admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-12 23:01:42 +00:00
parent 9d9a192f2e
commit 10982becdc
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
76 changed files with 2259 additions and 5750 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
2015/0xxx/CVE-2015-0236.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the virDomainSnapshotGetXMLDesc() and virDomainSaveImageGetXMLDesc() functions did not sufficiently limit the usage of the VIR_DOMAIN_XML_SECURE flag when fine-grained ACLs were enabled. A remote attacker able to establish a connection to libvirtd could use this flaw to obtain certain sensitive information from the domain XML file."
"value": "libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
"value": "n/a"
}
]
}
@ -32,38 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:1.2.8-16.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Gluster Storage 3.1 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:1.2.8-16.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.2.8-16.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -91,11 +68,6 @@
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:070"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:0323",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0323"
},
{
"url": "http://advisories.mageia.org/MGASA-2015-0046.html",
"refsource": "MISC",
@ -120,41 +92,6 @@
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:035",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:035"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-0236",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-0236"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184431",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1184431"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
]
}

53
2015/0xxx/CVE-2015-0237.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the permissions to allow or deny snapshot creation were ignored during live storage migration of a VM's disk between storage domains. An attacker able to live migrate a disk between storage domains could use this flaw to cause a denial of service."
"value": "Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "RHEV Manager version 3.5",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.5.1-4",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -63,46 +62,6 @@
"url": "http://www.securitytracker.com/id/1032231",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1032231"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:0888",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0888"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-0237",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-0237"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184716",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1184716"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:H/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
]
}

67
2015/0xxx/CVE-2015-0238.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0238",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,17 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://access.redhat.com/security/cve/CVE-2015-0238",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/cve/CVE-2015-0238"
"url": "https://access.redhat.com/security/cve/CVE-2015-0238",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-0238"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1184739",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184739"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184739",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1184739"
}
]
}

53
2015/0xxx/CVE-2015-0257.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was discovered that a directory shared between the ovirt-engine-dwhd service and a plug-in used during the service's startup had incorrect permissions. A local user could use this flaw to access files in this directory, which could potentially contain sensitive information."
"value": "Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "RHEV Manager version 3.5",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.5.1-4",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -63,46 +62,6 @@
"url": "http://www.securitytracker.com/id/1032231",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1032231"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:0888",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0888"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-0257",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-0257"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1189085",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1189085"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
}

53
2015/0xxx/CVE-2015-0267.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was found that the module-setup.sh script provided by kexec-tools created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files."
"value": "The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Insecure Temporary File",
"cweId": "CWE-377"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.0.7-19.ael7b_1.2",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -63,46 +62,6 @@
"url": "http://www.securityfocus.com/bid/74622",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/74622"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:0986",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0986"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-0267",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-0267"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191575",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1191575"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
]
}

79
2015/0xxx/CVE-2015-0268.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0268",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,27 +27,51 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "xen-cve20150268-dos(100868)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100868"
"url": "http://www.securityfocus.com/bid/72591",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/72591"
},
{
"name": "1031746",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031746"
"url": "http://www.securitytracker.com/id/1031746",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1031746"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-117.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-117.html"
"url": "http://xenbits.xen.org/xsa/advisory-117.html",
"refsource": "MISC",
"name": "http://xenbits.xen.org/xsa/advisory-117.html"
},
{
"name": "72591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72591"
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100868",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100868"
}
]
}

93
2015/0xxx/CVE-2015-0277.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0277",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6254 for lack of validation for the Destination attribute in a Response element in a SAML assertion."
"value": "The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6254 for lack of validation for the Destination attribute in a Response element in a SAML assertion."
}
]
},
@ -50,37 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:0849",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-0846.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0846.html"
},
{
"name": "RHSA-2015:0848",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0848.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-0847.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0847.html"
},
{
"name": "RHSA-2015:0846",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0846.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-0848.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0848.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1194832",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194832"
"url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
},
{
"name": "https://issues.jboss.org/browse/PLINK-678",
"refsource": "CONFIRM",
"url": "https://issues.jboss.org/browse/PLINK-678"
"url": "https://issues.jboss.org/browse/PLINK-678",
"refsource": "MISC",
"name": "https://issues.jboss.org/browse/PLINK-678"
},
{
"name": "RHSA-2015:0847",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0847.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194832",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1194832"
}
]
}

97
2015/0xxx/CVE-2015-0278.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0278",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,42 +27,66 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!msg/libuv/0JZxwLMtsMI/jraczskYWWQJ",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!msg/libuv/0JZxwLMtsMI/jraczskYWWQJ"
"url": "http://advisories.mageia.org/MGASA-2015-0186.html",
"refsource": "MISC",
"name": "http://advisories.mageia.org/MGASA-2015-0186.html"
},
{
"name": "MDVSA-2015:228",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:228"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:228",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:228"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0186.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0186.html"
"url": "https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c",
"refsource": "MISC",
"name": "https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c"
},
{
"name": "FEDORA-2015-2313",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150526.html"
"url": "https://github.com/libuv/libuv/pull/215",
"refsource": "MISC",
"name": "https://github.com/libuv/libuv/pull/215"
},
{
"name": "https://github.com/libuv/libuv/pull/215",
"refsource": "CONFIRM",
"url": "https://github.com/libuv/libuv/pull/215"
"url": "https://groups.google.com/forum/#%21msg/libuv/0JZxwLMtsMI/jraczskYWWQJ",
"refsource": "MISC",
"name": "https://groups.google.com/forum/#%21msg/libuv/0JZxwLMtsMI/jraczskYWWQJ"
},
{
"name": "https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c",
"refsource": "CONFIRM",
"url": "https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c"
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150526.html",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150526.html"
},
{
"name": "GLSA-201611-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-10"
"url": "https://security.gentoo.org/glsa/201611-10",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201611-10"
}
]
}

85
2015/0xxx/CVE-2015-0296.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0296",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-4332",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154198.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154198.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154198.html"
},
{
"name": "72826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72826"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154424.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154424.html"
},
{
"name": "FEDORA-2015-4872",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154424.html"
"url": "http://www.openwall.com/lists/oss-security/2015/02/27/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/02/27/6"
},
{
"name": "[oss-security] 20150227 CVE-2015-0296 preinstall scriptlet in texlive-base rpm of fedora allows unprivileged user to delete arbitrary files(maybe others)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/02/27/6"
"url": "http://www.securityfocus.com/bid/72826",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/72826"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1197082",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1197082"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1197082",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1197082"
}
]
}

67
2015/0xxx/CVE-2015-0297.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0297",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,17 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:0862",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0862.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-0862.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0862.html"
},
{
"name": "1032181",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032181"
"url": "http://www.securitytracker.com/id/1032181",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1032181"
}
]
}

73
2015/0xxx/CVE-2015-0298.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0298",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,22 +27,46 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1641",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1641.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1641.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1641.html"
},
{
"name": "RHSA-2015:1642",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1642.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1642.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1642.html"
},
{
"name": "https://issues.jboss.org/browse/MODCLUSTER-453",
"refsource": "CONFIRM",
"url": "https://issues.jboss.org/browse/MODCLUSTER-453"
"url": "https://issues.jboss.org/browse/MODCLUSTER-453",
"refsource": "MISC",
"name": "https://issues.jboss.org/browse/MODCLUSTER-453"
}
]
}

67
2015/1xxx/CVE-2015-1386.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1386",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,17 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150127 Re: unshield directory traversal",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/27"
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/27",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/01/27/27"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1185717",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185717"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185717",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1185717"
}
]
}

73
2015/1xxx/CVE-2015-1777.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1777",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,22 +27,46 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "72943",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72943"
"url": "http://www.openwall.com/lists/oss-security/2015/03/04/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/03/04/7"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1198740",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198740"
"url": "http://www.securityfocus.com/bid/72943",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/72943"
},
{
"name": "[oss-security] 20150304 Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/04/7"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198740",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1198740"
}
]
}

336
2015/1xxx/CVE-2015-1788.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1788",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,242 +27,261 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2015:1184",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "SSRT102180",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143880121627664&w=2"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "DSA-3287",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3287"
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "SUSE-SU-2015:1150",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10122",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10122"
"url": "https://support.apple.com/kb/HT205031",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT205031"
},
{
"name": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015",
"refsource": "CONFIRM",
"url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "HPSBMU03409",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"
"url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015",
"refsource": "MISC",
"name": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
},
{
"name": "75158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75158"
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc",
"refsource": "MISC",
"name": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
},
{
"name": "https://openssl.org/news/secadv/20150611.txt",
"refsource": "CONFIRM",
"url": "https://openssl.org/news/secadv/20150611.txt"
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694",
"refsource": "MISC",
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
},
{
"name": "SUSE-SU-2015:1182",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
},
{
"name": "SUSE-SU-2015:1143",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"name": "openSUSE-SU-2016:0640",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
"url": "http://marc.info/?l=bugtraq&m=143880121627664&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=143880121627664&w=2"
},
{
"name": "1032564",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032564"
"url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"
},
{
"name": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041",
"refsource": "CONFIRM",
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl",
"refsource": "MISC",
"name": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
"url": "http://www.debian.org/security/2015/dsa-3287",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3287"
},
{
"name": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
"url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015",
"refsource": "MISC",
"name": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015",
"refsource": "MISC",
"name": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
},
{
"name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "openSUSE-SU-2015:1277",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "SUSE-SU-2015:1181",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name": "https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932",
"refsource": "CONFIRM",
"url": "https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932"
"url": "http://www.securityfocus.com/bid/91787",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/91787"
},
{
"name": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery",
"refsource": "CONFIRM",
"url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
"url": "http://www.securitytracker.com/id/1032564",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1032564"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
"url": "http://www.ubuntu.com/usn/USN-2639-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2639-1"
},
{
"name": "USN-2639-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2639-1"
"url": "https://bto.bluecoat.com/security-advisory/sa98",
"refsource": "MISC",
"name": "https://bto.bluecoat.com/security-advisory/sa98"
},
{
"name": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"name": "GLSA-201506-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201506-02"
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044"
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"name": "HPSBUX03388",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143880121627664&w=2"
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10122",
"refsource": "MISC",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10122"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
"url": "https://openssl.org/news/secadv/20150611.txt",
"refsource": "MISC",
"name": "https://openssl.org/news/secadv/20150611.txt"
},
{
"name": "https://support.citrix.com/article/CTX216642",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX216642"
"url": "https://security.gentoo.org/glsa/201506-02",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201506-02"
},
{
"name": "SUSE-SU-2015:1185",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
"url": "https://support.citrix.com/article/CTX216642",
"refsource": "MISC",
"name": "https://support.citrix.com/article/CTX216642"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694"
"url": "https://www.openssl.org/news/secadv_20150611.txt",
"refsource": "MISC",
"name": "https://www.openssl.org/news/secadv_20150611.txt"
},
{
"name": "openSUSE-SU-2015:1139",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
"url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery",
"refsource": "MISC",
"name": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa98",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa98"
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041",
"refsource": "MISC",
"name": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
},
{
"name": "NetBSD-SA2015-008",
"refsource": "NETBSD",
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
"url": "http://www.securityfocus.com/bid/75158",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/75158"
},
{
"name": "https://www.openssl.org/news/secadv_20150611.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv_20150611.txt"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
"url": "https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932",
"refsource": "MISC",
"name": "https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932"
}
]
}

73
2016/3xxx/CVE-2016-3104.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3104",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,22 +27,46 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1324496",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1324496"
"url": "http://www.securityfocus.com/bid/94929",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94929"
},
{
"name": "94929",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94929"
"url": "https://jira.mongodb.org/browse/SERVER-24378",
"refsource": "MISC",
"name": "https://jira.mongodb.org/browse/SERVER-24378"
},
{
"name": "https://jira.mongodb.org/browse/SERVER-24378",
"refsource": "CONFIRM",
"url": "https://jira.mongodb.org/browse/SERVER-24378"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1324496",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1324496"
}
]
}

61
2016/3xxx/CVE-2016-3113.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3113",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,12 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1326598",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326598"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326598",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1326598"
}
]
}

324
2016/3xxx/CVE-2016-3693.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the provisioning template handling in foreman. An attacker, with permissions to create templates, can cause internal Rails information to be displayed when it is processed, resulting in potentially sensitive information being disclosed."
"value": "The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
"value": "n/a"
}
]
}
@ -32,272 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 6.3 for RHEL 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.1.14-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.34-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:201801241201-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.4-1",
"version_affected": "!"
},
{
"version_value": "1:1.15.6.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.4-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5-15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.5.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5.26-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.2.1.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.16-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:4.0.5-4.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.9-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.0-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.2.1-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.4-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.10-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.6.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.0-1.git.0.b5c2768.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.7-2.git.0.3b416c9.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.3.0-23.0.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.3.0.12-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.1.1.4-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:10.0.2.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:9.1.5.3-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.1.0.3-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.14-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.11-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.13-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.7.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.6-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.9.6.4-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.8-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.0.1-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.4.16-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.9-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.0.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.3.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.0.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3.3-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.5-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.12-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.3.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5.58-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.10-1.fm1_15.el7sat",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -335,16 +78,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0336"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-3693",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3693"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327471",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1327471"
},
{
"url": "https://github.com/svenfuchs/safemode/commit/0f764a1720a3a68fd2842e21377c8bfad6d7126f",
"refsource": "MISC",
@ -356,50 +89,5 @@
"name": "https://github.com/theforeman/foreman/commit/82f9b93c54f72c5814df6bab7fad057eab65b2f2"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Dominic Cleal (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
}
}

73
2016/3xxx/CVE-2016-3695.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3695",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,22 +27,46 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1322755",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1322755"
"url": "http://www.securityfocus.com/bid/102327",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/102327"
},
{
"name": "102327",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102327"
"url": "https://github.com/mjg59/linux/commit/d7a6be58edc01b1c66ecd8fcc91236bfbce0a420",
"refsource": "MISC",
"name": "https://github.com/mjg59/linux/commit/d7a6be58edc01b1c66ecd8fcc91236bfbce0a420"
},
{
"name": "https://github.com/mjg59/linux/commit/d7a6be58edc01b1c66ecd8fcc91236bfbce0a420",
"refsource": "CONFIRM",
"url": "https://github.com/mjg59/linux/commit/d7a6be58edc01b1c66ecd8fcc91236bfbce0a420"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1322755",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1322755"
}
]
}

69
2016/3xxx/CVE-2016-3703.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An origin validation vulnerability was found in OpenShift Enterprise. An attacker could potentially access API credentials stored in a web browser's localStorage if anonymous access was granted to a service/proxy or pod/proxy API for a specific pod, and an authorized access_token was provided in the query parameter."
"value": "Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Authorization",
"cweId": "CWE-285"
"value": "n/a"
}
]
}
@ -32,31 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 3.2",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.2.0.44-1.git.0.a4463d9.el7",
"version_affected": "!"
},
{
"version_value": "0:1.4.7-1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Enterprise 3.1",
"version": {
"version_data": [
{
"version_value": "0:3.1.1.6-8.git.64.80b61da.el7aos",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -78,47 +62,6 @@
"url": "https://access.redhat.com/errata/RHSA-2016:1095",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1095"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-3703",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3703"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330233",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1330233"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Jordan Liggitt (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
}

325
2016/3xxx/CVE-2016-3704.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Pulp makes unsafe use of Bash's $RANDOM to generate a NSS DB password and seed resulting in insufficient randomness. An attacker could potentially guess the seed used given enough time and compute resources."
"value": "Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Use of Insufficiently Random Values",
"cweId": "CWE-330"
"value": "n/a"
}
]
}
@ -32,272 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 6.3 for RHEL 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.1.14-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.34-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:201801241201-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.4-1",
"version_affected": "!"
},
{
"version_value": "1:1.15.6.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.4-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5-15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.5.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5.26-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.2.1.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.16-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:4.0.5-4.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.9-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.0-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.2.1-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.4-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.10-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.6.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.0-1.git.0.b5c2768.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.7-2.git.0.3b416c9.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.3.0-23.0.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.3.0.12-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.1.1.4-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:10.0.2.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:9.1.5.3-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.1.0.3-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.14-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.11-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.13-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.7.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.6-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.9.6.4-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.8-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.0.1-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.4.16-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.9-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.0.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.3.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.0.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3.3-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.5-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.12-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.3.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5.58-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.10-1.fm1_15.el7sat",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -325,16 +68,6 @@
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YM2LCC7QBRCK4LTN5EZT5OHTVAR3MYTY/"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-3704",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3704"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330264",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1330264"
},
{
"url": "https://github.com/pulp/pulp/blob/pulp-2.8.2-1/server/bin/pulp-qpid-ssl-cfg#L25",
"refsource": "MISC",
@ -349,51 +82,11 @@
"url": "https://pulp.plan.io/issues/1858",
"refsource": "MISC",
"name": "https://pulp.plan.io/issues/1858"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Randy Barlow (RedHat) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330264",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1330264"
}
]
}

64
2016/3xxx/CVE-2016-3705.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Missing incrementation of recursion depth counter were found in the xmlParserEntityCheck() and xmlParseAttValueComplex() functions used for parsing XML data. An attacker could launch a Denial of Service attack by passing specially crafted XML data to an application, forcing it to crash due to stack exhaustion."
"value": "The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Uncontrolled Recursion",
"cweId": "CWE-674"
"value": "n/a"
}
]
}
@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.7.6-21.el6_8.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.9.1-6.el7_2.3",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -95,11 +83,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1292"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2957",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2957"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10170",
"refsource": "MISC",
@ -140,51 +123,16 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/89854"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-3705",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3705"
},
{
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=765207",
"refsource": "MISC",
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=765207"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332443",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332443"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}
}

85
2016/3xxx/CVE-2016-3713.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3713",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.1"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9842df62004f366b9fed2423e24df10542ee0dc5",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9842df62004f366b9fed2423e24df10542ee0dc5"
},
{
"name": "https://github.com/torvalds/linux/commit/9842df62004f366b9fed2423e24df10542ee0dc5",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/9842df62004f366b9fed2423e24df10542ee0dc5"
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.1",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.1"
},
{
"name": "[oss-security] 20160516 CVE-2016-3713 Linux kernel: kvm: OOB r/w access issue with MSR 0x2F8",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/16/2"
"url": "http://www.openwall.com/lists/oss-security/2016/05/16/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/05/16/2"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9842df62004f366b9fed2423e24df10542ee0dc5",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9842df62004f366b9fed2423e24df10542ee0dc5"
"url": "https://github.com/torvalds/linux/commit/9842df62004f366b9fed2423e24df10542ee0dc5",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/9842df62004f366b9fed2423e24df10542ee0dc5"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332139",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332139"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332139",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332139"
}
]
}

85
2016/3xxx/CVE-2016-3714.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application."
"value": "The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka \"ImageTragick.\""
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
"value": "n/a"
}
]
}
@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:6.7.2.7-4.el6_7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:6.7.8.9-13.el7_2",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -170,26 +158,11 @@
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2990-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0726",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0726"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-3714",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3714"
},
{
"url": "https://access.redhat.com/security/vulnerabilities/2296071",
"refsource": "MISC",
"name": "https://access.redhat.com/security/vulnerabilities/2296071"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332492",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332492"
},
{
"url": "https://imagetragick.com/",
"refsource": "MISC",
@ -224,51 +197,11 @@
"url": "https://www.kb.cert.org/vuls/id/250519",
"refsource": "MISC",
"name": "https://www.kb.cert.org/vuls/id/250519"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\n\nRed Hat Enterprise Linux 6 and 7\n================================\n\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT, SHOW, WIN and PLT commands within image files, simply add the following lines:\n<policy domain=\"coder\" rights=\"none\" pattern=\"EPHEMERAL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"HTTPS\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"HTTP\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"URL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"FTP\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"MVG\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"MSL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"TEXT\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"LABEL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"SHOW\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"WIN\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"PLT\" />\n<policy domain=\"path\" rights=\"none\" pattern=\"@*\" />\n\nwithin the policy map stanza:\n<policymap>\n...\n</policymap>\n\n\nRed Hat Enterprise Linux 5\n==========================\n\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\n\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak"
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332492",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332492"
}
]
}

70
2016/3xxx/CVE-2016-3715.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to delete arbitrary files."
"value": "The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
"value": "n/a"
}
]
}
@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:6.7.2.7-4.el6_7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:6.7.8.9-13.el7_2",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -140,11 +128,6 @@
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2990-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0726",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0726"
},
{
"url": "https://security.gentoo.org/glsa/201611-21",
"refsource": "MISC",
@ -169,47 +152,6 @@
"url": "http://www.securityfocus.com/bid/89852",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/89852"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-3715",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3715"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332500",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332500"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\n\nRed Hat Enterprise Linux 6 and 7\n================================\n\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT,\nSHOW, WIN and PLT commands within image files, simply add the following lines:\n\n<policy domain=\"coder\" rights=\"none\" pattern=\"EPHEMERAL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"HTTPS\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"HTTP\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"URL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"FTP\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"MVG\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"MSL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"TEXT\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"LABEL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"SHOW\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"WIN\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"PLT\" />\n<policy domain=\"path\" rights=\"none\" pattern=\"@*\" />\n\nwithin the policy map stanza:\n\n<policymap>\n...\n</policymap>\n\n\nRed Hat Enterprise Linux 5\n==========================\n\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\n\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak"
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

54
2016/4xxx/CVE-2016-4443.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in RHEV Manager, where it wrote sensitive data to the engine-setup log file. A local attacker could exploit this flaw to view sensitive information such as encryption keys and certificates (which could then be used to steal other sensitive information such as passwords)."
"value": "Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Insertion of Sensitive Information into Log File",
"cweId": "CWE-532"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "RHEV Manager version 3.6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.6.9.2-1",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -69,52 +68,11 @@
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1036863"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1929",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1929"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-4443",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-4443"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335106",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1335106"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Simone Tiraboschi (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
]
}
}

103
2016/4xxx/CVE-2016-4453.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4453",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,47 +27,71 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-3047-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3047-1"
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[qemu-devel] 20160530 [Qemu-devel] [PATCH 4/4] vmsvga: don't process more than 1024 fifo commands at once",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05270.html"
"url": "https://security.gentoo.org/glsa/201609-01",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "GLSA-201609-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201609-01"
"url": "http://www.ubuntu.com/usn/USN-3047-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "USN-3047-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3047-2"
"url": "http://www.ubuntu.com/usn/USN-3047-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1336650",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1336650"
"url": "http://www.openwall.com/lists/oss-security/2016/05/30/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/05/30/2"
},
{
"name": "90928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90928"
"url": "http://www.securityfocus.com/bid/90928",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/90928"
},
{
"name": "[oss-security] 20160530 CVE-2016-4453 Qemu: display: vmsvga: infinite loop in vmsvga_fifo_run() routine",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/30/2"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05270.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05270.html"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1336650",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1336650"
}
]
}

103
2016/4xxx/CVE-2016-4454.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4454",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,47 +27,71 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-3047-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3047-1"
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[oss-security] 20160530 CVE-2016-4454 Qemu: display: vmsvga: out-of-bounds read in vmsvga_fifo_read_raw() routine",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/30/3"
"url": "https://security.gentoo.org/glsa/201609-01",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "GLSA-201609-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201609-01"
"url": "http://www.ubuntu.com/usn/USN-3047-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "USN-3047-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3047-2"
"url": "http://www.ubuntu.com/usn/USN-3047-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "[qemu-devel] 20160530 [Qemu-devel] [PATCH 1/4] vmsvga: move fifo sanity checks to vmsvga_fifo_length",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html"
"url": "http://www.openwall.com/lists/oss-security/2016/05/30/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/05/30/3"
},
{
"name": "90927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90927"
"url": "http://www.securityfocus.com/bid/90927",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/90927"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1336429",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1336429"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1336429",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1336429"
}
]
}

106
2016/4xxx/CVE-2016-4455.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was found that subscription-manager set weak permissions on files in /var/lib/rhsm/, causing an information disclosure. A local, unprivileged user could use this flaw to access sensitive data that could potentially be used in a social engineering attack."
"value": "The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
"value": "n/a"
}
]
}
@ -32,43 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:1.18.6-1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.18.10-1.el6",
"version_affected": "!"
},
{
"version_value": "0:2.0.34-1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.17.9-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.17.15-1.el7",
"version_affected": "!"
},
{
"version_value": "0:2.0.31-1.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -106,26 +78,6 @@
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1038083"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2592",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2592"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0698",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0698"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-4455",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-4455"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340525",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1340525"
},
{
"url": "https://github.com/candlepin/subscription-manager/blob/subscription-manager-1.17.7-1/subscription-manager.spec",
"refsource": "MISC",
@ -135,51 +87,11 @@
"url": "https://github.com/candlepin/subscription-manager/commit/9dec31",
"refsource": "MISC",
"name": "https://github.com/candlepin/subscription-manager/commit/9dec31"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Robert Scheck for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 1.7,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340525",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1340525"
}
]
}

84
2016/4xxx/CVE-2016-4463.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an application using Xerces-C by tricking it into processing specially crafted data."
"value": "Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
"value": "n/a"
}
]
}
@ -32,38 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.1.1-9.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.1.1-8.el7_4.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.1.1-8.el7_5.1",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -136,16 +113,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3514"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-4463",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-4463"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348845",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1348845"
},
{
"url": "https://issues.apache.org/jira/browse/XERCESC-2069",
"refsource": "MISC",
@ -162,44 +129,5 @@
"name": "https://www.debian.org/security/2016/dsa-3610"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}
}

73
2016/4xxx/CVE-2016-4474.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4474",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,22 +27,46 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:1223",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1223.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1222.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1222.html"
},
{
"name": "RHSA-2016:1222",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1222.html"
"url": "https://access.redhat.com/security/vulnerabilities/2359821",
"refsource": "MISC",
"name": "https://access.redhat.com/security/vulnerabilities/2359821"
},
{
"name": "https://access.redhat.com/security/vulnerabilities/2359821",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/vulnerabilities/2359821"
"url": "https://rhn.redhat.com/errata/RHSA-2016-1223.html",
"refsource": "MISC",
"name": "https://rhn.redhat.com/errata/RHSA-2016-1223.html"
}
]
}

131
2016/4xxx/CVE-2016-4475.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was found that the foreman API and UI actions and URLs are not properly limited to the organizations and locations they were assigned to. This could allow an attacker to view and update other organizations and locations in the system that they should not be allowed to."
"value": "The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Access Control",
"cweId": "CWE-284"
"value": "n/a"
}
]
}
@ -32,99 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 6.2 for RHEL 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:1.11.0.51-1.el6sat",
"version_affected": "!"
},
{
"version_value": "1:1.11.0.10-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.5-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.8.3.4-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:6.2.1-1.2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:5.0.0.9-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.5-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.22.25-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0.70-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.el6sat",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Satellite 6.2 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:1.11.0.51-1.el7sat",
"version_affected": "!"
},
{
"version_value": "1:1.11.0.10-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.8.3.4-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.2.1-1.2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.0.0.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.22.25-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0.70-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.el7sat",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -157,46 +73,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2016:1615"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-4475",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-4475"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342439",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1342439"
},
{
"url": "https://theforeman.org/security.html#2016-4475",
"refsource": "MISC",
"name": "https://theforeman.org/security.html#2016-4475"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
]
}
}

85
2016/4xxx/CVE-2016-4964.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4964",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160524 Re: CVE Request: Qemu: scsi: mptsas infinite loop in mptsas_fetch_requests",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/7"
"url": "https://security.gentoo.org/glsa/201609-01",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "[qemu-devel] 20160524 [PATCH] scsi: mptsas: infinite loop while fetching requests",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04027.html"
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=06630554ccbdd25780aa03c3548aaff1eb56dffd",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=06630554ccbdd25780aa03c3548aaff1eb56dffd"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=06630554ccbdd25780aa03c3548aaff1eb56dffd",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=06630554ccbdd25780aa03c3548aaff1eb56dffd"
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/05/24/4"
},
{
"name": "[oss-security] 20160524 CVE Request: Qemu: scsi: mptsas infinite loop in mptsas_fetch_requests",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/4"
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/05/24/7"
},
{
"name": "GLSA-201609-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201609-01"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04027.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04027.html"
}
]
}

73
2016/4xxx/CVE-2016-4973.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4973",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,22 +27,46 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1324759",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1324759"
"url": "http://www.openwall.com/lists/oss-security/2016/08/17/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/08/17/6"
},
{
"name": "92530",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92530"
"url": "http://www.securityfocus.com/bid/92530",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92530"
},
{
"name": "[oss-security] 20160817 CVE-2016-4973 gcc: Targets using libssp for SSP are missing -D_FORTIFY_SOURCE functionality",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/17/6"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1324759",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1324759"
}
]
}

115
2016/4xxx/CVE-2016-4974.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4974",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,42 +27,66 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "91537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91537"
},
{
"name": "20160702 [SECURITY] CVE-2016-4974: Apache Qpid: deserialization of untrusted input while using JMS ObjectMessage",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538813/100/0/threaded"
},
{
"name": "https://issues.apache.org/jira/browse/QPIDJMS-188",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/QPIDJMS-188"
},
{
"name": "1036239",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036239"
},
{
"name": "http://qpid.apache.org/components/jms/security-0-x.html",
"refsource": "CONFIRM",
"url": "http://qpid.apache.org/components/jms/security-0-x.html"
},
{
"name": "http://packetstormsecurity.com/files/137749/Apache-Qpid-Untrusted-Input-Deserialization.html",
"url": "http://packetstormsecurity.com/files/137749/Apache-Qpid-Untrusted-Input-Deserialization.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137749/Apache-Qpid-Untrusted-Input-Deserialization.html"
"name": "http://packetstormsecurity.com/files/137749/Apache-Qpid-Untrusted-Input-Deserialization.html"
},
{
"name": "http://qpid.apache.org/components/jms/security.html",
"refsource": "CONFIRM",
"url": "http://qpid.apache.org/components/jms/security.html"
"url": "http://qpid.apache.org/components/jms/security-0-x.html",
"refsource": "MISC",
"name": "http://qpid.apache.org/components/jms/security-0-x.html"
},
{
"url": "http://qpid.apache.org/components/jms/security.html",
"refsource": "MISC",
"name": "http://qpid.apache.org/components/jms/security.html"
},
{
"url": "http://www.securityfocus.com/archive/1/538813/100/0/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/538813/100/0/threaded"
},
{
"url": "http://www.securityfocus.com/bid/91537",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/91537"
},
{
"url": "http://www.securitytracker.com/id/1036239",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1036239"
},
{
"url": "https://issues.apache.org/jira/browse/QPIDJMS-188",
"refsource": "MISC",
"name": "https://issues.apache.org/jira/browse/QPIDJMS-188"
}
]
}

55
2016/4xxx/CVE-2016-4983.json
View File

@ -1,12 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4983",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -39,40 +39,15 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "dovecot22-2.2.25-3.1"
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "dovecot22",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "dovecot22-2.2.18-9.1"
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "dovecot22",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "dovecot22-2.2.13-3.7.1"
}
]
@ -87,19 +62,19 @@
"references": {
"reference_data": [
{
"url": "http://lists.opensuse.org/opensuse-updates/2016-11/msg00096.html",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=984639",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=984639"
"name": "http://lists.opensuse.org/opensuse-updates/2016-11/msg00096.html"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=984639",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1346055",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346055"
"name": "https://bugzilla.suse.com/show_bug.cgi?id=984639"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346055",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-11/msg00096.html",
"url": "http://lists.opensuse.org/opensuse-updates/2016-11/msg00096.html"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1346055"
}
]
}

61
2016/4xxx/CVE-2016-4984.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4984",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,12 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1346120",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346120"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346120",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1346120"
}
]
}

79
2016/4xxx/CVE-2016-4985.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew (or was able to guess) the MAC address of a network card belonging to a node, the flaw could be exploited by sending a crafted POST request to the node's /v1/drivers/$DRIVER_NAME/vendor_passthru resource. The response included the node's full details, including management passwords, even if the /etc/ironic/policy.json file was configured to hide passwords in API responses."
"value": "The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Authentication Bypass by Spoofing",
"cweId": "CWE-290"
"value": "n/a"
}
]
}
@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2015.1.2-4.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"version": {
"version_data": [
{
"version_value": "1:4.2.5-1.el7ost",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -80,21 +68,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1378"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-4985",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-4985"
},
{
"url": "https://bugs.launchpad.net/ironic/+bug/1572796",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/ironic/+bug/1572796"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346193",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1346193"
},
{
"url": "https://review.openstack.org/332195",
"refsource": "MISC",
@ -111,50 +89,5 @@
"name": "https://review.openstack.org/332197"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank the OpenStack Ironic project for reporting this issue. Upstream acknowledges Devananda van der Veen (IBM) as the original reporter."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
}
}

121
2016/4xxx/CVE-2016-4993.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4993",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,62 +27,86 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:1841",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1841.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1838.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1838.html"
},
{
"name": "92894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92894"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1839.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1839.html"
},
{
"name": "RHSA-2017:3458",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1840.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1840.html"
},
{
"name": "1036758",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036758"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1841.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1841.html"
},
{
"name": "RHSA-2016:1838",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1838.html"
"url": "http://www.securityfocus.com/bid/92894",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92894"
},
{
"name": "RHSA-2017:3455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
"url": "http://www.securitytracker.com/id/1036758",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1036758"
},
{
"name": "RHSA-2017:3456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
"url": "https://access.redhat.com/errata/RHSA-2017:3454",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1344321",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344321"
"url": "https://access.redhat.com/errata/RHSA-2017:3455",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2017:3454",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
"url": "https://access.redhat.com/errata/RHSA-2017:3456",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name": "RHSA-2016:1839",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1839.html"
"url": "https://access.redhat.com/errata/RHSA-2017:3458",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2016:1840",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1840.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344321",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1344321"
}
]
}

71
2016/4xxx/CVE-2016-4994.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple use-after-free vulnerabilities were found in GIMP in the channel and layer properties parsing process when loading XCF files. An attacker could create a specially crafted XCF file which could cause GIMP to crash."
"value": "Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Use After Free",
"cweId": "CWE-416"
"value": "n/a"
}
]
}
@ -32,20 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "2:2.8.16-3.el7",
"version_affected": "!"
},
{
"version_value": "0:2.8.2-1.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -93,70 +88,16 @@
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3025-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2589",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2589"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-4994",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-4994"
},
{
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=767873",
"refsource": "MISC",
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=767873"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348617",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1348617"
},
{
"url": "https://git.gnome.org/browse/gimp/commit/?id=e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f",
"refsource": "MISC",
"name": "https://git.gnome.org/browse/gimp/commit/?id=e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
}
}

67
2016/9xxx/CVE-2016-9588.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to an uncaught exception issue. It could occur if an L2 guest was to throw an exception which is not handled by an L1 guest."
"value": "arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Uncaught Exception",
"cweId": "CWE-248"
"value": "n/a"
}
]
}
@ -32,20 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.rt56.617.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-693.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -88,16 +83,6 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94933"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-9588",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-9588"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404924",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1404924"
},
{
"url": "https://github.com/torvalds/linux/commit/ef85b67385436ddc1998f45f1d6a210f935b3388",
"refsource": "MISC",
@ -112,45 +97,11 @@
"url": "https://usn.ubuntu.com/3822-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3822-2/"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404924",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1404924"
}
]
}

137
2016/9xxx/CVE-2016-9589.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-03-22T00:00:00",
"ID": "CVE-2016-9589",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wildfly",
"version": {
"version_data": [
{
"version_value": "11.0.0.Beta1"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,78 +21,103 @@
"description": [
{
"lang": "eng",
"value": "CWE-400"
"value": "CWE-400",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "wildfly",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.0.Beta1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0831",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0831.html"
"url": "https://access.redhat.com/errata/RHSA-2017:3454",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name": "RHSA-2017:0876",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0876.html"
"url": "https://access.redhat.com/errata/RHSA-2017:3455",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2017:0834",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0834.html"
"url": "https://access.redhat.com/errata/RHSA-2017:3456",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1404782",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404782"
"url": "https://access.redhat.com/errata/RHSA-2017:3458",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2017:3458",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0830.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0830.html"
},
{
"name": "RHSA-2017:0832",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0832.html"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0831.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0831.html"
},
{
"name": "97060",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97060"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0832.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0832.html"
},
{
"name": "RHSA-2017:3455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0834.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0834.html"
},
{
"name": "RHSA-2017:3456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0876.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0876.html"
},
{
"name": "RHSA-2017:0873",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0873"
"url": "http://www.securityfocus.com/bid/97060",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/97060"
},
{
"name": "RHSA-2017:3454",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
"url": "https://access.redhat.com/errata/RHSA-2017:0872",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0872"
},
{
"name": "RHSA-2017:0830",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0830.html"
"url": "https://access.redhat.com/errata/RHSA-2017:0873",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0873"
},
{
"name": "RHSA-2017:0872",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0872"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404782",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1404782"
}
]
}

63
2016/9xxx/CVE-2016-9596.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9596",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627."
"value": "libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627."
}
]
},
@ -50,12 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1408302",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408302"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408302",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1408302"
}
]
}

67
2016/9xxx/CVE-2016-9598.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9598",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,17 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1408306",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408306"
"url": "https://access.redhat.com/errata/RHSA-2018:2486",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "RHSA-2018:2486",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408306",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1408306"
}
]
}

85
2016/9xxx/CVE-2016-9846.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9846",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161205 Re: CVE request Qemu: display: virtio-gpu: memory leakage while updating cursor",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/23"
"url": "https://security.gentoo.org/glsa/201701-49",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "[oss-security] 20161205 CVE request Qemu: display: virtio-gpu: memory leakage while updating cursor",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/18"
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/18",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/12/05/18"
},
{
"name": "GLSA-201701-49",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-49"
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/23",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/12/05/23"
},
{
"name": "[qemu-devel] 20161101 [PATCH] virtio-gpu: fix memory leak in update_cursor_data_virgl",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html"
"url": "http://www.securityfocus.com/bid/94765",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94765"
},
{
"name": "94765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94765"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html"
}
]
}

73
2016/9xxx/CVE-2016-9908.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9908",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,22 +27,46 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161208 Re: CVE request Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/4"
"url": "https://security.gentoo.org/glsa/201701-49",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "GLSA-201701-49",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-49"
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/12/08/4"
},
{
"name": "94761",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94761"
"url": "http://www.securityfocus.com/bid/94761",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94761"
}
]
}

77
2017/15xxx/CVE-2017-15108.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-11-29T00:00:00",
"ID": "CVE-2017-15108",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "spice-vdagent",
"version": {
"version_data": [
{
"version_value": "up to and including 0.17.0"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,28 +21,53 @@
"description": [
{
"lang": "eng",
"value": "CWE-78"
"value": "CWE-78",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "spice-vdagent",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "up to and including 0.17.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "GLSA-201804-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201804-09"
"url": "https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61",
"refsource": "MISC",
"name": "https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61"
},
{
"name": "https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61"
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html"
"url": "https://security.gentoo.org/glsa/201804-09",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201804-09"
}
]
}

67
2017/15xxx/CVE-2017-15114.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-15114",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,17 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=994922a8ba996fe68d047df0e1486fa805dbea31",
"refsource": "CONFIRM",
"url": "https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=994922a8ba996fe68d047df0e1486fa805dbea31"
"url": "http://www.securityfocus.com/bid/101971",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/101971"
},
{
"name": "101971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101971"
"url": "https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=994922a8ba996fe68d047df0e1486fa805dbea31",
"refsource": "MISC",
"name": "https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=994922a8ba996fe68d047df0e1486fa805dbea31"
}
]
}

151
2017/15xxx/CVE-2017-15115.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-15115",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux kernel before 4.14-rc6",
"version": {
"version_data": [
{
"version_value": "Linux kernel before 4.14-rc6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,87 +27,111 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Linux kernel before 4.14-rc6",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Linux kernel before 4.14-rc6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1513345",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1513345"
"url": "https://usn.ubuntu.com/3583-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3583-1/"
},
{
"name": "https://github.com/torvalds/linux/commit/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74"
"url": "https://usn.ubuntu.com/3583-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3583-2/"
},
{
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df80cd9b28b9ebaa284a41df611dbf3a2d05ca74",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df80cd9b28b9ebaa284a41df611dbf3a2d05ca74"
},
{
"name": "USN-3583-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3583-2/"
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"name": "SUSE-SU-2018:0011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
"url": "http://seclists.org/oss-sec/2017/q4/282",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2017/q4/282"
},
{
"name": "https://patchwork.ozlabs.org/patch/827077/",
"refsource": "CONFIRM",
"url": "https://patchwork.ozlabs.org/patch/827077/"
"url": "http://www.securityfocus.com/bid/101877",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/101877"
},
{
"name": "USN-3582-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3582-1/"
"url": "https://github.com/torvalds/linux/commit/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74"
},
{
"name": "https://source.android.com/security/bulletin/pixel/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-04-01"
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"name": "USN-3583-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3583-1/"
"url": "https://patchwork.ozlabs.org/patch/827077/",
"refsource": "MISC",
"name": "https://patchwork.ozlabs.org/patch/827077/"
},
{
"name": "101877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101877"
"url": "https://source.android.com/security/bulletin/pixel/2018-04-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/pixel/2018-04-01"
},
{
"name": "USN-3581-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3581-1/"
"url": "https://usn.ubuntu.com/3581-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3581-1/"
},
{
"name": "USN-3581-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3581-3/"
"url": "https://usn.ubuntu.com/3581-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3581-2/"
},
{
"name": "USN-3581-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3581-2/"
"url": "https://usn.ubuntu.com/3581-3/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3581-3/"
},
{
"name": "http://seclists.org/oss-sec/2017/q4/282",
"refsource": "CONFIRM",
"url": "http://seclists.org/oss-sec/2017/q4/282"
"url": "https://usn.ubuntu.com/3582-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3582-1/"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df80cd9b28b9ebaa284a41df611dbf3a2d05ca74",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df80cd9b28b9ebaa284a41df611dbf3a2d05ca74"
"url": "https://usn.ubuntu.com/3582-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3582-2/"
},
{
"name": "USN-3582-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3582-2/"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1513345",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1513345"
}
]
}

54
2017/15xxx/CVE-2017-15116.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel's random number generator API. A null pointer dereference in the rngapi_reset function may result in denial of service, crashing the system."
"value": "The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference)."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
"value": "null pointer dereference"
}
]
}
@ -32,20 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "Linux kernel",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-862.rt56.804.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-862.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "Linux kernel"
}
]
}
@ -73,49 +68,20 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-15116",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-15116"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1485815",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1485815"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1514609",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1514609"
},
{
"url": "https://github.com/torvalds/linux/commit/94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by ChunYu Wang (Red Hat)."
}
],
"impact": {
"cvss": [
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1514609",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1514609"
}
]
}

58
2017/15xxx/CVE-2017-15121.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"value": "CWE-20",
"cweId": "CWE-20"
}
]
@ -32,31 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "Red Hat Enterprise Linux",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-754.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-862.rt56.804.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-862.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "6, 7"
}
]
}
@ -90,43 +75,14 @@
"name": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-15121",
"url": "https://support.f5.com/csp/article/K42142782?utm_source=f5support&amp%3Butm_medium=RSS",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-15121"
"name": "https://support.f5.com/csp/article/K42142782?utm_source=f5support&amp%3Butm_medium=RSS"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1520893",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1520893"
},
{
"url": "https://support.f5.com/csp/article/K42142782?utm_source=f5support&amp%3Butm_medium=RSS",
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K42142782?utm_source=f5support&amp%3Butm_medium=RSS"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Miklos Szeredi (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

86
2017/15xxx/CVE-2017-15123.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-15123",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.8 - 5.10"
}
]
@ -30,53 +52,41 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123",
"refsource": "CONFIRM"
},
{
"refsource": "BID",
"name": "108690",
"url": "http://www.securityfocus.com/bid/108690"
},
{
"url": "http://www.securityfocus.com/bid/108690",
"refsource": "MISC",
"name": "https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/",
"url": "https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/"
}
]
},
"description": {
"description_data": [
"name": "http://www.securityfocus.com/bid/108690"
},
{
"lang": "eng",
"value": "A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines."
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123"
},
{
"url": "https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/",
"refsource": "MISC",
"name": "https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/"
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
}
}

138
2017/15xxx/CVE-2017-15124.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "VNC server implementation in Quick Emulator (QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host."
"value": "VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Allocation of Resources Without Limits or Throttling",
"value": "CWE-770",
"cweId": "CWE-770"
}
]
@ -32,86 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "QEMU",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "Qemu",
"version": {
"version_data": [
{
"version_value": "10:1.5.3-156.el7",
"version_affected": "!"
},
{
"version_value": "10:2.12.0-18.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"version": {
"version_data": [
{
"version_value": "10:2.10.0-21.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 11.0 (Ocata)",
"version": {
"version_data": [
{
"version_value": "10:2.10.0-21.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 12.0 (Pike)",
"version": {
"version_data": [
{
"version_value": "10:2.10.0-21.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"version": {
"version_data": [
{
"version_value": "10:2.10.0-21.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
"version": {
"version_data": [
{
"version_value": "10:2.10.0-21.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:2.10.0-21.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "2.11.0 and older"
}
]
}
@ -149,16 +79,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3062"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-15124",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-15124"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
},
{
"url": "https://usn.ubuntu.com/3575-1/",
"refsource": "MISC",
@ -168,51 +88,11 @@
"url": "https://www.debian.org/security/2018/dsa-4213",
"refsource": "MISC",
"name": "https://www.debian.org/security/2018/dsa-4213"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Daniel Berrange (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
}
]
}

48
2017/15xxx/CVE-2017-15126.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel's handling of fork failure when dealing with event messages in the userfaultfd code. Failure to fork correctly can create a fork event that will be removed from an already freed list of events."
"value": "A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd_ctx_put()."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"value": "CWE-119",
"cweId": "CWE-119"
}
]
@ -32,20 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "Linux Kernel before 4.13.6",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-862.rt56.804.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-862.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "Linux Kernel before 4.13.6"
}
]
}
@ -83,11 +79,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-15126"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523481",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1523481"
},
{
"url": "https://github.com/torvalds/linux/commit/384632e67e0829deb8015ee6ad916b180049d252",
"refsource": "MISC",
@ -97,30 +88,11 @@
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6",
"refsource": "MISC",
"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Andrea Arcangeli (Red Hat Engineering)."
}
],
"impact": {
"cvss": [
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523481",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1523481"
}
]
}

42
2017/15xxx/CVE-2017-15127.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel when freeing pages in hugetlbfs. This could trigger a local denial of service by crashing the kernel."
"value": "A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG)."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Cleanup on Thrown Exception",
"value": "CWE-460",
"cweId": "CWE-460"
}
]
@ -32,20 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "Linux kernel before 4.13",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-862.rt56.804.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-862.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "Linux kernel before 4.13"
}
]
}
@ -83,33 +79,15 @@
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-15127"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525218",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525218"
},
{
"url": "https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995"
}
]
},
"impact": {
"cvss": [
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525218",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525218"
}
]
}

78
2017/15xxx/CVE-2017-15128.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-15128",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux kernel before 4.13.12",
"version": {
"version_data": [
{
"version_value": "Linux kernel before 4.13.12"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,38 +21,63 @@
"description": [
{
"lang": "eng",
"value": "CWE-119"
"value": "CWE-119",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Linux kernel before 4.13.12",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Linux kernel before 4.13.12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e3921471354244f70fe268586ff94a97a6dd4df",
"refsource": "MISC",
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12"
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e3921471354244f70fe268586ff94a97a6dd4df"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2017-15128",
"url": "https://access.redhat.com/security/cve/CVE-2017-15128",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2017-15128"
"name": "https://access.redhat.com/security/cve/CVE-2017-15128"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525222",
"url": "https://github.com/torvalds/linux/commit/1e3921471354244f70fe268586ff94a97a6dd4df",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525222"
"name": "https://github.com/torvalds/linux/commit/1e3921471354244f70fe268586ff94a97a6dd4df"
},
{
"name": "https://github.com/torvalds/linux/commit/1e3921471354244f70fe268586ff94a97a6dd4df",
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/1e3921471354244f70fe268586ff94a97a6dd4df"
"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e3921471354244f70fe268586ff94a97a6dd4df",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525222",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e3921471354244f70fe268586ff94a97a6dd4df"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525222"
}
]
}

63
2017/15xxx/CVE-2017-15129.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A use-after-free vulnerability was found in a network namespaces code affecting the Linux kernel since v4.0-rc1 through v4.15-rc5. The function get_net_ns_by_id() does not check for the net::count value after it has found a peer network in netns_ids idr which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely."
"value": "A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
"value": "CWE-362",
"cweId": "CWE-362"
}
]
@ -32,35 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "Linux kernel v4.0-rc1 through v4.15-rc5",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-862.rt56.804.el7",
"version_affected": "!"
},
{
"version_value": "0:4.14.0-49.el7a",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-862.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.55.1.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "Linux kernel v4.0-rc1 through v4.15-rc5"
}
]
}
@ -113,11 +94,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-15129"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531174",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1531174"
},
{
"url": "https://github.com/torvalds/linux/commit/21b5944350052d2583e82dd59b19a9ba94a007f0",
"refsource": "MISC",
@ -167,30 +143,11 @@
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11",
"refsource": "MISC",
"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Kirill Tkhai for reporting this issue."
}
],
"impact": {
"cvss": [
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531174",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1531174"
}
]
}

42
2017/15xxx/CVE-2017-15131.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users."
"value": "It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Incorrect Privilege Assignment",
"cweId": "CWE-266"
"value": "CWE-284",
"cweId": "CWE-284"
}
]
}
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "RHEL shipped xdg-user-dirs and gnome-session",
"version": {
"version_data": [
{
"version_value": "0:0.15-5.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "before 0.15-5"
}
]
}
@ -59,44 +59,16 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0842"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-15131",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-15131"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412762",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1412762"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455094",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1455094"
},
{
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
}
}

52
2017/15xxx/CVE-2017-15135.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was found that 389-ds-base did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances."
"value": "It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Authentication",
"value": "CWE-287",
"cweId": "CWE-287"
}
]
@ -32,27 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "389-ds-base",
"version": {
"version_data": [
{
"version_value": "0:1.2.11.15-94.el6_9",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.3.6.1-28.el7_4",
"version_affected": "!"
"version_affected": "=",
"version_value": "since 1.3.6.1 up to and including 1.4.0.3"
}
]
}
@ -85,40 +74,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0515"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-15135",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-15135"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525628",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525628"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Martin Poole (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
}
}

71
2017/15xxx/CVE-2017-15136.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-01-30T00:00:00",
"ID": "CVE-2017-15136",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Satellite 6",
"version": {
"version_data": [
{
"version_value": "6.3.0"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,23 +21,48 @@
"description": [
{
"lang": "eng",
"value": "CWE-20"
"value": "CWE-20",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "Satellite 6",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "103210",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103210"
"url": "http://www.securityfocus.com/bid/103210",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/103210"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1540343",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1540343"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1540343",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1540343"
}
]
}

1346
2017/15xxx/CVE-2017-15137.json
View File

File diff suppressed because it is too large Load Diff

206
2017/2xxx/CVE-2017-2582.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2582",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "keycloak",
"version": {
"version_data": [
{
"version_value": "2.5.1"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,129 +15,162 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-201"
"value": "CWE-201",
"cweId": "CWE-201"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "keycloak",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.5.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:3220",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3220"
"url": "http://www.securityfocus.com/bid/101046",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/101046"
},
{
"name": "RHSA-2017:3216",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3216"
"url": "http://www.securitytracker.com/id/1041707",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1041707"
},
{
"name": "RHSA-2017:2809",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2809"
"url": "https://access.redhat.com/errata/RHSA-2017:2808",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2808"
},
{
"name": "RHSA-2018:2740",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2740"
"url": "https://access.redhat.com/errata/RHSA-2017:2809",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2809"
},
{
"name": "RHSA-2017:3218",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3218"
"url": "https://access.redhat.com/errata/RHSA-2017:2810",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2810"
},
{
"name": "RHSA-2017:2810",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2810"
"url": "https://access.redhat.com/errata/RHSA-2017:2811",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2811"
},
{
"name": "RHSA-2018:2741",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2741"
"url": "https://access.redhat.com/errata/RHSA-2017:3216",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3216"
},
{
"name": "RHSA-2018:2742",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2742"
"url": "https://access.redhat.com/errata/RHSA-2017:3217",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3217"
},
{
"name": "RHSA-2017:2808",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2808"
"url": "https://access.redhat.com/errata/RHSA-2017:3218",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3218"
},
{
"name": "RHSA-2019:0137",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0137"
"url": "https://access.redhat.com/errata/RHSA-2017:3219",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3219"
},
{
"name": "RHSA-2017:3219",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3219"
"url": "https://access.redhat.com/errata/RHSA-2017:3220",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3220"
},
{
"name": "RHSA-2019:0139",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0139"
"url": "https://access.redhat.com/errata/RHSA-2018:2740",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2740"
},
{
"name": "https://github.com/keycloak/keycloak/pull/3715/commits/0cb5ba0f6e83162d221681f47b470c3042eef237",
"refsource": "CONFIRM",
"url": "https://github.com/keycloak/keycloak/pull/3715/commits/0cb5ba0f6e83162d221681f47b470c3042eef237"
"url": "https://access.redhat.com/errata/RHSA-2018:2741",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2741"
},
{
"name": "1041707",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041707"
"url": "https://access.redhat.com/errata/RHSA-2018:2742",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2742"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582"
"url": "https://access.redhat.com/errata/RHSA-2018:2743",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2743"
},
{
"name": "RHSA-2019:0136",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0136"
"url": "https://access.redhat.com/errata/RHSA-2019:0136",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:0136"
},
{
"name": "RHSA-2018:2743",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2743"
"url": "https://access.redhat.com/errata/RHSA-2019:0137",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:0137"
},
{
"name": "RHSA-2017:3217",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3217"
"url": "https://access.redhat.com/errata/RHSA-2019:0139",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:0139"
},
{
"name": "RHSA-2017:2811",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2811"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582"
},
{
"name": "101046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101046"
"url": "https://github.com/keycloak/keycloak/pull/3715/commits/0cb5ba0f6e83162d221681f47b470c3042eef237",
"refsource": "MISC",
"name": "https://github.com/keycloak/keycloak/pull/3715/commits/0cb5ba0f6e83162d221681f47b470c3042eef237"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
}

73
2017/2xxx/CVE-2017-2583.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest."
"value": "The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a \"MOV SS, NULL selector\" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Execution with Unnecessary Privileges",
"cweId": "CWE-250"
"value": "n/a"
}
]
}
@ -32,20 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.26.1.rt56.442.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-514.26.1.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -93,16 +88,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1616"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-2583",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2583"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414735",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1414735"
},
{
"url": "https://github.com/torvalds/linux/commit/33ab91103b3415e12457e3104f0e4517ce12d0f3",
"refsource": "MISC",
@ -112,51 +97,11 @@
"url": "https://usn.ubuntu.com/3754-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3754-1/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Xiaohan Zhang (Huawei Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414735",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1414735"
}
]
}

98
2017/2xxx/CVE-2017-2589.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2589",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "hawtio",
"version": {
"version_data": [
{
"version_value": "1.4"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,39 +15,72 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.7/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
"value": "CWE-285",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "hawtio",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1832",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
"url": "https://access.redhat.com/errata/RHSA-2017:1832",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1832"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2589",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2589"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2589",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2589"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
]
}

182
2017/2xxx/CVE-2017-2595.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2595",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wildfly",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,109 +15,142 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.7/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22"
"value": "CWE-22",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "wildfly",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1411",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1411"
"url": "https://access.redhat.com/errata/RHSA-2017:3454",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name": "RHSA-2017:1409",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1409.html"
"url": "https://access.redhat.com/errata/RHSA-2017:3455",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2017:1548",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1548"
"url": "https://access.redhat.com/errata/RHSA-2017:3456",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name": "RHSA-2017:1549",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1549"
"url": "https://access.redhat.com/errata/RHSA-2017:3458",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2017:3458",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
"url": "http://rhn.redhat.com/errata/RHSA-2017-1409.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-1409.html"
},
{
"name": "RHSA-2017:1552",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1552"
"url": "http://rhn.redhat.com/errata/RHSA-2017-1551.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-1551.html"
},
{
"name": "1038757",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038757"
"url": "http://www.securityfocus.com/bid/98967",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/98967"
},
{
"name": "RHSA-2017:1410",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1410"
"url": "http://www.securitytracker.com/id/1038757",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1038757"
},
{
"name": "RHSA-2017:1412",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1412"
"url": "https://access.redhat.com/errata/RHSA-2017:1410",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1410"
},
{
"name": "RHSA-2017:1551",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1551.html"
"url": "https://access.redhat.com/errata/RHSA-2017:1411",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1411"
},
{
"name": "RHSA-2017:3455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
"url": "https://access.redhat.com/errata/RHSA-2017:1412",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1412"
},
{
"name": "RHSA-2017:3456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
"url": "https://access.redhat.com/errata/RHSA-2017:1548",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1548"
},
{
"name": "98967",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98967"
"url": "https://access.redhat.com/errata/RHSA-2017:1549",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1549"
},
{
"name": "RHSA-2017:3454",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
"url": "https://access.redhat.com/errata/RHSA-2017:1550",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1550"
},
{
"name": "RHSA-2017:1550",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1550"
"url": "https://access.redhat.com/errata/RHSA-2017:1552",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1552"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2595",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2595"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2595",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2595"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
]
}

67
2017/2xxx/CVE-2017-2596.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to host memory leakage issue. It could occur while emulating VMXON instruction in 'handle_vmon'. An L1 guest user could use this flaw to leak host memory potentially resulting in DoS."
"value": "The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Missing Release of Resource after Effective Lifetime",
"cweId": "CWE-772"
"value": "n/a"
}
]
}
@ -32,20 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.rt56.617.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-693.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -83,61 +78,11 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/95878"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-2596",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2596"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1417812",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1417812"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Dmitry Vyukov (Google Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:H/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
]
}
}

239
2017/2xxx/CVE-2017-2615.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write",
"value": "CWE-787",
"cweId": "CWE-787"
}
]
@ -32,148 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "qemu",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"product_name": "display",
"version": {
"version_data": [
{
"version_value": "0:83-277.el5_11",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.491.el6_8.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:1.5.3-126.el7_3.5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.491.el6_8.7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-28.el7_3.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-28.el7_3.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-28.el7_3.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-28.el7_3.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-28.el7_3.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-28.el7_3.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-28.el7_3.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.491.el6_8.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-7",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-28.el7_3.6",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -271,76 +139,6 @@
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037804"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0309",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0309"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0328",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0328"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0329",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0329"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0330",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0330"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0331",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0331"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0332",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0332"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0333",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0333"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0334",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0334"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0344",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0344"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0350",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0350"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0396",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0396"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0454",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0454"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-2615",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2615"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418200",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1418200"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615",
"refsource": "MISC",
@ -363,35 +161,8 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Li Qiang (360.cn Inc.) and Wjjzhang (Tencent.com Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",

43
2017/2xxx/CVE-2017-2618.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory."
"value": "A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Off-by-one Error",
"value": "CWE-193",
"cweId": "CWE-193"
}
]
@ -32,31 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.16.1.rt56.437.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-514.16.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-514.rt56.219.el6rt",
"version_affected": "!"
"version_affected": "=",
"version_value": "4.9.10"
}
]
}
@ -89,16 +74,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0933"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-2618",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2618"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1419916",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1419916"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2618",
"refsource": "MISC",
@ -121,12 +96,6 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Paul Moore (Red Hat Engineering)."
}
],
"impact": {
"cvss": [
{

43
2017/2xxx/CVE-2017-2621.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An access-control flaw was found in the OpenStack Orchestration (heat) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information."
"value": "An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Files or Directories Accessible to External Parties",
"value": "CWE-552",
"cweId": "CWE-552"
}
]
@ -36,23 +36,20 @@
"product": {
"product_data": [
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"product_name": "openstack-heat",
"version": {
"version_data": [
{
"version_value": "1:7.0.2-4.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
"version": {
"version_data": [
"version_affected": "=",
"version_value": "openstack-heat-8.0.0"
},
{
"version_value": "1:6.1.0-3.el7ost",
"version_affected": "!"
"version_affected": "=",
"version_value": "openstack-heat-6.1.0"
},
{
"version_affected": "=",
"version_value": "openstack-heat-7.0.2"
}
]
}
@ -80,16 +77,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1464"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-2621",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2621"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420990",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1420990"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2621",
"refsource": "MISC",
@ -97,12 +84,6 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Hans Feldt (Ericsson) for reporting this issue."
}
],
"impact": {
"cvss": [
{

26
2017/2xxx/CVE-2017-2622.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Files or Directories Accessible to External Parties",
"value": "CWE-552",
"cweId": "CWE-552"
}
]
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"product_name": "openstack-mistral",
"version": {
"version_data": [
{
"version_value": "0:3.0.2-11.el7ost",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -59,16 +59,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1584"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-2622",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2622"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420992",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1420992"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2622",
"refsource": "MISC",
@ -76,12 +66,6 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Hans Feldt (Ericsson) for reporting this issue."
}
],
"impact": {
"cvss": [
{

156
2017/2xxx/CVE-2017-2624.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2624",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_value": "1.19.0"
}
]
}
}
]
},
"vendor_name": "Xorg"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,69 +15,102 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.9/CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-385"
"value": "CWE-385",
"cweId": "CWE-385"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Xorg",
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.19.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "GLSA-201704-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-03"
},
{
"name": "https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c",
"refsource": "CONFIRM",
"url": "https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c"
},
{
"name": "1037919",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037919"
},
{
"name": "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html"
},
{
"name": "GLSA-201710-30",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-30"
},
{
"name": "96480",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96480"
},
{
"name": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/",
"url": "http://www.securityfocus.com/bid/96480",
"refsource": "MISC",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"
"name": "http://www.securityfocus.com/bid/96480"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624"
"url": "http://www.securitytracker.com/id/1037919",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037919"
},
{
"url": "https://security.gentoo.org/glsa/201704-03",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201704-03"
},
{
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/",
"refsource": "MISC",
"name": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"
},
{
"url": "https://security.gentoo.org/glsa/201710-30",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201710-30"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624"
},
{
"url": "https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c",
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
]
}

107
2018/1xxx/CVE-2018-1041.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-02-05T00:00:00",
"ID": "CVE-2018-1041",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jboss-remoting",
"version": {
"version_data": [
{
"version_value": "since 3.3.10"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,53 +21,78 @@
"description": [
{
"lang": "eng",
"value": "CWE-835"
"value": "CWE-835",
"cweId": "CWE-835"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "jboss-remoting",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "since 3.3.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "44099",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44099/"
"url": "https://access.redhat.com/errata/RHSA-2018:0268",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0268"
},
{
"name": "RHSA-2018:0269",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0269"
"url": "https://access.redhat.com/errata/RHSA-2018:0269",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0269"
},
{
"name": "RHSA-2018:0270",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0270"
"url": "https://access.redhat.com/errata/RHSA-2018:0270",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0270"
},
{
"name": "RHSA-2018:0271",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0271"
"url": "https://access.redhat.com/errata/RHSA-2018:0271",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0271"
},
{
"name": "RHSA-2018:0268",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0268"
"url": "https://access.redhat.com/errata/RHSA-2018:0275",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0275"
},
{
"name": "RHSA-2018:0275",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0275"
"url": "http://www.securitytracker.com/id/1040323",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1040323"
},
{
"name": "1040323",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040323"
"url": "https://www.exploit-db.com/exploits/44099/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/44099/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1530457",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1530457"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1530457",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1530457"
}
]
}

18
2023/0xxx/CVE-2023-0801.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0801",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/0xxx/CVE-2023-0802.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0802",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/0xxx/CVE-2023-0803.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0803",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/0xxx/CVE-2023-0804.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0804",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/25xxx/CVE-2023-25692.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25692",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}