diff --git a/2015/8xxx/CVE-2015-8777.json b/2015/8xxx/CVE-2015-8777.json index 82eebb40177..31b202afb5e 100644 --- a/2015/8xxx/CVE-2015-8777.json +++ b/2015/8xxx/CVE-2015-8777.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-8777", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,82 +27,106 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "SUSE-SU-2016:0471", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html" - }, - { - "name": "RHSA-2017:1916", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1916" - }, - { - "name": "http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html", + "url": "http://www.ubuntu.com/usn/USN-2985-1", "refsource": "MISC", - "url": "http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html" + "name": "http://www.ubuntu.com/usn/USN-2985-1" }, { - "name": "SUSE-SU-2016:0470", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html" + "url": "http://www.ubuntu.com/usn/USN-2985-2", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2985-2" }, { - "name": "USN-2985-2", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2985-2" + "url": "https://security.gentoo.org/glsa/201702-11", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201702-11" }, { - "name": "[oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/01/20/1" + "url": "http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html", + "refsource": "MISC", + "name": "http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html" }, { - "name": "GLSA-201702-11", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201702-11" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html" }, { - "name": "SUSE-SU-2016:0472", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html" }, { - "name": "SUSE-SU-2016:0473", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html" }, { - "name": "81469", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/81469" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html" }, { - "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=18928", - "refsource": "CONFIRM", - "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18928" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html" }, { - "name": "FEDORA-2016-0480defc94", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html" + "url": "http://www.debian.org/security/2016/dsa-3480", + "refsource": "MISC", + "name": "http://www.debian.org/security/2016/dsa-3480" }, { - "name": "DSA-3480", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2016/dsa-3480" + "url": "http://www.openwall.com/lists/oss-security/2016/01/20/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/01/20/1" }, { - "name": "USN-2985-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2985-1" + "url": "http://www.securityfocus.com/bid/81469", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/81469" }, { - "name": "1034811", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1034811" + "url": "http://www.securitytracker.com/id/1034811", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1034811" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2017:1916", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:1916" + }, + { + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18928", + "refsource": "MISC", + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=18928" } ] } diff --git a/2015/8xxx/CVE-2015-8817.json b/2015/8xxx/CVE-2015-8817.json index e4e58362f6d..db40dddf265 100644 --- a/2015/8xxx/CVE-2015-8817.json +++ b/2015/8xxx/CVE-2015-8817.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service)." + "value": "QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Out-of-bounds Write", - "cweId": "CWE-787" + "value": "n/a" } ] } @@ -32,60 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "10:2.6.0-27.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", - "version": { - "version_data": [ - { - "version_value": "10:2.6.0-27.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7", - "version": { - "version_data": [ - { - "version_value": "10:2.6.0-27.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenStack Platform 8.0 (Liberty)", - "version": { - "version_data": [ - { - "version_value": "10:2.6.0-27.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)", - "version": { - "version_data": [ - { - "version_value": "10:2.6.0-27.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -144,69 +99,14 @@ "name": "http://www.openwall.com/lists/oss-security/2016/03/01/10" }, { - "url": "https://access.redhat.com/errata/RHSA-2016:2670", + "url": "https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html", "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:2670" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:2671", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:2671" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:2704", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:2704" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:2705", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:2705" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:2706", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:2706" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2015-8817", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2015-8817" + "name": "https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771" - }, - { - "url": "https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html", - "refsource": "MISC", - "name": "https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html" - } - ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "HIGH", - "accessVector": "ADJACENT_NETWORK", - "authentication": "SINGLE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 4, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "PARTIAL", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P", - "version": "2.0" } ] } diff --git a/2015/8xxx/CVE-2015-8818.json b/2015/8xxx/CVE-2015-8818.json index 8046d5ae6ad..e45bfa69e21 100644 --- a/2015/8xxx/CVE-2015-8818.json +++ b/2015/8xxx/CVE-2015-8818.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service)." + "value": "The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Out-of-bounds Write", - "cweId": "CWE-787" + "value": "n/a" } ] } @@ -32,60 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "10:2.6.0-27.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", - "version": { - "version_data": [ - { - "version_value": "10:2.6.0-27.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7", - "version": { - "version_data": [ - { - "version_value": "10:2.6.0-27.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenStack Platform 8.0 (Liberty)", - "version": { - "version_data": [ - { - "version_value": "10:2.6.0-27.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)", - "version": { - "version_data": [ - { - "version_value": "10:2.6.0-27.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -133,70 +88,15 @@ "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2016/03/01/10" }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:2670", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:2670" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:2671", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:2671" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:2704", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:2704" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:2705", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:2705" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:2706", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:2706" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771" - }, { "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=b242e0e0e2969c044a318e56f7988bbd84de1f63", "refsource": "MISC", "name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=b242e0e0e2969c044a318e56f7988bbd84de1f63" }, { - "url": "https://access.redhat.com/security/cve/CVE-2015-8818", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771", "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2015-8818" - } - ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "HIGH", - "accessVector": "ADJACENT_NETWORK", - "authentication": "SINGLE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 4, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "PARTIAL", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P", - "version": "2.0" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771" } ] }