://secunia.com/advisories/30182", + "refsource": "MISC", + "name": "http://secunia.com/advisories/30182" }, { - "name": "30173", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/30173" + "url": "http://security.gentoo.org/glsa/glsa-200805-15.xml", + "refsource": "MISC", + "name": "http://security.gentoo.org/glsa/glsa-200805-15.xml" }, { - "name": "30182", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/30182" + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:103", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:103" }, { - "name": "http://bugs.gentoo.org/show_bug.cgi?id=210564", - "refsource": "CONFIRM", - "url": "http://bugs.gentoo.org/show_bug.cgi?id=210564" + "url": "http://www.mars.org/mailman/public/mad-dev/2008-January/001366.html", + "refsource": "MISC", + "name": "http://www.mars.org/mailman/public/mad-dev/2008-January/001366.html" }, { - "name": "29210", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/29210" + "url": "http://www.securityfocus.com/bid/29210", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/29210" }, { - "name": "[mad-dev] 20080112 Initite loop bug in libid3tag-0.15.0b", - "refsource": "MLIST", - "url": "http://www.mars.org/mailman/public/mad-dev/2008-January/001366.html" + "url": "https://access.redhat.com/security/cve/CVE-2008-2109", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2008-2109" }, { - "name": "libid3tag-field-dos(42271)", - "refsource": "XF", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42271" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=445812", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=445812" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42271", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42271" + }, + { + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00159.html", + "refsource": "MISC", + "name": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00159.html" } ] } diff --git a/2008/2xxx/CVE-2008-2376.json b/2008/2xxx/CVE-2008-2376.json index 9736decc515..926083639fb 100644 --- a/2008/2xxx/CVE-2008-2376.json +++ b/2008/2xxx/CVE-2008-2376.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2008-2376", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows." + "value": "CVE-2008-2376 ruby: integer overflows in rb_ary_fill() / Array#fill" } ] }, @@ -44,153 +21,231 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Integer Overflow or Wraparound", + "cweId": "CWE-190" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 2.1", + "version": { + "version_data": [ + { + "version_value": "0:1.6.4-6.el2", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 3", + "version": { + "version_data": [ + { + "version_value": "0:1.6.8-12.el3", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 4", + "version": { + "version_data": [ + { + "version_value": "0:1.8.1-7.el4_6.1", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 5", + "version": { + "version_data": [ + { + "version_value": "0:1.8.5-5.el5_2.3", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "31090", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/31090" + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html", + "refsource": "MISC", + "name": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" }, { - "name": "USN-651-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/651-1/" + "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html", + "refsource": "MISC", + "name": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" }, { - "name": "MDVSA-2008:141", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141" + "url": "http://www.vupen.com/english/advisories/2008/2584", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2008/2584" }, { - "name": "APPLE-SA-2008-09-15", - "refsource": "APPLE", - "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141" }, { - "name": "31006", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/31006" + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142" }, { - "name": "FEDORA-2008-6033", - "refsource": "FEDORA", - "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00112.html" + "url": "http://secunia.com/advisories/30927", + "refsource": "MISC", + "name": "http://secunia.com/advisories/30927" }, { - "name": "DSA-1618", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2008/dsa-1618" + "url": "http://secunia.com/advisories/31006", + "refsource": "MISC", + "name": "http://secunia.com/advisories/31006" }, { - "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0218", - "refsource": "CONFIRM", - "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0218" + "url": "http://secunia.com/advisories/31062", + "refsource": "MISC", + "name": "http://secunia.com/advisories/31062" }, { - "name": "TA08-260A", - "refsource": "CERT", - "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" + "url": "http://secunia.com/advisories/31090", + "refsource": "MISC", + "name": "http://secunia.com/advisories/31090" }, { - "name": "ADV-2008-2584", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2008/2584" + "url": "http://secunia.com/advisories/31181", + "refsource": "MISC", + "name": "http://secunia.com/advisories/31181" }, { - "name": "31062", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/31062" + "url": "http://secunia.com/advisories/31256", + "refsource": "MISC", + "name": "http://secunia.com/advisories/31256" }, { - "name": "https://issues.rpath.com/browse/RPL-2639", - "refsource": "CONFIRM", - "url": "https://issues.rpath.com/browse/RPL-2639" + "url": "http://secunia.com/advisories/32219", + "refsource": "MISC", + "name": "http://secunia.com/advisories/32219" }, { - "name": "31256", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/31256" + "url": "http://secunia.com/advisories/33178", + "refsource": "MISC", + "name": "http://secunia.com/advisories/33178" }, { - "name": "FEDORA-2008-6094", - "refsource": "FEDORA", - "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00161.html" + "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml", + "refsource": "MISC", + "name": "http://security.gentoo.org/glsa/glsa-200812-17.xml" }, { - "name": "32219", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/32219" + "url": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17756", + "refsource": "MISC", + "name": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17756" }, { - "name": "[oss-security] 20080702 More ruby integer overflows (rb_ary_fill / Array#fill)", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2008/07/02/3" + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0218", + "refsource": "MISC", + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0218" }, { - "name": "MDVSA-2008:140", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140" + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0218", + "refsource": "MISC", + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0218" }, { - "name": "oval:org.mitre.oval:def:9863", - "refsource": "OVAL", - "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9863" + "url": "http://www.debian.org/security/2008/dsa-1612", + "refsource": "MISC", + "name": "http://www.debian.org/security/2008/dsa-1612" }, { - "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0218", - "refsource": "CONFIRM", - "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0218" + "url": "http://www.debian.org/security/2008/dsa-1618", + "refsource": "MISC", + "name": "http://www.debian.org/security/2008/dsa-1618" }, { - "name": "RHSA-2008:0561", - "refsource": "REDHAT", - "url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html" + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140" }, { - "name": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17756", - "refsource": "CONFIRM", - "url": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17756" + "url": "http://www.openwall.com/lists/oss-security/2008/07/02/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2008/07/02/3" }, { - "name": "DSA-1612", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2008/dsa-1612" + "url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html", + "refsource": "MISC", + "name": "http://www.redhat.com/support/errata/RHSA-2008-0561.html" }, { - "name": "GLSA-200812-17", - "refsource": "GENTOO", - "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml" + "url": "http://www.securityfocus.com/archive/1/494104/100/0/threaded", + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/494104/100/0/threaded" }, { - "name": "33178", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/33178" + "url": "https://access.redhat.com/errata/RHSA-2008:0561", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2008:0561" }, { - "name": "30927", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/30927" + "url": "https://access.redhat.com/errata/RHSA-2008:0562", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2008:0562" }, { - "name": "20080708 rPSA-2008-0218-1 ruby", - "refsource": "BUGTRAQ", - "url": "http://www.securityfocus.com/archive/1/494104/100/0/threaded" + "url": "https://access.redhat.com/security/cve/CVE-2008-2376", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2008-2376" }, { - "name": "MDVSA-2008:142", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=453589", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=453589" }, { - "name": "31181", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/31181" + "url": "https://issues.rpath.com/browse/RPL-2639", + "refsource": "MISC", + "name": "https://issues.rpath.com/browse/RPL-2639" + }, + { + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9863", + "refsource": "MISC", + "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9863" + }, + { + "url": "https://usn.ubuntu.com/651-1/", + "refsource": "MISC", + "name": "https://usn.ubuntu.com/651-1/" + }, + { + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00112.html", + "refsource": "MISC", + "name": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00112.html" + }, + { + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00161.html", + "refsource": "MISC", + "name": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00161.html" } ] } diff --git a/2009/2xxx/CVE-2009-2903.json b/2009/2xxx/CVE-2009-2903.json index ab8cc071054..5509f5c2108 100644 --- a/2009/2xxx/CVE-2009-2903.json +++ b/2009/2xxx/CVE-2009-2903.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2009-2903", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp modules are loaded but the ipddp\"N\" device is not found, allows remote attackers to cause a denial of service (memory consumption) via IP-DDP datagrams." + "value": "CVE-2009-2903 kernel: appletalk: denial of service when handling IP tunnelled over DDP datagrams" } ] }, @@ -44,88 +21,143 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Missing Release of Resource after Effective Lifetime", + "cweId": "CWE-772" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20090917 Re: CVE-2009-2903 kernel: appletalk: denial of service when handling IP tunnelled over DDP datagrams", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2009/09/17/11" + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html" }, { - "name": "36379", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/36379" + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html" }, { - "name": "SUSE-SA:2009:061", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html" }, { - "name": "USN-852-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-852-1" + "url": "http://secunia.com/advisories/37909", + "refsource": "MISC", + "name": "http://secunia.com/advisories/37909" }, { - "name": "36707", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/36707" + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=522331", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=522331" + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329" }, { - "name": "MDVSA-2009:329", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329" + "url": "http://secunia.com/advisories/37105", + "refsource": "MISC", + "name": "http://secunia.com/advisories/37105" }, { - "name": "[oss-security] 20090914 CVE-2009-2903 kernel: appletalk: denial of service when handling IP tunnelled over DDP datagrams", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2009/09/14/1" + "url": "http://www.ubuntu.com/usn/USN-852-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-852-1" }, { - "name": "SUSE-SA:2010:012", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html" + "url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-next-2.6.git%3Ba=commit%3Bh=ffcfb8db540ff879c2a85bf7e404954281443414", + "refsource": "MISC", + "name": "http://git.kernel.org/?p=linux/kernel/git/davem/net-next-2.6.git%3Ba=commit%3Bh=ffcfb8db540ff879c2a85bf7e404954281443414" }, { - "name": "37909", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/37909" + "url": "http://secunia.com/advisories/36707", + "refsource": "MISC", + "name": "http://secunia.com/advisories/36707" }, { - "name": "SUSE-SA:2009:064", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html" + "url": "http://www.openwall.com/lists/oss-security/2009/09/14/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2009/09/14/1" }, { - "name": "http://git.kernel.org/?p=linux/kernel/git/davem/net-next-2.6.git;a=commit;h=ffcfb8db540ff879c2a85bf7e404954281443414", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-next-2.6.git;a=commit;h=ffcfb8db540ff879c2a85bf7e404954281443414" + "url": "http://www.openwall.com/lists/oss-security/2009/09/14/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2009/09/14/2" }, { - "name": "SUSE-SA:2010:013", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html" + "url": "http://www.openwall.com/lists/oss-security/2009/09/17/11", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2009/09/17/11" }, { - "name": "37105", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/37105" + "url": "http://www.securityfocus.com/bid/36379", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/36379" }, { - "name": "[oss-security] 20090914 Re: CVE-2009-2903 kernel: appletalk: denial of service when handling IP tunnelled over DDP datagrams", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2009/09/14/2" + "url": "https://access.redhat.com/security/cve/CVE-2009-2903", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2009-2903" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=522331", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=522331" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "LOW", + "accessVector": "ADJACENT_NETWORK", + "authentication": "NONE", + "availabilityImpact": "COMPLETE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 8.3, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "COMPLETE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "COMPLETE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", + "version": "2.0" } ] } diff --git a/2009/2xxx/CVE-2009-2906.json b/2009/2xxx/CVE-2009-2906.json index b5d553e49eb..4730799ec05 100644 --- a/2009/2xxx/CVE-2009-2906.json +++ b/2009/2xxx/CVE-2009-2906.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2009-2906", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet." + "value": "CVE-2009-2906 samba: infinite loop flaw in smbd on unexpected oplock break notification reply" } ] }, @@ -44,148 +21,256 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Loop with Unreachable Exit Condition ('Infinite Loop')", + "cweId": "CWE-835" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 3", + "version": { + "version_data": [ + { + "version_value": "0:3.0.9-1.3E.16", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 4", + "version": { + "version_data": [ + { + "version_value": "0:3.0.33-0.18.el4_8", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 5", + "version": { + "version_data": [ + { + "version_value": "0:3.0.33-3.15.el5_4", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Supplementary for Red Hat Enterprise Linux 5", + "version": { + "version_data": [ + { + "version_value": "0:3.3.8-0.46.el5", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://samba.org/samba/security/CVE-2009-2906.html", - "refsource": "CONFIRM", - "url": "http://samba.org/samba/security/CVE-2009-2906.html" + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", + "refsource": "MISC", + "name": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { - "name": "http://news.samba.org/releases/3.4.2/", - "refsource": "CONFIRM", - "url": "http://news.samba.org/releases/3.4.2/" + "url": "http://support.apple.com/kb/HT4077", + "refsource": "MISC", + "name": "http://support.apple.com/kb/HT4077" }, { - "name": "20091112 rPSA-2009-0145-1 samba samba-client samba-server samba-swat", - "refsource": "BUGTRAQ", - "url": "http://www.securityfocus.com/archive/1/507856/100/0/threaded" + "url": "http://secunia.com/advisories/36918", + "refsource": "MISC", + "name": "http://secunia.com/advisories/36918" }, { - "name": "oval:org.mitre.oval:def:9944", - "refsource": "OVAL", - "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9944" + "url": "http://www.ubuntu.com/usn/USN-839-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-839-1" }, { - "name": "FEDORA-2009-10172", - "refsource": "FEDORA", - "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html" + "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0145", + "refsource": "MISC", + "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0145" }, { - "name": "APPLE-SA-2010-03-29-1", - "refsource": "APPLE", - "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + "url": "http://www.securityfocus.com/archive/1/507856/100/0/threaded", + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/507856/100/0/threaded" }, { - "name": "http://news.samba.org/releases/3.2.15/", - "refsource": "CONFIRM", - "url": "http://news.samba.org/releases/3.2.15/" + "url": "https://access.redhat.com/errata/RHSA-2009:1529", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2009:1529" }, { - "name": "1021111", - "refsource": "SUNALERT", - "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1" + "url": "https://access.redhat.com/errata/RHSA-2009:1585", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2009:1585" }, { - "name": "58519", - "refsource": "OSVDB", - "url": "http://osvdb.org/58519" + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" }, { - "name": "ADV-2009-2810", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2009/2810" + "url": "http://news.samba.org/releases/3.0.37/", + "refsource": "MISC", + "name": "http://news.samba.org/releases/3.0.37/" }, { - "name": "SSA:2009-276-01", - "refsource": "SLACKWARE", - "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439" + "url": "http://news.samba.org/releases/3.2.15/", + "refsource": "MISC", + "name": "http://news.samba.org/releases/3.2.15/" }, { - "name": "37428", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/37428" + "url": "http://news.samba.org/releases/3.3.8/", + "refsource": "MISC", + "name": "http://news.samba.org/releases/3.3.8/" }, { - "name": "36937", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/36937" + "url": "http://news.samba.org/releases/3.4.2/", + "refsource": "MISC", + "name": "http://news.samba.org/releases/3.4.2/" }, { - "name": "USN-839-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-839-1" + "url": "http://osvdb.org/58519", + "refsource": "MISC", + "name": "http://osvdb.org/58519" }, { - "name": "samba-smb-dos(53575)", - "refsource": "XF", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53575" + "url": "http://samba.org/samba/security/CVE-2009-2906.html", + "refsource": "MISC", + "name": "http://samba.org/samba/security/CVE-2009-2906.html" }, { - "name": "http://support.apple.com/kb/HT4077", - "refsource": "CONFIRM", - "url": "http://support.apple.com/kb/HT4077" + "url": "http://secunia.com/advisories/36893", + "refsource": "MISC", + "name": "http://secunia.com/advisories/36893" }, { - "name": "36573", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/36573" + "url": "http://secunia.com/advisories/36937", + "refsource": "MISC", + "name": "http://secunia.com/advisories/36937" }, { - "name": "http://news.samba.org/releases/3.0.37/", - "refsource": "CONFIRM", - "url": "http://news.samba.org/releases/3.0.37/" + "url": "http://secunia.com/advisories/36953", + "refsource": "MISC", + "name": "http://secunia.com/advisories/36953" }, { - "name": "oval:org.mitre.oval:def:7090", - "refsource": "OVAL", - "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7090" + "url": "http://secunia.com/advisories/37428", + "refsource": "MISC", + "name": "http://secunia.com/advisories/37428" }, { - "name": "36918", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/36918" + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439", + "refsource": "MISC", + "name": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439" }, { - "name": "1022976", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id?1022976" + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1", + "refsource": "MISC", + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1" }, { - "name": "36893", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/36893" + "url": "http://www.securityfocus.com/bid/36573", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/36573" }, { - "name": "http://news.samba.org/releases/3.3.8/", - "refsource": "CONFIRM", - "url": "http://news.samba.org/releases/3.3.8/" + "url": "http://www.securitytracker.com/id?1022976", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id?1022976" }, { - "name": "36953", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/36953" + "url": "http://www.vupen.com/english/advisories/2009/2810", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2009/2810" }, { - "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0145", - "refsource": "CONFIRM", - "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0145" + "url": "https://access.redhat.com/errata/RHSA-2009:1528", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2009:1528" }, { - "name": "SUSE-SR:2009:017", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" + "url": "https://access.redhat.com/security/cve/CVE-2009-2906", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2009-2906" }, { - "name": "FEDORA-2009-10180", - "refsource": "FEDORA", - "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526645", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=526645" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53575", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53575" + }, + { + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7090", + "refsource": "MISC", + "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7090" + }, + { + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9944", + "refsource": "MISC", + "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9944" + }, + { + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html", + "refsource": "MISC", + "name": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html" + }, + { + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html", + "refsource": "MISC", + "name": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "MEDIUM", + "accessVector": "ADJACENT_NETWORK", + "authentication": "SINGLE", + "availabilityImpact": "PARTIAL", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 2.3, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "NONE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P", + "version": "2.0" } ] } diff --git a/2010/2xxx/CVE-2010-2067.json b/2010/2xxx/CVE-2010-2067.json index 373db4218d5..2c2b64e81c5 100644 --- a/2010/2xxx/CVE-2010-2067.json +++ b/2010/2xxx/CVE-2010-2067.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-2067", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file." + "value": "CVE-2010-2067 libtiff: SubjectDistance EXIF tag reading stack based buffer overflow" } ] }, @@ -44,83 +21,138 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Stack-based Buffer Overflow", + "cweId": "CWE-121" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "40241", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/40241" + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" }, { - "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2212", - "refsource": "CONFIRM", - "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2212" + "url": "http://secunia.com/advisories/50726", + "refsource": "MISC", + "name": "http://secunia.com/advisories/50726" }, { - "name": "[oss-security] 20100623 CVE requests: LibTIFF", - "refsource": "MLIST", - "url": "http://marc.info/?l=oss-security&m=127731610612908&w=2" + "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml", + "refsource": "MISC", + "name": "http://security.gentoo.org/glsa/glsa-201209-02.xml" }, { - "name": "ADV-2010-1638", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2010/1638" + "url": "http://marc.info/?l=oss-security&m=127731610612908&w=2", + "refsource": "MISC", + "name": "http://marc.info/?l=oss-security&m=127731610612908&w=2" }, { - "name": "SSA:2010-180-02", - "refsource": "SLACKWARE", - "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424" + "url": "http://secunia.com/advisories/40381", + "refsource": "MISC", + "name": "http://secunia.com/advisories/40381" }, { - "name": "65676", - "refsource": "OSVDB", - "url": "http://osvdb.org/65676" + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424", + "refsource": "MISC", + "name": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424" }, { - "name": "USN-954-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-954-1" + "url": "http://www.ubuntu.com/usn/USN-954-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-954-1" }, { - "name": "http://www.remotesensing.org/libtiff/v3.9.4.html", - "refsource": "CONFIRM", - "url": "http://www.remotesensing.org/libtiff/v3.9.4.html" + "url": "http://www.vupen.com/english/advisories/2010/1638", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2010/1638" }, { - "name": "GLSA-201209-02", - "refsource": "GENTOO", - "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml" + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2212", + "refsource": "MISC", + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2212" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=599576", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=599576" + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=874", + "refsource": "MISC", + "name": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=874" }, { - "name": "20100621 Multiple Vendor LibTIFF 3.9.2 Stack Buffer Overflow Vulnerability", - "refsource": "IDEFENSE", - "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=874" + "url": "http://osvdb.org/65676", + "refsource": "MISC", + "name": "http://osvdb.org/65676" }, { - "name": "SUSE-SR:2010:014", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" + "url": "http://secunia.com/advisories/40241", + "refsource": "MISC", + "name": "http://secunia.com/advisories/40241" }, { - "name": "40381", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/40381" + "url": "http://www.remotesensing.org/libtiff/v3.9.4.html", + "refsource": "MISC", + "name": "http://www.remotesensing.org/libtiff/v3.9.4.html" }, { - "name": "50726", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/50726" + "url": "https://access.redhat.com/security/cve/CVE-2010-2067", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2010-2067" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=599576", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=599576" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "LOW", + "accessVector": "NETWORK", + "authentication": "NONE", + "availabilityImpact": "PARTIAL", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 7.5, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "PARTIAL", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "PARTIAL", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "version": "2.0" } ] } diff --git a/2010/2xxx/CVE-2010-2221.json b/2010/2xxx/CVE-2010-2221.json index e8d10d0f237..a4b6a4e0fe9 100644 --- a/2010/2xxx/CVE-2010-2221.json +++ b/2010/2xxx/CVE-2010-2221.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-2221", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU." + "value": "CVE-2010-2221 scsi-target-utils: stack buffer overflow vulnerability" } ] }, @@ -44,113 +21,173 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Stack-based Buffer Overflow", + "cweId": "CWE-121" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 5", + "version": { + "version_data": [ + { + "version_value": "0:0.0-6.20091205snap.el5_5.3", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://scst.svn.sourceforge.net/viewvc/scst?view=revision&revision=1793", - "refsource": "CONFIRM", - "url": "http://scst.svn.sourceforge.net/viewvc/scst?view=revision&revision=1793" + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" }, { - "name": "20100702 TELUS Security Labs VR - iSCSI target Multiple Implementations iSNS Stack Buffer Overflow", - "refsource": "BUGTRAQ", - "url": "http://archives.neohapsis.com/archives/bugtraq/2010-07/0022.html" + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:131", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:131" }, { - "name": "ADV-2010-1760", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2010/1760" + "url": "http://www.vupen.com/english/advisories/2010/1786", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2010/1786" }, { - "name": "20100702 TELUS Security Labs VR - iSCSI target Multiple Implementations iSNS Stack Buffer Overflow", - "refsource": "FULLDISC", - "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0058.html" + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-07/0022.html", + "refsource": "MISC", + "name": "http://archives.neohapsis.com/archives/bugtraq/2010-07/0022.html" }, { - "name": "65992", - "refsource": "OSVDB", - "url": "http://www.osvdb.org/65992" + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0058.html", + "refsource": "MISC", + "name": "http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0058.html" }, { - "name": "MDVSA-2010:131", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:131" + "url": "http://lists.wpkg.org/pipermail/stgt/2010-July/003858.html", + "refsource": "MISC", + "name": "http://lists.wpkg.org/pipermail/stgt/2010-July/003858.html" }, { - "name": "65990", - "refsource": "OSVDB", - "url": "http://www.osvdb.org/65990" + "url": "http://scst.svn.sourceforge.net/viewvc/scst/trunk/iscsi-scst/usr/isns.c?r1=1793&r2=1792&pathrev=1793", + "refsource": "MISC", + "name": "http://scst.svn.sourceforge.net/viewvc/scst/trunk/iscsi-scst/usr/isns.c?r1=1793&r2=1792&pathrev=1793" }, { - "name": "41327", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/41327" + "url": "http://scst.svn.sourceforge.net/viewvc/scst?view=revision&revision=1793", + "refsource": "MISC", + "name": "http://scst.svn.sourceforge.net/viewvc/scst?view=revision&revision=1793" }, { - "name": "RHSA-2010:0518", - "refsource": "REDHAT", - "url": "http://www.redhat.com/support/errata/RHSA-2010-0518.html" + "url": "http://secunia.com/advisories/40485", + "refsource": "MISC", + "name": "http://secunia.com/advisories/40485" }, { - "name": "65991", - "refsource": "OSVDB", - "url": "http://www.osvdb.org/65991" + "url": "http://secunia.com/advisories/40494", + "refsource": "MISC", + "name": "http://secunia.com/advisories/40494" }, { - "name": "[iscsitarget-devel] 20100701 [patch] fix iSNS bounds checking", - "refsource": "MLIST", - "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=E2BB8074E5500C42984D980D4BD78EF904075006%40MFG-NYC-EXCH2.mfg.prv&forum_name=iscsitarget-devel" + "url": "http://secunia.com/advisories/40495", + "refsource": "MISC", + "name": "http://secunia.com/advisories/40495" }, { - "name": "40485", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/40485" + "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=E2BB8074E5500C42984D980D4BD78EF904075006%40MFG-NYC-EXCH2.mfg.prv&forum_name=iscsitarget-devel", + "refsource": "MISC", + "name": "http://sourceforge.net/mailarchive/forum.php?thread_name=E2BB8074E5500C42984D980D4BD78EF904075006%40MFG-NYC-EXCH2.mfg.prv&forum_name=iscsitarget-devel" }, { - "name": "[stgt] 20100701 1.0.6 released", - "refsource": "MLIST", - "url": "http://lists.wpkg.org/pipermail/stgt/2010-July/003858.html" + "url": "http://www.osvdb.org/65990", + "refsource": "MISC", + "name": "http://www.osvdb.org/65990" }, { - "name": "SUSE-SR:2010:017", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" + "url": "http://www.osvdb.org/65991", + "refsource": "MISC", + "name": "http://www.osvdb.org/65991" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=593877", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=593877" + "url": "http://www.osvdb.org/65992", + "refsource": "MISC", + "name": "http://www.osvdb.org/65992" }, { - "name": "40494", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/40494" + "url": "http://www.redhat.com/support/errata/RHSA-2010-0518.html", + "refsource": "MISC", + "name": "http://www.redhat.com/support/errata/RHSA-2010-0518.html" }, { - "name": "http://scst.svn.sourceforge.net/viewvc/scst/trunk/iscsi-scst/usr/isns.c?r1=1793&r2=1792&pathrev=1793", - "refsource": "CONFIRM", - "url": "http://scst.svn.sourceforge.net/viewvc/scst/trunk/iscsi-scst/usr/isns.c?r1=1793&r2=1792&pathrev=1793" + "url": "http://www.securityfocus.com/bid/41327", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/41327" }, { - "name": "ADV-2010-1786", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2010/1786" + "url": "http://www.securitytracker.com/id?1024175", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id?1024175" }, { - "name": "1024175", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id?1024175" + "url": "http://www.vupen.com/english/advisories/2010/1760", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2010/1760" }, { - "name": "40495", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/40495" + "url": "https://access.redhat.com/errata/RHSA-2010:0518", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2010:0518" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2010-2221", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2010-2221" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=593877", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=593877" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "MEDIUM", + "accessVector": "NETWORK", + "authentication": "NONE", + "availabilityImpact": "PARTIAL", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 6.8, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "PARTIAL", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "PARTIAL", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "version": "2.0" } ] } diff --git a/2010/2xxx/CVE-2010-2233.json b/2010/2xxx/CVE-2010-2233.json index 1f80ab588bb..29014d378f9 100644 --- a/2010/2xxx/CVE-2010-2233.json +++ b/2010/2xxx/CVE-2010-2233.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-2233", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to \"downsampled OJPEG input.\"" + "value": "CVE-2010-2233 libtiff: incorrect type extension for negative toskew values on 64bit platforms" } ] }, @@ -44,58 +21,113 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer", + "cweId": "CWE-119" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20100623 CVE requests: LibTIFF", - "refsource": "MLIST", - "url": "http://marc.info/?l=oss-security&m=127731610612908&w=2" - }, - { - "name": "1024150", - "refsource": "SECTRACK", - "url": "http://securitytracker.com/id?1024150" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=607198", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=607198" - }, - { - "name": "GLSA-201209-02", - "refsource": "GENTOO", - "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml" - }, - { - "name": "40422", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/40422" - }, - { - "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2207", - "refsource": "CONFIRM", - "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2207" - }, - { - "name": "http://www.remotesensing.org/libtiff/v3.9.4.html", + "url": "http://secunia.com/advisories/50726", "refsource": "MISC", - "url": "http://www.remotesensing.org/libtiff/v3.9.4.html" + "name": "http://secunia.com/advisories/50726" }, { - "name": "50726", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/50726" + "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml", + "refsource": "MISC", + "name": "http://security.gentoo.org/glsa/glsa-201209-02.xml" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=583081", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=583081" + "url": "http://marc.info/?l=oss-security&m=127731610612908&w=2", + "refsource": "MISC", + "name": "http://marc.info/?l=oss-security&m=127731610612908&w=2" + }, + { + "url": "http://www.remotesensing.org/libtiff/v3.9.4.html", + "refsource": "MISC", + "name": "http://www.remotesensing.org/libtiff/v3.9.4.html" + }, + { + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2207", + "refsource": "MISC", + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2207" + }, + { + "url": "http://secunia.com/advisories/40422", + "refsource": "MISC", + "name": "http://secunia.com/advisories/40422" + }, + { + "url": "http://securitytracker.com/id?1024150", + "refsource": "MISC", + "name": "http://securitytracker.com/id?1024150" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2010-2233", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2010-2233" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=583081", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=583081" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=607198", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=607198" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "LOW", + "accessVector": "NETWORK", + "authentication": "NONE", + "availabilityImpact": "PARTIAL", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 7.5, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "PARTIAL", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "PARTIAL", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "version": "2.0" } ] } diff --git a/2010/2xxx/CVE-2010-2235.json b/2010/2xxx/CVE-2010-2235.json index 83cd2cee920..340aa61a251 100644 --- a/2010/2xxx/CVE-2010-2235.json +++ b/2010/2xxx/CVE-2010-2235.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-2235", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954." + "value": "CVE-2010-2235 RHN Satellite (cobbler): Code injection flaw (ACE as root) by processing of a specially-crafted kickstart template file" } ] }, @@ -44,28 +21,88 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + "cweId": "CWE-96" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Network Satellite Server v 5.3", + "version": { + "version_data": [ + { + "version_value": "0:1.6.6-15.el5sat", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=607662", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=607662" + "url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz", + "refsource": "MISC", + "name": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz" }, { - "name": "RHSA-2010:0775", - "refsource": "REDHAT", - "url": "http://www.redhat.com/support/errata/RHSA-2010-0775.html" + "url": "http://www.redhat.com/support/errata/RHSA-2010-0775.html", + "refsource": "MISC", + "name": "http://www.redhat.com/support/errata/RHSA-2010-0775.html" }, { - "name": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz", - "refsource": "CONFIRM", - "url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz" + "url": "https://access.redhat.com/errata/RHSA-2010:0775", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2010:0775" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2010-2235", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2010-2235" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=607662", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=607662" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "HIGH", + "accessVector": "NETWORK", + "authentication": "SINGLE", + "availabilityImpact": "COMPLETE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 7.1, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "COMPLETE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "COMPLETE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C", + "version": "2.0" } ] } diff --git a/2010/2xxx/CVE-2010-2240.json b/2010/2xxx/CVE-2010-2240.json index 56ae48a7eea..418d6984244 100644 --- a/2010/2xxx/CVE-2010-2240.json +++ b/2010/2xxx/CVE-2010-2240.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-2240", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server." + "value": "CVE-2010-2240 kernel: mm: keep a guard page below a grow-down stack segment" } ] }, @@ -44,118 +21,274 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer", + "cweId": "CWE-119" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "MRG for RHEL-5", + "version": { + "version_data": [ + { + "version_value": "0:2.6.24.7-161.el5rt", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 3 Extended Lifecycle Support", + "version": { + "version_data": [ + { + "version_value": "0:2.4.21-66.EL", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 4", + "version": { + "version_data": [ + { + "version_value": "0:2.6.9-89.0.29.EL", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 4.7 Z Stream", + "version": { + "version_data": [ + { + "version_value": "0:2.6.9-78.0.32.EL", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 5", + "version": { + "version_data": [ + { + "version_value": "0:2.6.18-194.11.3.el5", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 5.3.Z - Server Only", + "version": { + "version_data": [ + { + "version_value": "0:2.6.18-128.23.1.el5", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 5.4.Z - Server Only", + "version": { + "version_data": [ + { + "version_value": "0:2.6.18-164.25.1.el5", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.52", - "refsource": "CONFIRM", - "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.52" - }, - { - "name": "MDVSA-2010:198", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" - }, - { - "name": "RHSA-2010:0670", - "refsource": "REDHAT", - "url": "http://www.redhat.com/support/errata/RHSA-2010-0670.html" - }, - { - "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.4", - "refsource": "CONFIRM", - "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.4" - }, - { - "name": "oval:org.mitre.oval:def:13247", - "refsource": "OVAL", - "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13247" - }, - { - "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=320b2b8de12698082609ebbc1a17165727f4c893", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=320b2b8de12698082609ebbc1a17165727f4c893" - }, - { - "name": "RHSA-2010:0660", - "refsource": "REDHAT", - "url": "http://www.redhat.com/support/errata/RHSA-2010-0660.html" - }, - { - "name": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html", - "refsource": "CONFIRM", - "url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=606611", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=606611" - }, - { - "name": "RHSA-2010:0661", - "refsource": "REDHAT", - "url": "https://rhn.redhat.com/errata/RHSA-2010-0661.html" - }, - { - "name": "RHSA-2010:0882", - "refsource": "REDHAT", - "url": "http://www.redhat.com/support/errata/RHSA-2010-0882.html" - }, - { - "name": "MDVSA-2011:051", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051" - }, - { - "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.2", - "refsource": "CONFIRM", - "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.2" - }, - { - "name": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html", - "refsource": "CONFIRM", - "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html" - }, - { - "name": "DSA-2094", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2010/dsa-2094" - }, - { - "name": "http://www.invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051", "refsource": "MISC", - "url": "http://www.invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf" + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051" }, { - "name": "[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console", - "refsource": "MLIST", - "url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html" + "url": "http://www.redhat.com/support/errata/RHSA-2010-0882.html", + "refsource": "MISC", + "name": "http://www.redhat.com/support/errata/RHSA-2010-0882.html" }, { - "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.19", - "refsource": "CONFIRM", - "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.19" + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html", + "refsource": "MISC", + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html" }, { - "name": "20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console", - "refsource": "BUGTRAQ", - "url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded" + "url": "https://access.redhat.com/errata/RHSA-2010:0882", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2010:0882" }, { - "name": "MDVSA-2010:172", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:172" + "url": "https://access.redhat.com/errata/RHSA-2010:0631", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2010:0631" }, { - "name": "1024344", - "refsource": "SECTRACK", - "url": "http://securitytracker.com/id?1024344" + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" + }, + { + "url": "http://www.debian.org/security/2010/dsa-2094", + "refsource": "MISC", + "name": "http://www.debian.org/security/2010/dsa-2094" + }, + { + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.2", + "refsource": "MISC", + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.2" + }, + { + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=320b2b8de12698082609ebbc1a17165727f4c893", + "refsource": "MISC", + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=320b2b8de12698082609ebbc1a17165727f4c893" + }, + { + "url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html", + "refsource": "MISC", + "name": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html" + }, + { + "url": "http://securitytracker.com/id?1024344", + "refsource": "MISC", + "name": "http://securitytracker.com/id?1024344" + }, + { + "url": "http://www.invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf", + "refsource": "MISC", + "name": "http://www.invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf" + }, + { + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.52", + "refsource": "MISC", + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.52" + }, + { + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.19", + "refsource": "MISC", + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.19" + }, + { + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.4", + "refsource": "MISC", + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.4" + }, + { + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:172", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:172" + }, + { + "url": "http://www.redhat.com/support/errata/RHSA-2010-0660.html", + "refsource": "MISC", + "name": "http://www.redhat.com/support/errata/RHSA-2010-0660.html" + }, + { + "url": "http://www.redhat.com/support/errata/RHSA-2010-0670.html", + "refsource": "MISC", + "name": "http://www.redhat.com/support/errata/RHSA-2010-0670.html" + }, + { + "url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded", + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/517739/100/0/threaded" + }, + { + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html", + "refsource": "MISC", + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2010:0660", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2010:0660" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2010:0661", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2010:0661" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2010:0670", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2010:0670" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2010:0676", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2010:0676" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2010:0677", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2010:0677" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2010-2240", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2010-2240" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=606611", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=606611" + }, + { + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13247", + "refsource": "MISC", + "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13247" + }, + { + "url": "https://rhn.redhat.com/errata/RHSA-2010-0661.html", + "refsource": "MISC", + "name": "https://rhn.redhat.com/errata/RHSA-2010-0661.html" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "LOW", + "accessVector": "LOCAL", + "authentication": "NONE", + "availabilityImpact": "COMPLETE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 7.2, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "COMPLETE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "COMPLETE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "version": "2.0" } ] } diff --git a/2010/2xxx/CVE-2010-2248.json b/2010/2xxx/CVE-2010-2248.json index cd4b1f6ce5e..ef826ff3fa4 100644 --- a/2010/2xxx/CVE-2010-2248.json +++ b/2010/2xxx/CVE-2010-2248.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-2248", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel before 2.6.34-rc4 allows remote attackers to cause a denial of service (panic) via an SMB response packet with an invalid CountHigh value, as demonstrated by a response from an OS/2 server, related to the CIFSSMBWrite and CIFSSMBWrite2 functions." + "value": "CVE-2010-2248 kernel: cifs: Fix a kernel BUG with remote OS/2 server" } ] }, @@ -44,98 +21,190 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Reachable Assertion", + "cweId": "CWE-617" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "MRG for RHEL-5", + "version": { + "version_data": [ + { + "version_value": "0:2.6.24.7-161.el5rt", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 4", + "version": { + "version_data": [ + { + "version_value": "0:2.6.9-89.0.28.EL", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 5", + "version": { + "version_data": [ + { + "version_value": "0:2.6.18-194.11.1.el5", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2010:0610", - "refsource": "REDHAT", - "url": "http://www.redhat.com/support/errata/RHSA-2010-0610.html" + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051" }, { - "name": "USN-1000-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1000-1" + "url": "https://access.redhat.com/errata/RHSA-2010:0631", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2010:0631" }, { - "name": "[oss-security] 20100628 CVE request - kernel: cifs: Fix a kernel BUG with remote OS/2 server", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2010/06/28/1" + "url": "http://secunia.com/advisories/43315", + "refsource": "MISC", + "name": "http://secunia.com/advisories/43315" }, { - "name": "RHSA-2010:0606", - "refsource": "REDHAT", - "url": "https://rhn.redhat.com/errata/RHSA-2010-0606.html" + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded", + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" }, { - "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.34/ChangeLog-2.6.34-rc4", - "refsource": "CONFIRM", - "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.34/ChangeLog-2.6.34-rc4" + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "MISC", + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" }, { - "name": "MDVSA-2010:198", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" }, { - "name": "42242", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/42242" + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html" }, { - "name": "SUSE-SA:2010:060", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html" + "url": "http://www.debian.org/security/2010/dsa-2094", + "refsource": "MISC", + "name": "http://www.debian.org/security/2010/dsa-2094" }, { - "name": "[oss-security] 20100628 Re: CVE request - kernel: cifs: Fix a kernel BUG with remote OS/2 server", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2010/06/28/6" + "url": "http://www.redhat.com/support/errata/RHSA-2010-0610.html", + "refsource": "MISC", + "name": "http://www.redhat.com/support/errata/RHSA-2010-0610.html" }, { - "name": "MDVSA-2011:051", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051" + "url": "http://www.ubuntu.com/usn/USN-1000-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1000-1" }, { - "name": "43315", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/43315" + "url": "https://access.redhat.com/errata/RHSA-2010:0610", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2010:0610" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=608583", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608583" + "url": "https://access.redhat.com/errata/RHSA-2010:0606", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2010:0606" }, { - "name": "DSA-2094", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2010/dsa-2094" + "url": "https://rhn.redhat.com/errata/RHSA-2010-0606.html", + "refsource": "MISC", + "name": "https://rhn.redhat.com/errata/RHSA-2010-0606.html" }, { - "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6513a81e9325d712f1bfb9a1d7b750134e49ff18", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6513a81e9325d712f1bfb9a1d7b750134e49ff18" + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6513a81e9325d712f1bfb9a1d7b750134e49ff18", + "refsource": "MISC", + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6513a81e9325d712f1bfb9a1d7b750134e49ff18" }, { - "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource": "CONFIRM", - "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + "url": "http://securitytracker.com/id?1024285", + "refsource": "MISC", + "name": "http://securitytracker.com/id?1024285" }, { - "name": "1024285", - "refsource": "SECTRACK", - "url": "http://securitytracker.com/id?1024285" + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.34/ChangeLog-2.6.34-rc4", + "refsource": "MISC", + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.34/ChangeLog-2.6.34-rc4" }, { - "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource": "BUGTRAQ", - "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + "url": "http://www.openwall.com/lists/oss-security/2010/06/28/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2010/06/28/1" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2010/06/28/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2010/06/28/6" + }, + { + "url": "http://www.securityfocus.com/bid/42242", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/42242" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2010-2248", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2010-2248" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608583", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=608583" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "MEDIUM", + "accessVector": "NETWORK", + "authentication": "NONE", + "availabilityImpact": "COMPLETE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 7.1, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "NONE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "version": "2.0" } ] } diff --git a/2010/2xxx/CVE-2010-2249.json b/2010/2xxx/CVE-2010-2249.json index 8a714486402..139b7036828 100644 --- a/2010/2xxx/CVE-2010-2249.json +++ b/2010/2xxx/CVE-2010-2249.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-2249", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks." + "value": "CVE-2010-2249 libpng: Memory leak when processing Physical Scale (sCAL) images" } ] }, @@ -44,213 +21,303 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Missing Release of Memory after Effective Lifetime", + "cweId": "CWE-401" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 3", + "version": { + "version_data": [ + { + "version_value": "2:1.2.2-30", + "version_affected": "!" + }, + { + "version_value": "0:1.0.13-21", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 4", + "version": { + "version_data": [ + { + "version_value": "2:1.2.7-3.el4_8.3", + "version_affected": "!" + }, + { + "version_value": "0:1.0.16-3.el4_8.4", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 5", + "version": { + "version_data": [ + { + "version_value": "2:1.2.10-7.1.el5_5.3", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20", - "refsource": "CONFIRM", - "url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20" + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html", + "refsource": "MISC", + "name": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" }, { - "name": "MDVSA-2010:133", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133" + "url": "http://support.apple.com/kb/HT4435", + "refsource": "MISC", + "name": "http://support.apple.com/kb/HT4435" }, { - "name": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html", - "refsource": "CONFIRM", - "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" }, { - "name": "41174", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/41174" + "url": "http://www.libpng.org/pub/png/libpng.html", + "refsource": "MISC", + "name": "http://www.libpng.org/pub/png/libpng.html" }, { - "name": "ADV-2010-1877", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2010/1877" + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html", + "refsource": "MISC", + "name": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html" }, { - "name": "ADV-2010-3045", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2010/3045" + "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html", + "refsource": "MISC", + "name": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html" }, { - "name": "1024723", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id?1024723" + "url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20", + "refsource": "MISC", + "name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20" }, { - "name": "http://support.apple.com/kb/HT4435", - "refsource": "CONFIRM", - "url": "http://support.apple.com/kb/HT4435" + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html", + "refsource": "MISC", + "name": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" }, { - "name": "ADV-2010-1837", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2010/1837" + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html", + "refsource": "MISC", + "name": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" }, { - "name": "http://support.apple.com/kb/HT4457", - "refsource": "CONFIRM", - "url": "http://support.apple.com/kb/HT4457" + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html", + "refsource": "MISC", + "name": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" }, { - "name": "ADV-2010-1755", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2010/1755" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html" }, { - "name": "ADV-2010-3046", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2010/3046" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html" }, { - "name": "40472", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/40472" + "url": "http://secunia.com/advisories/40302", + "refsource": "MISC", + "name": "http://secunia.com/advisories/40302" }, { - "name": "http://support.apple.com/kb/HT4566", - "refsource": "CONFIRM", - "url": "http://support.apple.com/kb/HT4566" + "url": "http://secunia.com/advisories/40336", + "refsource": "MISC", + "name": "http://secunia.com/advisories/40336" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=608644", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608644" + "url": "http://secunia.com/advisories/40472", + "refsource": "MISC", + "name": "http://secunia.com/advisories/40472" }, { - "name": "40302", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/40302" + "url": "http://secunia.com/advisories/40547", + "refsource": "MISC", + "name": "http://secunia.com/advisories/40547" }, { - "name": "APPLE-SA-2010-11-10-1", - "refsource": "APPLE", - "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + "url": "http://secunia.com/advisories/41574", + "refsource": "MISC", + "name": "http://secunia.com/advisories/41574" }, { - "name": "40336", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/40336" + "url": "http://secunia.com/advisories/42314", + "refsource": "MISC", + "name": "http://secunia.com/advisories/42314" }, { - "name": "libpng-scal-dos(59816)", - "refsource": "XF", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59816" + "url": "http://secunia.com/advisories/42317", + "refsource": "MISC", + "name": "http://secunia.com/advisories/42317" }, { - "name": "41574", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/41574" + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061", + "refsource": "MISC", + "name": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061" }, { - "name": "USN-960-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-960-1" + "url": "http://support.apple.com/kb/HT4456", + "refsource": "MISC", + "name": "http://support.apple.com/kb/HT4456" }, { - "name": "http://www.libpng.org/pub/png/libpng.html", - "refsource": "CONFIRM", - "url": "http://www.libpng.org/pub/png/libpng.html" + "url": "http://support.apple.com/kb/HT4457", + "refsource": "MISC", + "name": "http://support.apple.com/kb/HT4457" }, { - "name": "APPLE-SA-2011-03-02-1", - "refsource": "APPLE", - "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" + "url": "http://support.apple.com/kb/HT4554", + "refsource": "MISC", + "name": "http://support.apple.com/kb/HT4554" }, { - "name": "42317", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/42317" + "url": "http://support.apple.com/kb/HT4566", + "refsource": "MISC", + "name": "http://support.apple.com/kb/HT4566" }, { - "name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues", - "refsource": "MLIST", - "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html" + "url": "http://www.debian.org/security/2010/dsa-2072", + "refsource": "MISC", + "name": "http://www.debian.org/security/2010/dsa-2072" }, { - "name": "FEDORA-2010-10823", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html" + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133" }, { - "name": "DSA-2072", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2010/dsa-2072" + "url": "http://www.securityfocus.com/bid/41174", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/41174" }, { - "name": "40547", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/40547" + "url": "http://www.securitytracker.com/id?1024723", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id?1024723" }, { - "name": "42314", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/42314" + "url": "http://www.ubuntu.com/usn/USN-960-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-960-1" }, { - "name": "ADV-2010-1637", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2010/1637" + "url": "http://www.vupen.com/english/advisories/2010/1612", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2010/1612" }, { - "name": "http://support.apple.com/kb/HT4554", - "refsource": "CONFIRM", - "url": "http://support.apple.com/kb/HT4554" + "url": "http://www.vupen.com/english/advisories/2010/1637", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2010/1637" }, { - "name": "SUSE-SR:2010:017", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" + "url": "http://www.vupen.com/english/advisories/2010/1755", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2010/1755" }, { - "name": "APPLE-SA-2011-03-09-2", - "refsource": "APPLE", - "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" + "url": "http://www.vupen.com/english/advisories/2010/1837", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2010/1837" }, { - "name": "SSA:2010-180-01", - "refsource": "SLACKWARE", - "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061" + "url": "http://www.vupen.com/english/advisories/2010/1846", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2010/1846" }, { - "name": "FEDORA-2010-10833", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html" + "url": "http://www.vupen.com/english/advisories/2010/1877", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2010/1877" }, { - "name": "http://support.apple.com/kb/HT4456", - "refsource": "CONFIRM", - "url": "http://support.apple.com/kb/HT4456" + "url": "http://www.vupen.com/english/advisories/2010/2491", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2010/2491" }, { - "name": "ADV-2010-2491", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2010/2491" + "url": "http://www.vupen.com/english/advisories/2010/3045", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2010/3045" }, { - "name": "ADV-2010-1846", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2010/1846" + "url": "http://www.vupen.com/english/advisories/2010/3046", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2010/3046" }, { - "name": "APPLE-SA-2010-11-22-1", - "refsource": "APPLE", - "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" + "url": "https://access.redhat.com/errata/RHSA-2010:0534", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2010:0534" }, { - "name": "ADV-2010-1612", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2010/1612" + "url": "https://access.redhat.com/security/cve/CVE-2010-2249", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2010-2249" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608644", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=608644" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59816", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59816" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "MEDIUM", + "accessVector": "NETWORK", + "authentication": "NONE", + "availabilityImpact": "PARTIAL", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 4.3, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "NONE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "version": "2.0" } ] } diff --git a/2010/2xxx/CVE-2010-2478.json b/2010/2xxx/CVE-2010-2478.json index 47d110f8f56..8a3ca4a14cf 100644 --- a/2010/2xxx/CVE-2010-2478.json +++ b/2010/2xxx/CVE-2010-2478.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-2478", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified other impact via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value that triggers a buffer overflow, a different vulnerability than CVE-2010-3084." + "value": "CVE-2010-2478 kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL" } ] }, @@ -44,63 +21,118 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer", + "cweId": "CWE-119" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=608950", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608950" + "url": "http://www.ubuntu.com/usn/USN-1000-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1000-1" }, { - "name": "USN-1000-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1000-1" + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html" }, { - "name": "[oss-security] 20100629 kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2010/06/29/1" + "url": "http://article.gmane.org/gmane.linux.network/164869", + "refsource": "MISC", + "name": "http://article.gmane.org/gmane.linux.network/164869" }, { - "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33.7", - "refsource": "CONFIRM", - "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33.7" + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=db048b69037e7fa6a7d9e95a1271a50dc08ae233", + "refsource": "MISC", + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=db048b69037e7fa6a7d9e95a1271a50dc08ae233" }, { - "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=db048b69037e7fa6a7d9e95a1271a50dc08ae233", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=db048b69037e7fa6a7d9e95a1271a50dc08ae233" + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33.7", + "refsource": "MISC", + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33.7" }, { - "name": "SUSE-SA:2010:040", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html" + "url": "http://www.openwall.com/lists/oss-security/2010/06/29/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2010/06/29/1" }, { - "name": "[netdev] 20100628 [PATCH net-2.6 1/2] ethtool: Fix potential kernel buffer overflow in ETHTOOL_GRXCLSRLALL", - "refsource": "MLIST", - "url": "http://article.gmane.org/gmane.linux.network/164869" + "url": "http://www.openwall.com/lists/oss-security/2010/06/29/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2010/06/29/3" }, { - "name": "[oss-security] 20100629 Re: kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2010/06/29/3" + "url": "http://www.openwall.com/lists/oss-security/2010/06/30/17", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2010/06/30/17" }, { - "name": "41223", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/41223" + "url": "http://www.securityfocus.com/bid/41223", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/41223" }, { - "name": "[oss-security] 20100630 Re: kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2010/06/30/17" + "url": "https://access.redhat.com/security/cve/CVE-2010-2478", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2010-2478" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608950", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=608950" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "LOW", + "accessVector": "LOCAL", + "authentication": "NONE", + "availabilityImpact": "COMPLETE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 7.2, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "COMPLETE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "COMPLETE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "version": "2.0" } ] } diff --git a/2010/2xxx/CVE-2010-2481.json b/2010/2xxx/CVE-2010-2481.json index 9d9bfd8d7ae..b708e52f4fc 100644 --- a/2010/2xxx/CVE-2010-2481.json +++ b/2010/2xxx/CVE-2010-2481.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-2481", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file." + "value": "CVE-2010-2481 libtiff: TIFFExtractData out-of-bounds read crash" } ] }, @@ -44,73 +21,149 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Out-of-bounds Read", + "cweId": "CWE-125" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 4", + "version": { + "version_data": [ + { + "version_value": "0:3.6.1-12.el4_8.5", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 5", + "version": { + "version_data": [ + { + "version_value": "0:3.8.2-7.el5_5.5", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF", - "refsource": "MLIST", - "url": "http://marc.info/?l=oss-security&m=127736307002102&w=2" + "url": "http://secunia.com/advisories/50726", + "refsource": "MISC", + "name": "http://secunia.com/advisories/50726" }, { - "name": "40527", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/40527" + "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml", + "refsource": "MISC", + "name": "http://security.gentoo.org/glsa/glsa-201209-02.xml" }, { - "name": "[oss-security] 20100629 Re: CVE requests: LibTIFF", - "refsource": "MLIST", - "url": "http://marc.info/?l=oss-security&m=127781315415896&w=2" + "url": "http://marc.info/?l=oss-security&m=127731610612908&w=2", + "refsource": "MISC", + "name": "http://marc.info/?l=oss-security&m=127731610612908&w=2" }, { - "name": "[oss-security] 20100623 CVE requests: LibTIFF", - "refsource": "MLIST", - "url": "http://marc.info/?l=oss-security&m=127731610612908&w=2" + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2210", + "refsource": "MISC", + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2210" }, { - "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2210", - "refsource": "CONFIRM", - "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2210" + "url": "http://marc.info/?l=oss-security&m=127736307002102&w=2", + "refsource": "MISC", + "name": "http://marc.info/?l=oss-security&m=127736307002102&w=2" }, { - "name": "ADV-2010-1761", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2010/1761" + "url": "http://marc.info/?l=oss-security&m=127738540902757&w=2", + "refsource": "MISC", + "name": "http://marc.info/?l=oss-security&m=127738540902757&w=2" }, { - "name": "GLSA-201209-02", - "refsource": "GENTOO", - "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml" + "url": "http://marc.info/?l=oss-security&m=127781315415896&w=2", + "refsource": "MISC", + "name": "http://marc.info/?l=oss-security&m=127781315415896&w=2" }, { - "name": "RHSA-2010:0519", - "refsource": "REDHAT", - "url": "http://www.redhat.com/support/errata/RHSA-2010-0519.html" + "url": "http://marc.info/?l=oss-security&m=127797353202873&w=2", + "refsource": "MISC", + "name": "http://marc.info/?l=oss-security&m=127797353202873&w=2" }, { - "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF", - "refsource": "MLIST", - "url": "http://marc.info/?l=oss-security&m=127738540902757&w=2" + "url": "http://secunia.com/advisories/40527", + "refsource": "MISC", + "name": "http://secunia.com/advisories/40527" }, { - "name": "[oss-security] 20100701 Re: CVE requests: LibTIFF", - "refsource": "MLIST", - "url": "http://marc.info/?l=oss-security&m=127797353202873&w=2" + "url": "http://www.openwall.com/lists/oss-security/2010/06/30/22", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2010/06/30/22" }, { - "name": "[oss-security] 20100630 Re: CVE requests: LibTIFF", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2010/06/30/22" + "url": "http://www.redhat.com/support/errata/RHSA-2010-0519.html", + "refsource": "MISC", + "name": "http://www.redhat.com/support/errata/RHSA-2010-0519.html" }, { - "name": "50726", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/50726" + "url": "http://www.vupen.com/english/advisories/2010/1761", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2010/1761" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2010:0519", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2010:0519" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2010-2481", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2010-2481" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=611895", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=611895" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "MEDIUM", + "accessVector": "NETWORK", + "authentication": "NONE", + "availabilityImpact": "PARTIAL", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 4.3, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "NONE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "version": "2.0" } ] } diff --git a/2010/2xxx/CVE-2010-2482.json b/2010/2xxx/CVE-2010-2482.json index 6f63e008e6e..2d7be28409b 100644 --- a/2010/2xxx/CVE-2010-2482.json +++ b/2010/2xxx/CVE-2010-2482.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-2482", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443." + "value": "CVE-2010-2443 CVE-2010-2482 libtiff: OJPEGReadBufferFill NULL deref crash" } ] }, @@ -44,73 +21,128 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "NULL Pointer Dereference", + "cweId": "CWE-476" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF", - "refsource": "MLIST", - "url": "http://marc.info/?l=oss-security&m=127736307002102&w=2" + "url": "http://secunia.com/advisories/50726", + "refsource": "MISC", + "name": "http://secunia.com/advisories/50726" }, { - "name": "https://bugs.launchpad.net/bugs/597246", - "refsource": "CONFIRM", - "url": "https://bugs.launchpad.net/bugs/597246" + "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml", + "refsource": "MISC", + "name": "http://security.gentoo.org/glsa/glsa-201209-02.xml" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=608010", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608010" + "url": "http://www.debian.org/security/2012/dsa-2552", + "refsource": "MISC", + "name": "http://www.debian.org/security/2012/dsa-2552" }, { - "name": "DSA-2552", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2012/dsa-2552" + "url": "http://secunia.com/advisories/40422", + "refsource": "MISC", + "name": "http://secunia.com/advisories/40422" }, { - "name": "GLSA-201209-02", - "refsource": "GENTOO", - "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml" + "url": "http://marc.info/?l=oss-security&m=127736307002102&w=2", + "refsource": "MISC", + "name": "http://marc.info/?l=oss-security&m=127736307002102&w=2" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=603024", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=603024" + "url": "http://marc.info/?l=oss-security&m=127738540902757&w=2", + "refsource": "MISC", + "name": "http://marc.info/?l=oss-security&m=127738540902757&w=2" }, { - "name": "40422", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/40422" + "url": "http://marc.info/?l=oss-security&m=127797353202873&w=2", + "refsource": "MISC", + "name": "http://marc.info/?l=oss-security&m=127797353202873&w=2" }, { - "name": "http://bugzilla.maptools.org/show_bug.cgi?id=1996", - "refsource": "CONFIRM", - "url": "http://bugzilla.maptools.org/show_bug.cgi?id=1996" + "url": "http://www.openwall.com/lists/oss-security/2010/06/30/22", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2010/06/30/22" }, { - "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF", - "refsource": "MLIST", - "url": "http://marc.info/?l=oss-security&m=127738540902757&w=2" + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=1996", + "refsource": "MISC", + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=1996" }, { - "name": "[oss-security] 20100701 Re: CVE requests: LibTIFF", - "refsource": "MLIST", - "url": "http://marc.info/?l=oss-security&m=127797353202873&w=2" + "url": "https://access.redhat.com/security/cve/CVE-2010-2482", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2010-2482" }, { - "name": "[oss-security] 20100630 Re: CVE requests: LibTIFF", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2010/06/30/22" + "url": "https://bugs.launchpad.net/bugs/597246", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/bugs/597246" }, { - "name": "50726", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/50726" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=603024", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=603024" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608010", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=608010" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "MEDIUM", + "accessVector": "NETWORK", + "authentication": "NONE", + "availabilityImpact": "PARTIAL", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 4.3, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "NONE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "version": "2.0" } ] } diff --git a/2010/2xxx/CVE-2010-2483.json b/2010/2xxx/CVE-2010-2483.json index 73c30a9eeba..d35dd3b4089 100644 --- a/2010/2xxx/CVE-2010-2483.json +++ b/2010/2xxx/CVE-2010-2483.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-2483", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values." + "value": "CVE-2010-2483 libtiff: out-of-bounds read crash on images with invalid SamplesPerPixel values" } ] }, @@ -44,88 +21,164 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Out-of-bounds Read", + "cweId": "CWE-125" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 4", + "version": { + "version_data": [ + { + "version_value": "0:3.6.1-12.el4_8.5", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 5", + "version": { + "version_data": [ + { + "version_value": "0:3.8.2-7.el5_5.5", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/591605", - "refsource": "CONFIRM", - "url": "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/591605" + "url": "http://secunia.com/advisories/50726", + "refsource": "MISC", + "name": "http://secunia.com/advisories/50726" }, { - "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF", - "refsource": "MLIST", - "url": "http://marc.info/?l=oss-security&m=127736307002102&w=2" + "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml", + "refsource": "MISC", + "name": "http://security.gentoo.org/glsa/glsa-201209-02.xml" }, { - "name": "40527", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/40527" + "url": "http://marc.info/?l=oss-security&m=127731610612908&w=2", + "refsource": "MISC", + "name": "http://marc.info/?l=oss-security&m=127731610612908&w=2" }, { - "name": "[oss-security] 20100629 Re: CVE requests: LibTIFF", - "refsource": "MLIST", - "url": "http://marc.info/?l=oss-security&m=127781315415896&w=2" + "url": "http://secunia.com/advisories/40422", + "refsource": "MISC", + "name": "http://secunia.com/advisories/40422" }, { - "name": "[oss-security] 20100623 CVE requests: LibTIFF", - "refsource": "MLIST", - "url": "http://marc.info/?l=oss-security&m=127731610612908&w=2" + "url": "http://marc.info/?l=oss-security&m=127736307002102&w=2", + "refsource": "MISC", + "name": "http://marc.info/?l=oss-security&m=127736307002102&w=2" }, { - "name": "ADV-2010-1761", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2010/1761" + "url": "http://marc.info/?l=oss-security&m=127738540902757&w=2", + "refsource": "MISC", + "name": "http://marc.info/?l=oss-security&m=127738540902757&w=2" }, { - "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2216", - "refsource": "CONFIRM", - "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2216" + "url": "http://marc.info/?l=oss-security&m=127781315415896&w=2", + "refsource": "MISC", + "name": "http://marc.info/?l=oss-security&m=127781315415896&w=2" }, { - "name": "GLSA-201209-02", - "refsource": "GENTOO", - "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml" + "url": "http://marc.info/?l=oss-security&m=127797353202873&w=2", + "refsource": "MISC", + "name": "http://marc.info/?l=oss-security&m=127797353202873&w=2" }, { - "name": "RHSA-2010:0519", - "refsource": "REDHAT", - "url": "http://www.redhat.com/support/errata/RHSA-2010-0519.html" + "url": "http://secunia.com/advisories/40527", + "refsource": "MISC", + "name": "http://secunia.com/advisories/40527" }, { - "name": "40422", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/40422" + "url": "http://www.openwall.com/lists/oss-security/2010/06/30/22", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2010/06/30/22" }, { - "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF", - "refsource": "MLIST", - "url": "http://marc.info/?l=oss-security&m=127738540902757&w=2" + "url": "http://www.redhat.com/support/errata/RHSA-2010-0519.html", + "refsource": "MISC", + "name": "http://www.redhat.com/support/errata/RHSA-2010-0519.html" }, { - "name": "[oss-security] 20100701 Re: CVE requests: LibTIFF", - "refsource": "MLIST", - "url": "http://marc.info/?l=oss-security&m=127797353202873&w=2" + "url": "http://www.vupen.com/english/advisories/2010/1761", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2010/1761" }, { - "name": "[oss-security] 20100630 Re: CVE requests: LibTIFF", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2010/06/30/22" + "url": "https://access.redhat.com/errata/RHSA-2010:0519", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2010:0519" }, { - "name": "50726", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/50726" + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2216", + "refsource": "MISC", + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2216" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=603081", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=603081" + "url": "https://access.redhat.com/security/cve/CVE-2010-2483", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2010-2483" + }, + { + "url": "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/591605", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/591605" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=603081", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=603081" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=611900", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=611900" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "MEDIUM", + "accessVector": "NETWORK", + "authentication": "NONE", + "availabilityImpact": "PARTIAL", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 4.3, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "NONE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "version": "2.0" } ] } diff --git a/2011/1xxx/CVE-2011-1091.json b/2011/1xxx/CVE-2011-1091.json index 2705fbd4d1e..8bca66d5ff1 100644 --- a/2011/1xxx/CVE-2011-1091.json +++ b/2011/1xxx/CVE-2011-1091.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-1091", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message." + "value": "CVE-2011-1091 Pidgin: Multiple NULL pointer dereference flaws in Yahoo protocol plug-in" } ] }, @@ -44,113 +21,200 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "NULL Pointer Dereference", + "cweId": "CWE-476" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 4", + "version": { + "version_data": [ + { + "version_value": "0:2.6.6-7.el4", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 5", + "version": { + "version_data": [ + { + "version_value": "0:2.6.6-5.el5_7.1", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "0:2.7.9-3.el6", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "ADV-2011-0661", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2011/0661" + "url": "http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c", + "refsource": "MISC", + "name": "http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c" }, { - "name": "RHSA-2011:0616", - "refsource": "REDHAT", - "url": "http://www.redhat.com/support/errata/RHSA-2011-0616.html" + "url": "http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7", + "refsource": "MISC", + "name": "http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7" }, { - "name": "openSUSE-SU-2012:0066", - "refsource": "SUSE", - "url": "https://hermes.opensuse.org/messages/13195955" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055874.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055874.html" }, { - "name": "http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c", - "refsource": "CONFIRM", - "url": "http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056309.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056309.html" }, { - "name": "http://www.pidgin.im/news/security/?id=51", - "refsource": "CONFIRM", - "url": "http://www.pidgin.im/news/security/?id=51" + "url": "http://secunia.com/advisories/43695", + "refsource": "MISC", + "name": "http://secunia.com/advisories/43695" }, { - "name": "46837", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/46837" + "url": "http://secunia.com/advisories/43721", + "refsource": "MISC", + "name": "http://secunia.com/advisories/43721" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=683031", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=683031" + "url": "http://secunia.com/advisories/46376", + "refsource": "MISC", + "name": "http://secunia.com/advisories/46376" }, { - "name": "ADV-2011-0703", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2011/0703" + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.466884", + "refsource": "MISC", + "name": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.466884" }, { - "name": "FEDORA-2011-3150", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056309.html" + "url": "http://www.pidgin.im/news/security/?id=51", + "refsource": "MISC", + "name": "http://www.pidgin.im/news/security/?id=51" }, { - "name": "43721", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/43721" + "url": "http://www.redhat.com/support/errata/RHSA-2011-0616.html", + "refsource": "MISC", + "name": "http://www.redhat.com/support/errata/RHSA-2011-0616.html" }, { - "name": "SSA:2011-070-02", - "refsource": "SLACKWARE", - "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.466884" + "url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html", + "refsource": "MISC", + "name": "http://www.redhat.com/support/errata/RHSA-2011-1371.html" }, { - "name": "pidgin-yahoo-protocol-dos(66055)", - "refsource": "XF", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66055" + "url": "http://www.securityfocus.com/bid/46837", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/46837" }, { - "name": "46376", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/46376" + "url": "http://www.vupen.com/english/advisories/2011/0643", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2011/0643" }, { - "name": "43695", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/43695" + "url": "http://www.vupen.com/english/advisories/2011/0661", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2011/0661" }, { - "name": "RHSA-2011:1371", - "refsource": "REDHAT", - "url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html" + "url": "http://www.vupen.com/english/advisories/2011/0669", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2011/0669" }, { - "name": "oval:org.mitre.oval:def:18402", - "refsource": "OVAL", - "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18402" + "url": "http://www.vupen.com/english/advisories/2011/0703", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2011/0703" }, { - "name": "ADV-2011-0669", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2011/0669" + "url": "https://access.redhat.com/errata/RHSA-2011:0616", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2011:0616" }, { - "name": "http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7", - "refsource": "CONFIRM", - "url": "http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7" + "url": "https://access.redhat.com/errata/RHSA-2011:1371", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2011:1371" }, { - "name": "FEDORA-2011-3113", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055874.html" + "url": "https://access.redhat.com/security/cve/CVE-2011-1091", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2011-1091" }, { - "name": "ADV-2011-0643", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2011/0643" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=683031", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=683031" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66055", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66055" + }, + { + "url": "https://hermes.opensuse.org/messages/13195955", + "refsource": "MISC", + "name": "https://hermes.opensuse.org/messages/13195955" + }, + { + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18402", + "refsource": "MISC", + "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18402" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "MEDIUM", + "accessVector": "NETWORK", + "authentication": "SINGLE", + "availabilityImpact": "PARTIAL", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 3.5, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "NONE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", + "version": "2.0" } ] } diff --git a/2011/1xxx/CVE-2011-1093.json b/2011/1xxx/CVE-2011-1093.json index 4faae902ca4..c9082253508 100644 --- a/2011/1xxx/CVE-2011-1093.json +++ b/2011/1xxx/CVE-2011-1093.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-1093", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet." + "value": "CVE-2011-1093 kernel: dccp: fix oops on Reset after close" } ] }, @@ -44,53 +21,151 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "NULL Pointer Dereference", + "cweId": "CWE-476" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "MRG for RHEL-5", + "version": { + "version_data": [ + { + "version_value": "0:2.6.33.9-rt31.64.el5rt", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 5", + "version": { + "version_data": [ + { + "version_value": "0:2.6.18-238.12.1.el5", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "0:2.6.32-71.29.1.el6", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=720dc34bbbe9493c7bd48b2243058b4e447a929d", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=720dc34bbbe9493c7bd48b2243058b4e447a929d" + "url": "https://access.redhat.com/errata/RHSA-2011:0498", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2011:0498" }, { - "name": "46793", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/46793" + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38", + "refsource": "MISC", + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38" }, { - "name": "RHSA-2011:0833", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html" + "url": "https://access.redhat.com/errata/RHSA-2011:0500", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2011:0500" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=682954", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=682954" + "url": "http://downloads.avaya.com/css/P8/documents/100145416", + "refsource": "MISC", + "name": "http://downloads.avaya.com/css/P8/documents/100145416" }, { - "name": "[oss-security] 20110308 CVE request: kernel: dccp: fix oops on Reset after close", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/08/4" + "url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2011-0833.html" }, { - "name": "[oss-security] 20110308 Re: CVE request: kernel: dccp: fix oops on Reset after close", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/08/19" + "url": "https://access.redhat.com/errata/RHSA-2011:0833", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2011:0833" }, { - "name": "http://downloads.avaya.com/css/P8/documents/100145416", - "refsource": "CONFIRM", - "url": "http://downloads.avaya.com/css/P8/documents/100145416" + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=720dc34bbbe9493c7bd48b2243058b4e447a929d", + "refsource": "MISC", + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=720dc34bbbe9493c7bd48b2243058b4e447a929d" }, { - "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38", - "refsource": "CONFIRM", - "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38" + "url": "http://openwall.com/lists/oss-security/2011/03/08/19", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/08/19" + }, + { + "url": "http://openwall.com/lists/oss-security/2011/03/08/4", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/08/4" + }, + { + "url": "http://www.securityfocus.com/bid/46793", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/46793" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2011-1093", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2011-1093" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=682954", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=682954" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "For users that do not run applications that use DCCP, you can prevent the dccp\nmodule from being loaded by adding the following entry to the end of the\n/etc/modprobe.d/blacklist file:\n\nblacklist dccp\n\nThis way, the dccp module cannot be loaded accidentally, which may occur if an\napplication that requires DCCP is started. A reboot is not necessary for this\nchange to take effect but do make sure the module is not loaded in the first\nplace. You can verify that by running:\n\nlsmod | grep dccp\n\nYou may also consider removing the CAP_SYS_MODULE capability from the current\nglobal capability set to prevent kernel modules from being loaded or unloaded.\nThe CAP_SYS_MODULE has a capability number of 16 (see linux/capability.h). The\ndefault value has all the bits set. To remove this capability, you have to\nclear the 16th bit of the default 32-bit value, e.g. 0xffffff ^ (1 << 16):\n\necho 0xFFFEFFFF > /proc/sys/kernel/cap-bound" + } + ], + "impact": { + "cvss": [ + { + "accessComplexity": "LOW", + "accessVector": "NETWORK", + "authentication": "NONE", + "availabilityImpact": "COMPLETE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 7.8, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "NONE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "version": "2.0" } ] } diff --git a/2011/1xxx/CVE-2011-1098.json b/2011/1xxx/CVE-2011-1098.json index 9ff223f6519..481748dfeb0 100644 --- a/2011/1xxx/CVE-2011-1098.json +++ b/2011/1xxx/CVE-2011-1098.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-1098", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place." + "value": "CVE-2011-1098 logrotate: TOCTOU race condition by creation of new files (between opening the file and moment, final permissions have been applied) [information disclosure]" } ] }, @@ -44,228 +21,288 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Time-of-check Time-of-use (TOCTOU) Race Condition", + "cweId": "CWE-367" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "0:3.7.8-12.el6_0.1", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/04/19" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html" }, { - "name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/04/16" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html" }, { - "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/04/25" + "url": "http://openwall.com/lists/oss-security/2011/03/04/16", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/04/16" }, { - "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/04/30" + "url": "http://openwall.com/lists/oss-security/2011/03/04/17", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/04/17" }, { - "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/04/26" + "url": "http://openwall.com/lists/oss-security/2011/03/04/18", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/04/18" }, { - "name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/10/3" + "url": "http://openwall.com/lists/oss-security/2011/03/04/19", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/04/19" }, { - "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/04/28" + "url": "http://openwall.com/lists/oss-security/2011/03/04/22", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/04/22" }, { - "name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/08/5" + "url": "http://openwall.com/lists/oss-security/2011/03/04/24", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/04/24" }, { - "name": "43955", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/43955" + "url": "http://openwall.com/lists/oss-security/2011/03/04/25", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/04/25" }, { - "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/07/5" + "url": "http://openwall.com/lists/oss-security/2011/03/04/26", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/04/26" }, { - "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/04/31" + "url": "http://openwall.com/lists/oss-security/2011/03/04/27", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/04/27" }, { - "name": "ADV-2011-0961", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2011/0961" + "url": "http://openwall.com/lists/oss-security/2011/03/04/28", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/04/28" }, { - "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/04/17" + "url": "http://openwall.com/lists/oss-security/2011/03/04/29", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/04/29" }, { - "name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/10/6" + "url": "http://openwall.com/lists/oss-security/2011/03/04/30", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/04/30" }, { - "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/06/3" + "url": "http://openwall.com/lists/oss-security/2011/03/04/31", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/04/31" }, { - "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/04/29" + "url": "http://openwall.com/lists/oss-security/2011/03/04/32", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/04/32" }, { - "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/07/6" + "url": "http://openwall.com/lists/oss-security/2011/03/04/33", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/04/33" }, { - "name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/05/6" + "url": "http://openwall.com/lists/oss-security/2011/03/05/4", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/05/4" }, { - "name": "FEDORA-2011-3739", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html" + "url": "http://openwall.com/lists/oss-security/2011/03/05/6", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/05/6" }, { - "name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/05/4" + "url": "http://openwall.com/lists/oss-security/2011/03/05/8", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/05/8" }, { - "name": "ADV-2011-0791", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2011/0791" + "url": "http://openwall.com/lists/oss-security/2011/03/06/3", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/06/3" }, { - "name": "MDVSA-2011:065", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065" + "url": "http://openwall.com/lists/oss-security/2011/03/06/4", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/06/4" }, { - "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/07/11" + "url": "http://openwall.com/lists/oss-security/2011/03/06/5", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/06/5" }, { - "name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/23/11" + "url": "http://openwall.com/lists/oss-security/2011/03/06/6", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/06/6" }, { - "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/06/5" + "url": "http://openwall.com/lists/oss-security/2011/03/07/11", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/07/11" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=680798", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680798" + "url": "http://openwall.com/lists/oss-security/2011/03/07/5", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/07/5" }, { - "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/04/18" + "url": "http://openwall.com/lists/oss-security/2011/03/07/6", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/07/6" }, { - "name": "FEDORA-2011-3758", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html" + "url": "http://openwall.com/lists/oss-security/2011/03/08/5", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/08/5" }, { - "name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/10/2" + "url": "http://openwall.com/lists/oss-security/2011/03/10/2", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/10/2" }, { - "name": "RHSA-2011:0407", - "refsource": "REDHAT", - "url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html" + "url": "http://openwall.com/lists/oss-security/2011/03/10/3", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/10/3" }, { - "name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/11/3" + "url": "http://openwall.com/lists/oss-security/2011/03/10/6", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/10/6" }, { - "name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/10/7" + "url": "http://openwall.com/lists/oss-security/2011/03/10/7", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/10/7" }, { - "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/05/8" + "url": "http://openwall.com/lists/oss-security/2011/03/11/3", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/11/3" }, { - "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/04/22" + "url": "http://openwall.com/lists/oss-security/2011/03/11/5", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/11/5" }, { - "name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/11/5" + "url": "http://openwall.com/lists/oss-security/2011/03/14/26", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/14/26" }, { - "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/04/27" + "url": "http://openwall.com/lists/oss-security/2011/03/23/11", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2011/03/23/11" }, { - "name": "ADV-2011-0872", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2011/0872" + "url": "http://secunia.com/advisories/43955", + "refsource": "MISC", + "name": "http://secunia.com/advisories/43955" }, { - "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/04/32" + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065" }, { - "name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/14/26" + "url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html", + "refsource": "MISC", + "name": "http://www.redhat.com/support/errata/RHSA-2011-0407.html" }, { - "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/04/24" + "url": "http://www.vupen.com/english/advisories/2011/0791", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2011/0791" }, { - "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/06/4" + "url": "http://www.vupen.com/english/advisories/2011/0872", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2011/0872" }, { - "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/06/6" + "url": "http://www.vupen.com/english/advisories/2011/0961", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2011/0961" }, { - "name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2011/03/04/33" + "url": "https://access.redhat.com/errata/RHSA-2011:0407", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2011:0407" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2011-1098", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2011-1098" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680798", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=680798" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "MEDIUM", + "accessVector": "LOCAL", + "authentication": "NONE", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 1.9, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "PARTIAL", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "version": "2.0" } ] }