diff --git a/2015/0xxx/CVE-2015-0236.json b/2015/0xxx/CVE-2015-0236.json
index 2b1bfcae98c..cc0a9d42507 100644
--- a/2015/0xxx/CVE-2015-0236.json
+++ b/2015/0xxx/CVE-2015-0236.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "It was discovered that the virDomainSnapshotGetXMLDesc() and virDomainSaveImageGetXMLDesc() functions did not sufficiently limit the usage of the VIR_DOMAIN_XML_SECURE flag when fine-grained ACLs were enabled. A remote attacker able to establish a connection to libvirtd could use this flaw to obtain certain sensitive information from the domain XML file."
+ "value": "libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface."
}
]
},
@@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Exposure of Sensitive Information to an Unauthorized Actor",
- "cweId": "CWE-200"
+ "value": "n/a"
}
]
}
@@ -32,38 +31,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "n/a",
"product": {
"product_data": [
{
- "product_name": "Red Hat Enterprise Linux 7",
+ "product_name": "n/a",
"version": {
"version_data": [
{
- "version_value": "0:1.2.8-16.el7",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat Gluster Storage 3.1 for RHEL 7",
- "version": {
- "version_data": [
- {
- "version_value": "0:1.2.8-16.el7",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
- "version": {
- "version_data": [
- {
- "version_value": "0:1.2.8-16.el7",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -91,11 +68,6 @@
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:070"
},
- {
- "url": "https://access.redhat.com/errata/RHSA-2015:0323",
- "refsource": "MISC",
- "name": "https://access.redhat.com/errata/RHSA-2015:0323"
- },
{
"url": "http://advisories.mageia.org/MGASA-2015-0046.html",
"refsource": "MISC",
@@ -120,41 +92,6 @@
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:035",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:035"
- },
- {
- "url": "https://access.redhat.com/security/cve/CVE-2015-0236",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2015-0236"
- },
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184431",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1184431"
- }
- ]
- },
- "impact": {
- "cvss": [
- {
- "accessComplexity": "MEDIUM",
- "accessVector": "ADJACENT_NETWORK",
- "authentication": "NONE",
- "availabilityImpact": "NONE",
- "availabilityRequirement": "NOT_DEFINED",
- "baseScore": 2.9,
- "collateralDamagePotential": "NOT_DEFINED",
- "confidentialityImpact": "PARTIAL",
- "confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 0,
- "exploitability": "NOT_DEFINED",
- "integrityImpact": "NONE",
- "integrityRequirement": "NOT_DEFINED",
- "remediationLevel": "NOT_DEFINED",
- "reportConfidence": "NOT_DEFINED",
- "targetDistribution": "NOT_DEFINED",
- "temporalScore": 0,
- "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
- "version": "2.0"
}
]
}
diff --git a/2015/0xxx/CVE-2015-0237.json b/2015/0xxx/CVE-2015-0237.json
index a228b029503..a167a4947e2 100644
--- a/2015/0xxx/CVE-2015-0237.json
+++ b/2015/0xxx/CVE-2015-0237.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "It was discovered that the permissions to allow or deny snapshot creation were ignored during live storage migration of a VM's disk between storage domains. An attacker able to live migrate a disk between storage domains could use this flaw to cause a denial of service."
+ "value": "Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain."
}
]
},
@@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Incorrect Permission Assignment for Critical Resource",
- "cweId": "CWE-732"
+ "value": "n/a"
}
]
}
@@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "n/a",
"product": {
"product_data": [
{
- "product_name": "RHEV Manager version 3.5",
+ "product_name": "n/a",
"version": {
"version_data": [
{
- "version_value": "0:3.5.1-4",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -63,46 +62,6 @@
"url": "http://www.securitytracker.com/id/1032231",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1032231"
- },
- {
- "url": "https://access.redhat.com/errata/RHSA-2015:0888",
- "refsource": "MISC",
- "name": "https://access.redhat.com/errata/RHSA-2015:0888"
- },
- {
- "url": "https://access.redhat.com/security/cve/CVE-2015-0237",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2015-0237"
- },
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184716",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1184716"
- }
- ]
- },
- "impact": {
- "cvss": [
- {
- "accessComplexity": "HIGH",
- "accessVector": "ADJACENT_NETWORK",
- "authentication": "SINGLE",
- "availabilityImpact": "COMPLETE",
- "availabilityRequirement": "NOT_DEFINED",
- "baseScore": 4.3,
- "collateralDamagePotential": "NOT_DEFINED",
- "confidentialityImpact": "NONE",
- "confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 0,
- "exploitability": "NOT_DEFINED",
- "integrityImpact": "NONE",
- "integrityRequirement": "NOT_DEFINED",
- "remediationLevel": "NOT_DEFINED",
- "reportConfidence": "NOT_DEFINED",
- "targetDistribution": "NOT_DEFINED",
- "temporalScore": 0,
- "vectorString": "AV:A/AC:H/Au:S/C:N/I:N/A:C",
- "version": "2.0"
}
]
}
diff --git a/2015/0xxx/CVE-2015-0238.json b/2015/0xxx/CVE-2015-0238.json
index 5f84adb0d8d..377a259adf3 100644
--- a/2015/0xxx/CVE-2015-0238.json
+++ b/2015/0xxx/CVE-2015-0238.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0238",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,17 +27,41 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "https://access.redhat.com/security/cve/CVE-2015-0238",
- "refsource": "CONFIRM",
- "url": "https://access.redhat.com/security/cve/CVE-2015-0238"
+ "url": "https://access.redhat.com/security/cve/CVE-2015-0238",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2015-0238"
},
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1184739",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184739"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184739",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1184739"
}
]
}
diff --git a/2015/0xxx/CVE-2015-0257.json b/2015/0xxx/CVE-2015-0257.json
index affa0185668..7583638d061 100644
--- a/2015/0xxx/CVE-2015-0257.json
+++ b/2015/0xxx/CVE-2015-0257.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "It was discovered that a directory shared between the ovirt-engine-dwhd service and a plug-in used during the service's startup had incorrect permissions. A local user could use this flaw to access files in this directory, which could potentially contain sensitive information."
+ "value": "Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory."
}
]
},
@@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Incorrect Permission Assignment for Critical Resource",
- "cweId": "CWE-732"
+ "value": "n/a"
}
]
}
@@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "n/a",
"product": {
"product_data": [
{
- "product_name": "RHEV Manager version 3.5",
+ "product_name": "n/a",
"version": {
"version_data": [
{
- "version_value": "0:3.5.1-4",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -63,46 +62,6 @@
"url": "http://www.securitytracker.com/id/1032231",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1032231"
- },
- {
- "url": "https://access.redhat.com/errata/RHSA-2015:0888",
- "refsource": "MISC",
- "name": "https://access.redhat.com/errata/RHSA-2015:0888"
- },
- {
- "url": "https://access.redhat.com/security/cve/CVE-2015-0257",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2015-0257"
- },
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1189085",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1189085"
- }
- ]
- },
- "impact": {
- "cvss": [
- {
- "accessComplexity": "HIGH",
- "accessVector": "LOCAL",
- "authentication": "SINGLE",
- "availabilityImpact": "PARTIAL",
- "availabilityRequirement": "NOT_DEFINED",
- "baseScore": 3.5,
- "collateralDamagePotential": "NOT_DEFINED",
- "confidentialityImpact": "PARTIAL",
- "confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 0,
- "exploitability": "NOT_DEFINED",
- "integrityImpact": "PARTIAL",
- "integrityRequirement": "NOT_DEFINED",
- "remediationLevel": "NOT_DEFINED",
- "reportConfidence": "NOT_DEFINED",
- "targetDistribution": "NOT_DEFINED",
- "temporalScore": 0,
- "vectorString": "AV:L/AC:H/Au:S/C:P/I:P/A:P",
- "version": "2.0"
}
]
}
diff --git a/2015/0xxx/CVE-2015-0267.json b/2015/0xxx/CVE-2015-0267.json
index 16715b2d578..2dc3f9e8e0d 100644
--- a/2015/0xxx/CVE-2015-0267.json
+++ b/2015/0xxx/CVE-2015-0267.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "It was found that the module-setup.sh script provided by kexec-tools created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files."
+ "value": "The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file."
}
]
},
@@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Insecure Temporary File",
- "cweId": "CWE-377"
+ "value": "n/a"
}
]
}
@@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "n/a",
"product": {
"product_data": [
{
- "product_name": "Red Hat Enterprise Linux 7",
+ "product_name": "n/a",
"version": {
"version_data": [
{
- "version_value": "0:2.0.7-19.ael7b_1.2",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -63,46 +62,6 @@
"url": "http://www.securityfocus.com/bid/74622",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/74622"
- },
- {
- "url": "https://access.redhat.com/errata/RHSA-2015:0986",
- "refsource": "MISC",
- "name": "https://access.redhat.com/errata/RHSA-2015:0986"
- },
- {
- "url": "https://access.redhat.com/security/cve/CVE-2015-0267",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2015-0267"
- },
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191575",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1191575"
- }
- ]
- },
- "impact": {
- "cvss": [
- {
- "accessComplexity": "LOW",
- "accessVector": "LOCAL",
- "authentication": "NONE",
- "availabilityImpact": "PARTIAL",
- "availabilityRequirement": "NOT_DEFINED",
- "baseScore": 3.6,
- "collateralDamagePotential": "NOT_DEFINED",
- "confidentialityImpact": "NONE",
- "confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 0,
- "exploitability": "NOT_DEFINED",
- "integrityImpact": "PARTIAL",
- "integrityRequirement": "NOT_DEFINED",
- "remediationLevel": "NOT_DEFINED",
- "reportConfidence": "NOT_DEFINED",
- "targetDistribution": "NOT_DEFINED",
- "temporalScore": 0,
- "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
- "version": "2.0"
}
]
}
diff --git a/2015/0xxx/CVE-2015-0268.json b/2015/0xxx/CVE-2015-0268.json
index ceee4285936..4b0f613db20 100644
--- a/2015/0xxx/CVE-2015-0268.json
+++ b/2015/0xxx/CVE-2015-0268.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0268",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,27 +27,51 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "xen-cve20150268-dos(100868)",
- "refsource": "XF",
- "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100868"
+ "url": "http://www.securityfocus.com/bid/72591",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/72591"
},
{
- "name": "1031746",
- "refsource": "SECTRACK",
- "url": "http://www.securitytracker.com/id/1031746"
+ "url": "http://www.securitytracker.com/id/1031746",
+ "refsource": "MISC",
+ "name": "http://www.securitytracker.com/id/1031746"
},
{
- "name": "http://xenbits.xen.org/xsa/advisory-117.html",
- "refsource": "CONFIRM",
- "url": "http://xenbits.xen.org/xsa/advisory-117.html"
+ "url": "http://xenbits.xen.org/xsa/advisory-117.html",
+ "refsource": "MISC",
+ "name": "http://xenbits.xen.org/xsa/advisory-117.html"
},
{
- "name": "72591",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/72591"
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100868",
+ "refsource": "MISC",
+ "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100868"
}
]
}
diff --git a/2015/0xxx/CVE-2015-0277.json b/2015/0xxx/CVE-2015-0277.json
index 9455fb83057..4174bc344a0 100644
--- a/2015/0xxx/CVE-2015-0277.json
+++ b/2015/0xxx/CVE-2015-0277.json
@@ -1,40 +1,17 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0277",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6254 for lack of validation for the Destination attribute in a Response element in a SAML assertion."
+ "value": "The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6254 for lack of validation for the Destination attribute in a Response element in a SAML assertion."
}
]
},
@@ -50,37 +27,61 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "RHSA-2015:0849",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
+ "url": "http://rhn.redhat.com/errata/RHSA-2015-0846.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2015-0846.html"
},
{
- "name": "RHSA-2015:0848",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2015-0848.html"
+ "url": "http://rhn.redhat.com/errata/RHSA-2015-0847.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2015-0847.html"
},
{
- "name": "RHSA-2015:0846",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2015-0846.html"
+ "url": "http://rhn.redhat.com/errata/RHSA-2015-0848.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2015-0848.html"
},
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1194832",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194832"
+ "url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
},
{
- "name": "https://issues.jboss.org/browse/PLINK-678",
- "refsource": "CONFIRM",
- "url": "https://issues.jboss.org/browse/PLINK-678"
+ "url": "https://issues.jboss.org/browse/PLINK-678",
+ "refsource": "MISC",
+ "name": "https://issues.jboss.org/browse/PLINK-678"
},
{
- "name": "RHSA-2015:0847",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2015-0847.html"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194832",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1194832"
}
]
}
diff --git a/2015/0xxx/CVE-2015-0278.json b/2015/0xxx/CVE-2015-0278.json
index b60354b06ac..042f6e649ca 100644
--- a/2015/0xxx/CVE-2015-0278.json
+++ b/2015/0xxx/CVE-2015-0278.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0278",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,42 +27,66 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "https://groups.google.com/forum/#!msg/libuv/0JZxwLMtsMI/jraczskYWWQJ",
- "refsource": "CONFIRM",
- "url": "https://groups.google.com/forum/#!msg/libuv/0JZxwLMtsMI/jraczskYWWQJ"
+ "url": "http://advisories.mageia.org/MGASA-2015-0186.html",
+ "refsource": "MISC",
+ "name": "http://advisories.mageia.org/MGASA-2015-0186.html"
},
{
- "name": "MDVSA-2015:228",
- "refsource": "MANDRIVA",
- "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:228"
+ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:228",
+ "refsource": "MISC",
+ "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:228"
},
{
- "name": "http://advisories.mageia.org/MGASA-2015-0186.html",
- "refsource": "CONFIRM",
- "url": "http://advisories.mageia.org/MGASA-2015-0186.html"
+ "url": "https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c",
+ "refsource": "MISC",
+ "name": "https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c"
},
{
- "name": "FEDORA-2015-2313",
- "refsource": "FEDORA",
- "url": "https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150526.html"
+ "url": "https://github.com/libuv/libuv/pull/215",
+ "refsource": "MISC",
+ "name": "https://github.com/libuv/libuv/pull/215"
},
{
- "name": "https://github.com/libuv/libuv/pull/215",
- "refsource": "CONFIRM",
- "url": "https://github.com/libuv/libuv/pull/215"
+ "url": "https://groups.google.com/forum/#%21msg/libuv/0JZxwLMtsMI/jraczskYWWQJ",
+ "refsource": "MISC",
+ "name": "https://groups.google.com/forum/#%21msg/libuv/0JZxwLMtsMI/jraczskYWWQJ"
},
{
- "name": "https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c",
- "refsource": "CONFIRM",
- "url": "https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c"
+ "url": "https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150526.html",
+ "refsource": "MISC",
+ "name": "https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150526.html"
},
{
- "name": "GLSA-201611-10",
- "refsource": "GENTOO",
- "url": "https://security.gentoo.org/glsa/201611-10"
+ "url": "https://security.gentoo.org/glsa/201611-10",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/201611-10"
}
]
}
diff --git a/2015/0xxx/CVE-2015-0296.json b/2015/0xxx/CVE-2015-0296.json
index 12b2967de55..c7205638d5c 100644
--- a/2015/0xxx/CVE-2015-0296.json
+++ b/2015/0xxx/CVE-2015-0296.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0296",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,32 +27,56 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "FEDORA-2015-4332",
- "refsource": "FEDORA",
- "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154198.html"
+ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154198.html",
+ "refsource": "MISC",
+ "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154198.html"
},
{
- "name": "72826",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/72826"
+ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154424.html",
+ "refsource": "MISC",
+ "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154424.html"
},
{
- "name": "FEDORA-2015-4872",
- "refsource": "FEDORA",
- "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154424.html"
+ "url": "http://www.openwall.com/lists/oss-security/2015/02/27/6",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2015/02/27/6"
},
{
- "name": "[oss-security] 20150227 CVE-2015-0296 preinstall scriptlet in texlive-base rpm of fedora allows unprivileged user to delete arbitrary files(maybe others)",
- "refsource": "MLIST",
- "url": "http://www.openwall.com/lists/oss-security/2015/02/27/6"
+ "url": "http://www.securityfocus.com/bid/72826",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/72826"
},
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1197082",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1197082"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1197082",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1197082"
}
]
}
diff --git a/2015/0xxx/CVE-2015-0297.json b/2015/0xxx/CVE-2015-0297.json
index 91887f5f165..61f3f47d3dc 100644
--- a/2015/0xxx/CVE-2015-0297.json
+++ b/2015/0xxx/CVE-2015-0297.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0297",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,17 +27,41 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "RHSA-2015:0862",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2015-0862.html"
+ "url": "http://rhn.redhat.com/errata/RHSA-2015-0862.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2015-0862.html"
},
{
- "name": "1032181",
- "refsource": "SECTRACK",
- "url": "http://www.securitytracker.com/id/1032181"
+ "url": "http://www.securitytracker.com/id/1032181",
+ "refsource": "MISC",
+ "name": "http://www.securitytracker.com/id/1032181"
}
]
}
diff --git a/2015/0xxx/CVE-2015-0298.json b/2015/0xxx/CVE-2015-0298.json
index 61aa5ebb925..9dc26831c62 100644
--- a/2015/0xxx/CVE-2015-0298.json
+++ b/2015/0xxx/CVE-2015-0298.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0298",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,22 +27,46 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "RHSA-2015:1641",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2015-1641.html"
+ "url": "http://rhn.redhat.com/errata/RHSA-2015-1641.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2015-1641.html"
},
{
- "name": "RHSA-2015:1642",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2015-1642.html"
+ "url": "http://rhn.redhat.com/errata/RHSA-2015-1642.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2015-1642.html"
},
{
- "name": "https://issues.jboss.org/browse/MODCLUSTER-453",
- "refsource": "CONFIRM",
- "url": "https://issues.jboss.org/browse/MODCLUSTER-453"
+ "url": "https://issues.jboss.org/browse/MODCLUSTER-453",
+ "refsource": "MISC",
+ "name": "https://issues.jboss.org/browse/MODCLUSTER-453"
}
]
}
diff --git a/2015/1xxx/CVE-2015-1386.json b/2015/1xxx/CVE-2015-1386.json
index 77d9ff3aed7..f9c50ad55e2 100644
--- a/2015/1xxx/CVE-2015-1386.json
+++ b/2015/1xxx/CVE-2015-1386.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1386",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,17 +27,41 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "[oss-security] 20150127 Re: unshield directory traversal",
- "refsource": "MLIST",
- "url": "http://www.openwall.com/lists/oss-security/2015/01/27/27"
+ "url": "http://www.openwall.com/lists/oss-security/2015/01/27/27",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2015/01/27/27"
},
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1185717",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185717"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185717",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1185717"
}
]
}
diff --git a/2015/1xxx/CVE-2015-1777.json b/2015/1xxx/CVE-2015-1777.json
index e53c6d8f3e5..3d60780d5ca 100644
--- a/2015/1xxx/CVE-2015-1777.json
+++ b/2015/1xxx/CVE-2015-1777.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1777",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,22 +27,46 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "72943",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/72943"
+ "url": "http://www.openwall.com/lists/oss-security/2015/03/04/7",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2015/03/04/7"
},
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1198740",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198740"
+ "url": "http://www.securityfocus.com/bid/72943",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/72943"
},
{
- "name": "[oss-security] 20150304 Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777",
- "refsource": "MLIST",
- "url": "http://www.openwall.com/lists/oss-security/2015/03/04/7"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198740",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1198740"
}
]
}
diff --git a/2015/1xxx/CVE-2015-1788.json b/2015/1xxx/CVE-2015-1788.json
index fa88ae48dc9..949e632cb95 100644
--- a/2015/1xxx/CVE-2015-1788.json
+++ b/2015/1xxx/CVE-2015-1788.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1788",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,242 +27,261 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "SUSE-SU-2015:1184",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
+ "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
+ "refsource": "MISC",
+ "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
- "name": "SSRT102180",
- "refsource": "HP",
- "url": "http://marc.info/?l=bugtraq&m=143880121627664&w=2"
+ "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
+ "refsource": "MISC",
+ "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
- "name": "DSA-3287",
- "refsource": "DEBIAN",
- "url": "http://www.debian.org/security/2015/dsa-3287"
+ "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
+ "refsource": "MISC",
+ "name": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
- "name": "SUSE-SU-2015:1150",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
+ "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
+ "refsource": "MISC",
+ "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
- "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10122",
- "refsource": "CONFIRM",
- "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10122"
+ "url": "https://support.apple.com/kb/HT205031",
+ "refsource": "MISC",
+ "name": "https://support.apple.com/kb/HT205031"
},
{
- "name": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015",
- "refsource": "CONFIRM",
- "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
+ "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
+ "refsource": "MISC",
+ "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
- "name": "HPSBMU03409",
- "refsource": "HP",
- "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"
+ "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015",
+ "refsource": "MISC",
+ "name": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
},
{
- "name": "75158",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/75158"
+ "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc",
+ "refsource": "MISC",
+ "name": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
},
{
- "name": "https://openssl.org/news/secadv/20150611.txt",
- "refsource": "CONFIRM",
- "url": "https://openssl.org/news/secadv/20150611.txt"
+ "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694",
+ "refsource": "MISC",
+ "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694"
},
{
- "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
- "refsource": "CONFIRM",
- "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
},
{
- "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
- "refsource": "CONFIRM",
- "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
},
{
- "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
- "refsource": "CONFIRM",
- "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
},
{
- "name": "SUSE-SU-2015:1182",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
},
{
- "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
- "refsource": "CONFIRM",
- "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
},
{
- "name": "SUSE-SU-2015:1143",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
},
{
- "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351",
- "refsource": "CONFIRM",
- "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
},
{
- "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
- "refsource": "CONFIRM",
- "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
- "name": "openSUSE-SU-2016:0640",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
- "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
- "refsource": "CONFIRM",
- "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
+ "url": "http://marc.info/?l=bugtraq&m=143880121627664&w=2",
+ "refsource": "MISC",
+ "name": "http://marc.info/?l=bugtraq&m=143880121627664&w=2"
},
{
- "name": "1032564",
- "refsource": "SECTRACK",
- "url": "http://www.securitytracker.com/id/1032564"
+ "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2",
+ "refsource": "MISC",
+ "name": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"
},
{
- "name": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041",
- "refsource": "CONFIRM",
- "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
+ "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl",
+ "refsource": "MISC",
+ "name": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
},
{
- "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
- "refsource": "CONFIRM",
- "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
+ "url": "http://www.debian.org/security/2015/dsa-3287",
+ "refsource": "MISC",
+ "name": "http://www.debian.org/security/2015/dsa-3287"
},
{
- "name": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015",
- "refsource": "CONFIRM",
- "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
+ "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015",
+ "refsource": "MISC",
+ "name": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
},
{
- "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
- "refsource": "CONFIRM",
- "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
+ "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015",
+ "refsource": "MISC",
+ "name": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
},
{
- "name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
- "refsource": "CISCO",
- "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
+ "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
+ "refsource": "MISC",
+ "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
- "name": "openSUSE-SU-2015:1277",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
+ "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
+ "refsource": "MISC",
+ "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
- "name": "SUSE-SU-2015:1181",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
+ "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
+ "refsource": "MISC",
+ "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
- "name": "https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932",
- "refsource": "CONFIRM",
- "url": "https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932"
+ "url": "http://www.securityfocus.com/bid/91787",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/91787"
},
{
- "name": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery",
- "refsource": "CONFIRM",
- "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
+ "url": "http://www.securitytracker.com/id/1032564",
+ "refsource": "MISC",
+ "name": "http://www.securitytracker.com/id/1032564"
},
{
- "name": "APPLE-SA-2015-08-13-2",
- "refsource": "APPLE",
- "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
+ "url": "http://www.ubuntu.com/usn/USN-2639-1",
+ "refsource": "MISC",
+ "name": "http://www.ubuntu.com/usn/USN-2639-1"
},
{
- "name": "USN-2639-1",
- "refsource": "UBUNTU",
- "url": "http://www.ubuntu.com/usn/USN-2639-1"
+ "url": "https://bto.bluecoat.com/security-advisory/sa98",
+ "refsource": "MISC",
+ "name": "https://bto.bluecoat.com/security-advisory/sa98"
},
{
- "name": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015",
- "refsource": "CONFIRM",
- "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
+ "refsource": "MISC",
+ "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
- "name": "GLSA-201506-02",
- "refsource": "GENTOO",
- "url": "https://security.gentoo.org/glsa/201506-02"
+ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763",
+ "refsource": "MISC",
+ "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
- "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044",
- "refsource": "CONFIRM",
- "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044"
+ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044",
+ "refsource": "MISC",
+ "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044"
},
{
- "name": "91787",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/91787"
+ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
+ "refsource": "MISC",
+ "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
- "name": "HPSBUX03388",
- "refsource": "HP",
- "url": "http://marc.info/?l=bugtraq&m=143880121627664&w=2"
+ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
+ "refsource": "MISC",
+ "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
- "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763",
- "refsource": "CONFIRM",
- "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
+ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351",
+ "refsource": "MISC",
+ "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
},
{
- "name": "https://support.apple.com/kb/HT205031",
- "refsource": "CONFIRM",
- "url": "https://support.apple.com/kb/HT205031"
+ "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10122",
+ "refsource": "MISC",
+ "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10122"
},
{
- "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
- "refsource": "CONFIRM",
- "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
+ "url": "https://openssl.org/news/secadv/20150611.txt",
+ "refsource": "MISC",
+ "name": "https://openssl.org/news/secadv/20150611.txt"
},
{
- "name": "https://support.citrix.com/article/CTX216642",
- "refsource": "CONFIRM",
- "url": "https://support.citrix.com/article/CTX216642"
+ "url": "https://security.gentoo.org/glsa/201506-02",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/201506-02"
},
{
- "name": "SUSE-SU-2015:1185",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
+ "url": "https://support.citrix.com/article/CTX216642",
+ "refsource": "MISC",
+ "name": "https://support.citrix.com/article/CTX216642"
},
{
- "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694",
- "refsource": "CONFIRM",
- "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694"
+ "url": "https://www.openssl.org/news/secadv_20150611.txt",
+ "refsource": "MISC",
+ "name": "https://www.openssl.org/news/secadv_20150611.txt"
},
{
- "name": "openSUSE-SU-2015:1139",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
+ "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery",
+ "refsource": "MISC",
+ "name": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
},
{
- "name": "https://bto.bluecoat.com/security-advisory/sa98",
- "refsource": "CONFIRM",
- "url": "https://bto.bluecoat.com/security-advisory/sa98"
+ "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041",
+ "refsource": "MISC",
+ "name": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
},
{
- "name": "NetBSD-SA2015-008",
- "refsource": "NETBSD",
- "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
+ "url": "http://www.securityfocus.com/bid/75158",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/75158"
},
{
- "name": "https://www.openssl.org/news/secadv_20150611.txt",
- "refsource": "CONFIRM",
- "url": "https://www.openssl.org/news/secadv_20150611.txt"
- },
- {
- "refsource": "CONFIRM",
- "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
- "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
+ "url": "https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932",
+ "refsource": "MISC",
+ "name": "https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932"
}
]
}
diff --git a/2016/3xxx/CVE-2016-3104.json b/2016/3xxx/CVE-2016-3104.json
index 3dd0e5dbe70..bb097d93a37 100644
--- a/2016/3xxx/CVE-2016-3104.json
+++ b/2016/3xxx/CVE-2016-3104.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3104",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,22 +27,46 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1324496",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1324496"
+ "url": "http://www.securityfocus.com/bid/94929",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/94929"
},
{
- "name": "94929",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/94929"
+ "url": "https://jira.mongodb.org/browse/SERVER-24378",
+ "refsource": "MISC",
+ "name": "https://jira.mongodb.org/browse/SERVER-24378"
},
{
- "name": "https://jira.mongodb.org/browse/SERVER-24378",
- "refsource": "CONFIRM",
- "url": "https://jira.mongodb.org/browse/SERVER-24378"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1324496",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1324496"
}
]
}
diff --git a/2016/3xxx/CVE-2016-3113.json b/2016/3xxx/CVE-2016-3113.json
index 7de9894902f..ef80907527d 100644
--- a/2016/3xxx/CVE-2016-3113.json
+++ b/2016/3xxx/CVE-2016-3113.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3113",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,12 +27,36 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1326598",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326598"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326598",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1326598"
}
]
}
diff --git a/2016/3xxx/CVE-2016-3693.json b/2016/3xxx/CVE-2016-3693.json
index 25a701bc645..e7dfe778f3a 100644
--- a/2016/3xxx/CVE-2016-3693.json
+++ b/2016/3xxx/CVE-2016-3693.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A flaw was found in the provisioning template handling in foreman. An attacker, with permissions to create templates, can cause internal Rails information to be displayed when it is processed, resulting in potentially sensitive information being disclosed."
+ "value": "The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method."
}
]
},
@@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Improper Input Validation",
- "cweId": "CWE-20"
+ "value": "n/a"
}
]
}
@@ -32,272 +31,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "n/a",
"product": {
"product_data": [
{
- "product_name": "Red Hat Satellite 6.3 for RHEL 7",
+ "product_name": "n/a",
"version": {
"version_data": [
{
- "version_value": "0:2.1.14-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.15.6.34-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:201801241201-2.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.4.4-1",
- "version_affected": "!"
- },
- {
- "version_value": "1:1.15.6.8-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.15.6.4-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.15.6.2-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.3.1-2.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.4.5-15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.4.0-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.5.1-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.4.5.26-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.0.2-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.5.1-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.13.4.6-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.4.1-2.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.2-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.2.1.1-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.13.4-3.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.13.4.8-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.3.16-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:4.0.5-4.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.9-2.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.3.0-2.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.0.2-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.6-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.1-2.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.2.1-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.4-3.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.9-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.10-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.6.9-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.3.0-1.git.0.b5c2768.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.3.7-2.git.0.3b416c9.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:6.3.0-23.0.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:6.3.0.12-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:5.1.1.4-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:10.0.2.2-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:9.1.5.3-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.1.0.3-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.3.14-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.7.11-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.0.13-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.3.7.2-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.6-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.9.6.4-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.8-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:5.0.1-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.4.16-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.9-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.11.0.1-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.3.0-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.11.0.5-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.8-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.3.3-2.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.0-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.6-2.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.5-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.6-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.12-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.3-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.11.3.5-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.4.5.58-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.2-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.10-1.fm1_15.el7sat",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -335,16 +78,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0336"
},
- {
- "url": "https://access.redhat.com/security/cve/CVE-2016-3693",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2016-3693"
- },
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327471",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1327471"
- },
{
"url": "https://github.com/svenfuchs/safemode/commit/0f764a1720a3a68fd2842e21377c8bfad6d7126f",
"refsource": "MISC",
@@ -356,50 +89,5 @@
"name": "https://github.com/theforeman/foreman/commit/82f9b93c54f72c5814df6bab7fad057eab65b2f2"
}
]
- },
- "credits": [
- {
- "lang": "en",
- "value": "This issue was discovered by Dominic Cleal (Red Hat)."
- }
- ],
- "impact": {
- "cvss": [
- {
- "accessComplexity": "MEDIUM",
- "accessVector": "NETWORK",
- "authentication": "SINGLE",
- "availabilityImpact": "NONE",
- "availabilityRequirement": "NOT_DEFINED",
- "baseScore": 3.5,
- "collateralDamagePotential": "NOT_DEFINED",
- "confidentialityImpact": "PARTIAL",
- "confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 0,
- "exploitability": "NOT_DEFINED",
- "integrityImpact": "NONE",
- "integrityRequirement": "NOT_DEFINED",
- "remediationLevel": "NOT_DEFINED",
- "reportConfidence": "NOT_DEFINED",
- "targetDistribution": "NOT_DEFINED",
- "temporalScore": 0,
- "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
- "version": "2.0"
- },
- {
- "attackComplexity": "HIGH",
- "attackVector": "NETWORK",
- "availabilityImpact": "NONE",
- "baseScore": 3.1,
- "baseSeverity": "LOW",
- "confidentialityImpact": "LOW",
- "integrityImpact": "NONE",
- "privilegesRequired": "LOW",
- "scope": "UNCHANGED",
- "userInteraction": "NONE",
- "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
- "version": "3.0"
- }
- ]
}
}
\ No newline at end of file
diff --git a/2016/3xxx/CVE-2016-3695.json b/2016/3xxx/CVE-2016-3695.json
index 53cac9b1ed7..470fb2ed949 100644
--- a/2016/3xxx/CVE-2016-3695.json
+++ b/2016/3xxx/CVE-2016-3695.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3695",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,22 +27,46 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1322755",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1322755"
+ "url": "http://www.securityfocus.com/bid/102327",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/102327"
},
{
- "name": "102327",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/102327"
+ "url": "https://github.com/mjg59/linux/commit/d7a6be58edc01b1c66ecd8fcc91236bfbce0a420",
+ "refsource": "MISC",
+ "name": "https://github.com/mjg59/linux/commit/d7a6be58edc01b1c66ecd8fcc91236bfbce0a420"
},
{
- "name": "https://github.com/mjg59/linux/commit/d7a6be58edc01b1c66ecd8fcc91236bfbce0a420",
- "refsource": "CONFIRM",
- "url": "https://github.com/mjg59/linux/commit/d7a6be58edc01b1c66ecd8fcc91236bfbce0a420"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1322755",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1322755"
}
]
}
diff --git a/2016/3xxx/CVE-2016-3703.json b/2016/3xxx/CVE-2016-3703.json
index 119b1ff795e..c74e31a618f 100644
--- a/2016/3xxx/CVE-2016-3703.json
+++ b/2016/3xxx/CVE-2016-3703.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "An origin validation vulnerability was found in OpenShift Enterprise. An attacker could potentially access API credentials stored in a web browser's localStorage if anonymous access was granted to a service/proxy or pod/proxy API for a specific pod, and an authorized access_token was provided in the query parameter."
+ "value": "Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter."
}
]
},
@@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Improper Authorization",
- "cweId": "CWE-285"
+ "value": "n/a"
}
]
}
@@ -32,31 +31,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "n/a",
"product": {
"product_data": [
{
- "product_name": "Red Hat OpenShift Container Platform 3.2",
+ "product_name": "n/a",
"version": {
"version_data": [
{
- "version_value": "0:3.2.0.44-1.git.0.a4463d9.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.4.7-1.el7",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat OpenShift Enterprise 3.1",
- "version": {
- "version_data": [
- {
- "version_value": "0:3.1.1.6-8.git.64.80b61da.el7aos",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -78,47 +62,6 @@
"url": "https://access.redhat.com/errata/RHSA-2016:1095",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1095"
- },
- {
- "url": "https://access.redhat.com/security/cve/CVE-2016-3703",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2016-3703"
- },
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330233",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1330233"
- }
- ]
- },
- "credits": [
- {
- "lang": "en",
- "value": "This issue was discovered by Jordan Liggitt (Red Hat)."
- }
- ],
- "impact": {
- "cvss": [
- {
- "accessComplexity": "MEDIUM",
- "accessVector": "NETWORK",
- "authentication": "SINGLE",
- "availabilityImpact": "PARTIAL",
- "availabilityRequirement": "NOT_DEFINED",
- "baseScore": 6,
- "collateralDamagePotential": "NOT_DEFINED",
- "confidentialityImpact": "PARTIAL",
- "confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 0,
- "exploitability": "NOT_DEFINED",
- "integrityImpact": "PARTIAL",
- "integrityRequirement": "NOT_DEFINED",
- "remediationLevel": "NOT_DEFINED",
- "reportConfidence": "NOT_DEFINED",
- "targetDistribution": "NOT_DEFINED",
- "temporalScore": 0,
- "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
- "version": "2.0"
}
]
}
diff --git a/2016/3xxx/CVE-2016-3704.json b/2016/3xxx/CVE-2016-3704.json
index af2872244cb..6597f60065e 100644
--- a/2016/3xxx/CVE-2016-3704.json
+++ b/2016/3xxx/CVE-2016-3704.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "Pulp makes unsafe use of Bash's $RANDOM to generate a NSS DB password and seed resulting in insufficient randomness. An attacker could potentially guess the seed used given enough time and compute resources."
+ "value": "Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords."
}
]
},
@@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Use of Insufficiently Random Values",
- "cweId": "CWE-330"
+ "value": "n/a"
}
]
}
@@ -32,272 +31,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "n/a",
"product": {
"product_data": [
{
- "product_name": "Red Hat Satellite 6.3 for RHEL 7",
+ "product_name": "n/a",
"version": {
"version_data": [
{
- "version_value": "0:2.1.14-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.15.6.34-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:201801241201-2.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.4.4-1",
- "version_affected": "!"
- },
- {
- "version_value": "1:1.15.6.8-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.15.6.4-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.15.6.2-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.3.1-2.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.4.5-15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.4.0-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.5.1-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.4.5.26-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.0.2-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.5.1-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.13.4.6-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.4.1-2.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.2-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.2.1.1-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.13.4-3.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.13.4.8-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.3.16-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:4.0.5-4.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.9-2.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.3.0-2.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.0.2-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.6-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.1-2.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.2.1-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.4-3.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.9-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.10-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.6.9-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.3.0-1.git.0.b5c2768.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.3.7-2.git.0.3b416c9.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:6.3.0-23.0.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:6.3.0.12-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:5.1.1.4-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:10.0.2.2-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:9.1.5.3-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.1.0.3-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.3.14-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.7.11-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.0.13-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.3.7.2-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.6-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.9.6.4-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.8-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:5.0.1-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.4.16-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.9-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.11.0.1-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.3.0-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.11.0.5-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.8-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.3.3-2.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.0-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.6-2.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.5-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.6-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.12-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.3-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.11.3.5-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.4.5.58-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.2-1.fm1_15.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.10-1.fm1_15.el7sat",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -325,16 +68,6 @@
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YM2LCC7QBRCK4LTN5EZT5OHTVAR3MYTY/"
},
- {
- "url": "https://access.redhat.com/security/cve/CVE-2016-3704",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2016-3704"
- },
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330264",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1330264"
- },
{
"url": "https://github.com/pulp/pulp/blob/pulp-2.8.2-1/server/bin/pulp-qpid-ssl-cfg#L25",
"refsource": "MISC",
@@ -349,51 +82,11 @@
"url": "https://pulp.plan.io/issues/1858",
"refsource": "MISC",
"name": "https://pulp.plan.io/issues/1858"
- }
- ]
- },
- "credits": [
- {
- "lang": "en",
- "value": "Red Hat would like to thank Randy Barlow (RedHat) for reporting this issue."
- }
- ],
- "impact": {
- "cvss": [
- {
- "accessComplexity": "LOW",
- "accessVector": "LOCAL",
- "authentication": "NONE",
- "availabilityImpact": "PARTIAL",
- "availabilityRequirement": "NOT_DEFINED",
- "baseScore": 4.6,
- "collateralDamagePotential": "NOT_DEFINED",
- "confidentialityImpact": "PARTIAL",
- "confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 0,
- "exploitability": "NOT_DEFINED",
- "integrityImpact": "PARTIAL",
- "integrityRequirement": "NOT_DEFINED",
- "remediationLevel": "NOT_DEFINED",
- "reportConfidence": "NOT_DEFINED",
- "targetDistribution": "NOT_DEFINED",
- "temporalScore": 0,
- "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
- "version": "2.0"
},
{
- "attackComplexity": "HIGH",
- "attackVector": "NETWORK",
- "availabilityImpact": "LOW",
- "baseScore": 5.6,
- "baseSeverity": "MEDIUM",
- "confidentialityImpact": "LOW",
- "integrityImpact": "LOW",
- "privilegesRequired": "NONE",
- "scope": "UNCHANGED",
- "userInteraction": "NONE",
- "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
- "version": "3.0"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330264",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1330264"
}
]
}
diff --git a/2016/3xxx/CVE-2016-3705.json b/2016/3xxx/CVE-2016-3705.json
index 0b72034dcbe..eac1e6259ab 100644
--- a/2016/3xxx/CVE-2016-3705.json
+++ b/2016/3xxx/CVE-2016-3705.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "Missing incrementation of recursion depth counter were found in the xmlParserEntityCheck() and xmlParseAttValueComplex() functions used for parsing XML data. An attacker could launch a Denial of Service attack by passing specially crafted XML data to an application, forcing it to crash due to stack exhaustion."
+ "value": "The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references."
}
]
},
@@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Uncontrolled Recursion",
- "cweId": "CWE-674"
+ "value": "n/a"
}
]
}
@@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "n/a",
"product": {
"product_data": [
{
- "product_name": "Red Hat Enterprise Linux 6",
+ "product_name": "n/a",
"version": {
"version_data": [
{
- "version_value": "0:2.7.6-21.el6_8.1",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat Enterprise Linux 7",
- "version": {
- "version_data": [
- {
- "version_value": "0:2.9.1-6.el7_2.3",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -95,11 +83,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1292"
},
- {
- "url": "https://access.redhat.com/errata/RHSA-2016:2957",
- "refsource": "MISC",
- "name": "https://access.redhat.com/errata/RHSA-2016:2957"
- },
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10170",
"refsource": "MISC",
@@ -140,51 +123,16 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/89854"
},
- {
- "url": "https://access.redhat.com/security/cve/CVE-2016-3705",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2016-3705"
- },
{
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=765207",
"refsource": "MISC",
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=765207"
},
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332443",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332443"
- },
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239"
}
]
- },
- "impact": {
- "cvss": [
- {
- "accessComplexity": "MEDIUM",
- "accessVector": "NETWORK",
- "authentication": "NONE",
- "availabilityImpact": "PARTIAL",
- "availabilityRequirement": "NOT_DEFINED",
- "baseScore": 4.3,
- "collateralDamagePotential": "NOT_DEFINED",
- "confidentialityImpact": "NONE",
- "confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 0,
- "exploitability": "NOT_DEFINED",
- "integrityImpact": "NONE",
- "integrityRequirement": "NOT_DEFINED",
- "remediationLevel": "NOT_DEFINED",
- "reportConfidence": "NOT_DEFINED",
- "targetDistribution": "NOT_DEFINED",
- "temporalScore": 0,
- "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
- "version": "2.0"
- }
- ]
}
}
\ No newline at end of file
diff --git a/2016/3xxx/CVE-2016-3713.json b/2016/3xxx/CVE-2016-3713.json
index 3be90c29609..61d78f1434d 100644
--- a/2016/3xxx/CVE-2016-3713.json
+++ b/2016/3xxx/CVE-2016-3713.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3713",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,32 +27,56 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.1",
- "refsource": "CONFIRM",
- "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.1"
+ "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9842df62004f366b9fed2423e24df10542ee0dc5",
+ "refsource": "MISC",
+ "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9842df62004f366b9fed2423e24df10542ee0dc5"
},
{
- "name": "https://github.com/torvalds/linux/commit/9842df62004f366b9fed2423e24df10542ee0dc5",
- "refsource": "CONFIRM",
- "url": "https://github.com/torvalds/linux/commit/9842df62004f366b9fed2423e24df10542ee0dc5"
+ "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.1",
+ "refsource": "MISC",
+ "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.1"
},
{
- "name": "[oss-security] 20160516 CVE-2016-3713 Linux kernel: kvm: OOB r/w access issue with MSR 0x2F8",
- "refsource": "MLIST",
- "url": "http://www.openwall.com/lists/oss-security/2016/05/16/2"
+ "url": "http://www.openwall.com/lists/oss-security/2016/05/16/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2016/05/16/2"
},
{
- "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9842df62004f366b9fed2423e24df10542ee0dc5",
- "refsource": "CONFIRM",
- "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9842df62004f366b9fed2423e24df10542ee0dc5"
+ "url": "https://github.com/torvalds/linux/commit/9842df62004f366b9fed2423e24df10542ee0dc5",
+ "refsource": "MISC",
+ "name": "https://github.com/torvalds/linux/commit/9842df62004f366b9fed2423e24df10542ee0dc5"
},
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332139",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332139"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332139",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332139"
}
]
}
diff --git a/2016/3xxx/CVE-2016-3714.json b/2016/3xxx/CVE-2016-3714.json
index dd11a992f83..5fddb8a2af0 100644
--- a/2016/3xxx/CVE-2016-3714.json
+++ b/2016/3xxx/CVE-2016-3714.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application."
+ "value": "The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka \"ImageTragick.\""
}
]
},
@@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Improper Input Validation",
- "cweId": "CWE-20"
+ "value": "n/a"
}
]
}
@@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "n/a",
"product": {
"product_data": [
{
- "product_name": "Red Hat Enterprise Linux 6",
+ "product_name": "n/a",
"version": {
"version_data": [
{
- "version_value": "0:6.7.2.7-4.el6_7",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat Enterprise Linux 7",
- "version": {
- "version_data": [
- {
- "version_value": "0:6.7.8.9-13.el7_2",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -170,26 +158,11 @@
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2990-1"
},
- {
- "url": "https://access.redhat.com/errata/RHSA-2016:0726",
- "refsource": "MISC",
- "name": "https://access.redhat.com/errata/RHSA-2016:0726"
- },
- {
- "url": "https://access.redhat.com/security/cve/CVE-2016-3714",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2016-3714"
- },
{
"url": "https://access.redhat.com/security/vulnerabilities/2296071",
"refsource": "MISC",
"name": "https://access.redhat.com/security/vulnerabilities/2296071"
},
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332492",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332492"
- },
{
"url": "https://imagetragick.com/",
"refsource": "MISC",
@@ -224,51 +197,11 @@
"url": "https://www.kb.cert.org/vuls/id/250519",
"refsource": "MISC",
"name": "https://www.kb.cert.org/vuls/id/250519"
- }
- ]
- },
- "work_around": [
- {
- "lang": "en",
- "value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\n\nRed Hat Enterprise Linux 6 and 7\n================================\n\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT, SHOW, WIN and PLT commands within image files, simply add the following lines:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nwithin the policy map stanza:\n\n...\n\n\n\nRed Hat Enterprise Linux 5\n==========================\n\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\n\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak"
- }
- ],
- "impact": {
- "cvss": [
- {
- "accessComplexity": "MEDIUM",
- "accessVector": "NETWORK",
- "authentication": "NONE",
- "availabilityImpact": "PARTIAL",
- "availabilityRequirement": "NOT_DEFINED",
- "baseScore": 6.8,
- "collateralDamagePotential": "NOT_DEFINED",
- "confidentialityImpact": "PARTIAL",
- "confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 0,
- "exploitability": "NOT_DEFINED",
- "integrityImpact": "PARTIAL",
- "integrityRequirement": "NOT_DEFINED",
- "remediationLevel": "NOT_DEFINED",
- "reportConfidence": "NOT_DEFINED",
- "targetDistribution": "NOT_DEFINED",
- "temporalScore": 0,
- "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
- "version": "2.0"
},
{
- "attackComplexity": "LOW",
- "attackVector": "LOCAL",
- "availabilityImpact": "HIGH",
- "baseScore": 8.4,
- "baseSeverity": "HIGH",
- "confidentialityImpact": "HIGH",
- "integrityImpact": "HIGH",
- "privilegesRequired": "NONE",
- "scope": "UNCHANGED",
- "userInteraction": "NONE",
- "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "version": "3.0"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332492",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332492"
}
]
}
diff --git a/2016/3xxx/CVE-2016-3715.json b/2016/3xxx/CVE-2016-3715.json
index f19173f64f3..dbdefdefdac 100644
--- a/2016/3xxx/CVE-2016-3715.json
+++ b/2016/3xxx/CVE-2016-3715.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to delete arbitrary files."
+ "value": "The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image."
}
]
},
@@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Improper Input Validation",
- "cweId": "CWE-20"
+ "value": "n/a"
}
]
}
@@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "n/a",
"product": {
"product_data": [
{
- "product_name": "Red Hat Enterprise Linux 6",
+ "product_name": "n/a",
"version": {
"version_data": [
{
- "version_value": "0:6.7.2.7-4.el6_7",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat Enterprise Linux 7",
- "version": {
- "version_data": [
- {
- "version_value": "0:6.7.8.9-13.el7_2",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -140,11 +128,6 @@
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2990-1"
},
- {
- "url": "https://access.redhat.com/errata/RHSA-2016:0726",
- "refsource": "MISC",
- "name": "https://access.redhat.com/errata/RHSA-2016:0726"
- },
{
"url": "https://security.gentoo.org/glsa/201611-21",
"refsource": "MISC",
@@ -169,47 +152,6 @@
"url": "http://www.securityfocus.com/bid/89852",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/89852"
- },
- {
- "url": "https://access.redhat.com/security/cve/CVE-2016-3715",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2016-3715"
- },
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332500",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332500"
- }
- ]
- },
- "work_around": [
- {
- "lang": "en",
- "value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\n\nRed Hat Enterprise Linux 6 and 7\n================================\n\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT,\nSHOW, WIN and PLT commands within image files, simply add the following lines:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nwithin the policy map stanza:\n\n\n...\n\n\n\nRed Hat Enterprise Linux 5\n==========================\n\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\n\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak"
- }
- ],
- "impact": {
- "cvss": [
- {
- "accessComplexity": "MEDIUM",
- "accessVector": "NETWORK",
- "authentication": "NONE",
- "availabilityImpact": "NONE",
- "availabilityRequirement": "NOT_DEFINED",
- "baseScore": 4.3,
- "collateralDamagePotential": "NOT_DEFINED",
- "confidentialityImpact": "NONE",
- "confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 0,
- "exploitability": "NOT_DEFINED",
- "integrityImpact": "PARTIAL",
- "integrityRequirement": "NOT_DEFINED",
- "remediationLevel": "NOT_DEFINED",
- "reportConfidence": "NOT_DEFINED",
- "targetDistribution": "NOT_DEFINED",
- "temporalScore": 0,
- "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
- "version": "2.0"
}
]
}
diff --git a/2016/4xxx/CVE-2016-4443.json b/2016/4xxx/CVE-2016-4443.json
index 2e6de4027c4..e800ec781e4 100644
--- a/2016/4xxx/CVE-2016-4443.json
+++ b/2016/4xxx/CVE-2016-4443.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A flaw was found in RHEV Manager, where it wrote sensitive data to the engine-setup log file. A local attacker could exploit this flaw to view sensitive information such as encryption keys and certificates (which could then be used to steal other sensitive information such as passwords)."
+ "value": "Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file."
}
]
},
@@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Insertion of Sensitive Information into Log File",
- "cweId": "CWE-532"
+ "value": "n/a"
}
]
}
@@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "n/a",
"product": {
"product_data": [
{
- "product_name": "RHEV Manager version 3.6",
+ "product_name": "n/a",
"version": {
"version_data": [
{
- "version_value": "0:3.6.9.2-1",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -69,52 +68,11 @@
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1036863"
},
- {
- "url": "https://access.redhat.com/errata/RHSA-2016:1929",
- "refsource": "MISC",
- "name": "https://access.redhat.com/errata/RHSA-2016:1929"
- },
- {
- "url": "https://access.redhat.com/security/cve/CVE-2016-4443",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2016-4443"
- },
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335106",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1335106"
}
]
- },
- "credits": [
- {
- "lang": "en",
- "value": "This issue was discovered by Simone Tiraboschi (Red Hat)."
- }
- ],
- "impact": {
- "cvss": [
- {
- "accessComplexity": "LOW",
- "accessVector": "LOCAL",
- "authentication": "NONE",
- "availabilityImpact": "NONE",
- "availabilityRequirement": "NOT_DEFINED",
- "baseScore": 4.9,
- "collateralDamagePotential": "NOT_DEFINED",
- "confidentialityImpact": "COMPLETE",
- "confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 0,
- "exploitability": "NOT_DEFINED",
- "integrityImpact": "NONE",
- "integrityRequirement": "NOT_DEFINED",
- "remediationLevel": "NOT_DEFINED",
- "reportConfidence": "NOT_DEFINED",
- "targetDistribution": "NOT_DEFINED",
- "temporalScore": 0,
- "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
- "version": "2.0"
- }
- ]
}
}
\ No newline at end of file
diff --git a/2016/4xxx/CVE-2016-4453.json b/2016/4xxx/CVE-2016-4453.json
index 8b06c095cad..a66d6a402aa 100644
--- a/2016/4xxx/CVE-2016-4453.json
+++ b/2016/4xxx/CVE-2016-4453.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4453",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,47 +27,71 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "USN-3047-1",
- "refsource": "UBUNTU",
- "url": "http://www.ubuntu.com/usn/USN-3047-1"
+ "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html",
+ "refsource": "MISC",
+ "name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
- "name": "[qemu-devel] 20160530 [Qemu-devel] [PATCH 4/4] vmsvga: don't process more than 1024 fifo commands at once",
- "refsource": "MLIST",
- "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05270.html"
+ "url": "https://security.gentoo.org/glsa/201609-01",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/201609-01"
},
{
- "name": "GLSA-201609-01",
- "refsource": "GENTOO",
- "url": "https://security.gentoo.org/glsa/201609-01"
+ "url": "http://www.ubuntu.com/usn/USN-3047-1",
+ "refsource": "MISC",
+ "name": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
- "name": "USN-3047-2",
- "refsource": "UBUNTU",
- "url": "http://www.ubuntu.com/usn/USN-3047-2"
+ "url": "http://www.ubuntu.com/usn/USN-3047-2",
+ "refsource": "MISC",
+ "name": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1336650",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1336650"
+ "url": "http://www.openwall.com/lists/oss-security/2016/05/30/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2016/05/30/2"
},
{
- "name": "90928",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/90928"
+ "url": "http://www.securityfocus.com/bid/90928",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/90928"
},
{
- "name": "[oss-security] 20160530 CVE-2016-4453 Qemu: display: vmsvga: infinite loop in vmsvga_fifo_run() routine",
- "refsource": "MLIST",
- "url": "http://www.openwall.com/lists/oss-security/2016/05/30/2"
+ "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05270.html",
+ "refsource": "MISC",
+ "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05270.html"
},
{
- "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
- "refsource": "MLIST",
- "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1336650",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1336650"
}
]
}
diff --git a/2016/4xxx/CVE-2016-4454.json b/2016/4xxx/CVE-2016-4454.json
index b372d5af49e..bb5ebf7da7a 100644
--- a/2016/4xxx/CVE-2016-4454.json
+++ b/2016/4xxx/CVE-2016-4454.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4454",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,47 +27,71 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "USN-3047-1",
- "refsource": "UBUNTU",
- "url": "http://www.ubuntu.com/usn/USN-3047-1"
+ "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html",
+ "refsource": "MISC",
+ "name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
- "name": "[oss-security] 20160530 CVE-2016-4454 Qemu: display: vmsvga: out-of-bounds read in vmsvga_fifo_read_raw() routine",
- "refsource": "MLIST",
- "url": "http://www.openwall.com/lists/oss-security/2016/05/30/3"
+ "url": "https://security.gentoo.org/glsa/201609-01",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/201609-01"
},
{
- "name": "GLSA-201609-01",
- "refsource": "GENTOO",
- "url": "https://security.gentoo.org/glsa/201609-01"
+ "url": "http://www.ubuntu.com/usn/USN-3047-1",
+ "refsource": "MISC",
+ "name": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
- "name": "USN-3047-2",
- "refsource": "UBUNTU",
- "url": "http://www.ubuntu.com/usn/USN-3047-2"
+ "url": "http://www.ubuntu.com/usn/USN-3047-2",
+ "refsource": "MISC",
+ "name": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
- "name": "[qemu-devel] 20160530 [Qemu-devel] [PATCH 1/4] vmsvga: move fifo sanity checks to vmsvga_fifo_length",
- "refsource": "MLIST",
- "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html"
+ "url": "http://www.openwall.com/lists/oss-security/2016/05/30/3",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2016/05/30/3"
},
{
- "name": "90927",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/90927"
+ "url": "http://www.securityfocus.com/bid/90927",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/90927"
},
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1336429",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1336429"
+ "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html",
+ "refsource": "MISC",
+ "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html"
},
{
- "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
- "refsource": "MLIST",
- "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1336429",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1336429"
}
]
}
diff --git a/2016/4xxx/CVE-2016-4455.json b/2016/4xxx/CVE-2016-4455.json
index 2c0c2f93360..06aa87cf23f 100644
--- a/2016/4xxx/CVE-2016-4455.json
+++ b/2016/4xxx/CVE-2016-4455.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "It was found that subscription-manager set weak permissions on files in /var/lib/rhsm/, causing an information disclosure. A local, unprivileged user could use this flaw to access sensitive data that could potentially be used in a social engineering attack."
+ "value": "The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories."
}
]
},
@@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Incorrect Permission Assignment for Critical Resource",
- "cweId": "CWE-732"
+ "value": "n/a"
}
]
}
@@ -32,43 +31,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "n/a",
"product": {
"product_data": [
{
- "product_name": "Red Hat Enterprise Linux 6",
+ "product_name": "n/a",
"version": {
"version_data": [
{
- "version_value": "0:1.18.6-1.el6",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.18.10-1.el6",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.0.34-1.el6",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat Enterprise Linux 7",
- "version": {
- "version_data": [
- {
- "version_value": "0:1.17.9-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.17.15-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.0.31-1.el7",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -106,26 +78,6 @@
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1038083"
},
- {
- "url": "https://access.redhat.com/errata/RHSA-2016:2592",
- "refsource": "MISC",
- "name": "https://access.redhat.com/errata/RHSA-2016:2592"
- },
- {
- "url": "https://access.redhat.com/errata/RHSA-2017:0698",
- "refsource": "MISC",
- "name": "https://access.redhat.com/errata/RHSA-2017:0698"
- },
- {
- "url": "https://access.redhat.com/security/cve/CVE-2016-4455",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2016-4455"
- },
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340525",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1340525"
- },
{
"url": "https://github.com/candlepin/subscription-manager/blob/subscription-manager-1.17.7-1/subscription-manager.spec",
"refsource": "MISC",
@@ -135,51 +87,11 @@
"url": "https://github.com/candlepin/subscription-manager/commit/9dec31",
"refsource": "MISC",
"name": "https://github.com/candlepin/subscription-manager/commit/9dec31"
- }
- ]
- },
- "credits": [
- {
- "lang": "en",
- "value": "Red Hat would like to thank Robert Scheck for reporting this issue."
- }
- ],
- "impact": {
- "cvss": [
- {
- "accessComplexity": "LOW",
- "accessVector": "LOCAL",
- "authentication": "SINGLE",
- "availabilityImpact": "NONE",
- "availabilityRequirement": "NOT_DEFINED",
- "baseScore": 1.7,
- "collateralDamagePotential": "NOT_DEFINED",
- "confidentialityImpact": "PARTIAL",
- "confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 0,
- "exploitability": "NOT_DEFINED",
- "integrityImpact": "NONE",
- "integrityRequirement": "NOT_DEFINED",
- "remediationLevel": "NOT_DEFINED",
- "reportConfidence": "NOT_DEFINED",
- "targetDistribution": "NOT_DEFINED",
- "temporalScore": 0,
- "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N",
- "version": "2.0"
},
{
- "attackComplexity": "LOW",
- "attackVector": "LOCAL",
- "availabilityImpact": "NONE",
- "baseScore": 3.3,
- "baseSeverity": "LOW",
- "confidentialityImpact": "LOW",
- "integrityImpact": "NONE",
- "privilegesRequired": "LOW",
- "scope": "UNCHANGED",
- "userInteraction": "NONE",
- "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
- "version": "3.0"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340525",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1340525"
}
]
}
diff --git a/2016/4xxx/CVE-2016-4463.json b/2016/4xxx/CVE-2016-4463.json
index b4bee7e7a04..8bc78934ccc 100644
--- a/2016/4xxx/CVE-2016-4463.json
+++ b/2016/4xxx/CVE-2016-4463.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an application using Xerces-C by tricking it into processing specially crafted data."
+ "value": "Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD."
}
]
},
@@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Stack-based Buffer Overflow",
- "cweId": "CWE-121"
+ "value": "n/a"
}
]
}
@@ -32,38 +31,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "n/a",
"product": {
"product_data": [
{
- "product_name": "Red Hat Enterprise Linux 7",
+ "product_name": "n/a",
"version": {
"version_data": [
{
- "version_value": "0:3.1.1-9.el7",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support",
- "version": {
- "version_data": [
- {
- "version_value": "0:3.1.1-8.el7_4.1",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support",
- "version": {
- "version_data": [
- {
- "version_value": "0:3.1.1-8.el7_5.1",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -136,16 +113,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3514"
},
- {
- "url": "https://access.redhat.com/security/cve/CVE-2016-4463",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2016-4463"
- },
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348845",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1348845"
- },
{
"url": "https://issues.apache.org/jira/browse/XERCESC-2069",
"refsource": "MISC",
@@ -162,44 +129,5 @@
"name": "https://www.debian.org/security/2016/dsa-3610"
}
]
- },
- "impact": {
- "cvss": [
- {
- "accessComplexity": "MEDIUM",
- "accessVector": "NETWORK",
- "authentication": "NONE",
- "availabilityImpact": "PARTIAL",
- "availabilityRequirement": "NOT_DEFINED",
- "baseScore": 4.3,
- "collateralDamagePotential": "NOT_DEFINED",
- "confidentialityImpact": "NONE",
- "confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 0,
- "exploitability": "NOT_DEFINED",
- "integrityImpact": "NONE",
- "integrityRequirement": "NOT_DEFINED",
- "remediationLevel": "NOT_DEFINED",
- "reportConfidence": "NOT_DEFINED",
- "targetDistribution": "NOT_DEFINED",
- "temporalScore": 0,
- "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
- "version": "2.0"
- },
- {
- "attackComplexity": "HIGH",
- "attackVector": "LOCAL",
- "availabilityImpact": "HIGH",
- "baseScore": 4.7,
- "baseSeverity": "MEDIUM",
- "confidentialityImpact": "NONE",
- "integrityImpact": "NONE",
- "privilegesRequired": "NONE",
- "scope": "UNCHANGED",
- "userInteraction": "REQUIRED",
- "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "version": "3.0"
- }
- ]
}
}
\ No newline at end of file
diff --git a/2016/4xxx/CVE-2016-4474.json b/2016/4xxx/CVE-2016-4474.json
index 67ecb271f29..fd57cce7143 100644
--- a/2016/4xxx/CVE-2016-4474.json
+++ b/2016/4xxx/CVE-2016-4474.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4474",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,22 +27,46 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "RHSA-2016:1223",
- "refsource": "REDHAT",
- "url": "https://rhn.redhat.com/errata/RHSA-2016-1223.html"
+ "url": "http://rhn.redhat.com/errata/RHSA-2016-1222.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2016-1222.html"
},
{
- "name": "RHSA-2016:1222",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2016-1222.html"
+ "url": "https://access.redhat.com/security/vulnerabilities/2359821",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/vulnerabilities/2359821"
},
{
- "name": "https://access.redhat.com/security/vulnerabilities/2359821",
- "refsource": "CONFIRM",
- "url": "https://access.redhat.com/security/vulnerabilities/2359821"
+ "url": "https://rhn.redhat.com/errata/RHSA-2016-1223.html",
+ "refsource": "MISC",
+ "name": "https://rhn.redhat.com/errata/RHSA-2016-1223.html"
}
]
}
diff --git a/2016/4xxx/CVE-2016-4475.json b/2016/4xxx/CVE-2016-4475.json
index bcd79617439..fef66f8f462 100644
--- a/2016/4xxx/CVE-2016-4475.json
+++ b/2016/4xxx/CVE-2016-4475.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "It was found that the foreman API and UI actions and URLs are not properly limited to the organizations and locations they were assigned to. This could allow an attacker to view and update other organizations and locations in the system that they should not be allowed to."
+ "value": "The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors."
}
]
},
@@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Improper Access Control",
- "cweId": "CWE-284"
+ "value": "n/a"
}
]
}
@@ -32,99 +31,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "n/a",
"product": {
"product_data": [
{
- "product_name": "Red Hat Satellite 6.2 for RHEL 6",
+ "product_name": "n/a",
"version": {
"version_data": [
{
- "version_value": "0:1.11.0.51-1.el6sat",
- "version_affected": "!"
- },
- {
- "version_value": "1:1.11.0.10-1.el6sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.11.0.5-1.el6sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.8.3.4-1.el6sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:6.2.1-1.2.el6sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:5.0.0.9-1.el6sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.5-1.el6sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.22.25-1.el6sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.0.0.70-1.el6sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.2-1.el6sat",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat Satellite 6.2 for RHEL 7",
- "version": {
- "version_data": [
- {
- "version_value": "0:1.11.0.51-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "1:1.11.0.10-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.11.0.5-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.8.3.4-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:6.2.1-1.2.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:5.0.0.9-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.5-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.22.25-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.0.0.70-1.el7sat",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.2-1.el7sat",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -157,46 +73,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2016:1615"
},
- {
- "url": "https://access.redhat.com/security/cve/CVE-2016-4475",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2016-4475"
- },
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342439",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1342439"
- },
{
"url": "https://theforeman.org/security.html#2016-4475",
"refsource": "MISC",
"name": "https://theforeman.org/security.html#2016-4475"
}
]
- },
- "impact": {
- "cvss": [
- {
- "accessComplexity": "MEDIUM",
- "accessVector": "NETWORK",
- "authentication": "SINGLE",
- "availabilityImpact": "NONE",
- "availabilityRequirement": "NOT_DEFINED",
- "baseScore": 4.9,
- "collateralDamagePotential": "NOT_DEFINED",
- "confidentialityImpact": "PARTIAL",
- "confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 0,
- "exploitability": "NOT_DEFINED",
- "integrityImpact": "PARTIAL",
- "integrityRequirement": "NOT_DEFINED",
- "remediationLevel": "NOT_DEFINED",
- "reportConfidence": "NOT_DEFINED",
- "targetDistribution": "NOT_DEFINED",
- "temporalScore": 0,
- "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
- "version": "2.0"
- }
- ]
}
}
\ No newline at end of file
diff --git a/2016/4xxx/CVE-2016-4964.json b/2016/4xxx/CVE-2016-4964.json
index e2be274e365..404dc35a623 100644
--- a/2016/4xxx/CVE-2016-4964.json
+++ b/2016/4xxx/CVE-2016-4964.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4964",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,32 +27,56 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "[oss-security] 20160524 Re: CVE Request: Qemu: scsi: mptsas infinite loop in mptsas_fetch_requests",
- "refsource": "MLIST",
- "url": "http://www.openwall.com/lists/oss-security/2016/05/24/7"
+ "url": "https://security.gentoo.org/glsa/201609-01",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/201609-01"
},
{
- "name": "[qemu-devel] 20160524 [PATCH] scsi: mptsas: infinite loop while fetching requests",
- "refsource": "MLIST",
- "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04027.html"
+ "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=06630554ccbdd25780aa03c3548aaff1eb56dffd",
+ "refsource": "MISC",
+ "name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=06630554ccbdd25780aa03c3548aaff1eb56dffd"
},
{
- "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=06630554ccbdd25780aa03c3548aaff1eb56dffd",
- "refsource": "CONFIRM",
- "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=06630554ccbdd25780aa03c3548aaff1eb56dffd"
+ "url": "http://www.openwall.com/lists/oss-security/2016/05/24/4",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2016/05/24/4"
},
{
- "name": "[oss-security] 20160524 CVE Request: Qemu: scsi: mptsas infinite loop in mptsas_fetch_requests",
- "refsource": "MLIST",
- "url": "http://www.openwall.com/lists/oss-security/2016/05/24/4"
+ "url": "http://www.openwall.com/lists/oss-security/2016/05/24/7",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2016/05/24/7"
},
{
- "name": "GLSA-201609-01",
- "refsource": "GENTOO",
- "url": "https://security.gentoo.org/glsa/201609-01"
+ "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04027.html",
+ "refsource": "MISC",
+ "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04027.html"
}
]
}
diff --git a/2016/4xxx/CVE-2016-4973.json b/2016/4xxx/CVE-2016-4973.json
index bfb382e832d..e8b7303c934 100644
--- a/2016/4xxx/CVE-2016-4973.json
+++ b/2016/4xxx/CVE-2016-4973.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4973",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,22 +27,46 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1324759",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1324759"
+ "url": "http://www.openwall.com/lists/oss-security/2016/08/17/6",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2016/08/17/6"
},
{
- "name": "92530",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/92530"
+ "url": "http://www.securityfocus.com/bid/92530",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/92530"
},
{
- "name": "[oss-security] 20160817 CVE-2016-4973 gcc: Targets using libssp for SSP are missing -D_FORTIFY_SOURCE functionality",
- "refsource": "MLIST",
- "url": "http://www.openwall.com/lists/oss-security/2016/08/17/6"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1324759",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1324759"
}
]
}
diff --git a/2016/4xxx/CVE-2016-4974.json b/2016/4xxx/CVE-2016-4974.json
index 85a49afe6e7..632588ca597 100644
--- a/2016/4xxx/CVE-2016-4974.json
+++ b/2016/4xxx/CVE-2016-4974.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4974",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,42 +27,66 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "91537",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/91537"
- },
- {
- "name": "20160702 [SECURITY] CVE-2016-4974: Apache Qpid: deserialization of untrusted input while using JMS ObjectMessage",
- "refsource": "BUGTRAQ",
- "url": "http://www.securityfocus.com/archive/1/538813/100/0/threaded"
- },
- {
- "name": "https://issues.apache.org/jira/browse/QPIDJMS-188",
- "refsource": "CONFIRM",
- "url": "https://issues.apache.org/jira/browse/QPIDJMS-188"
- },
- {
- "name": "1036239",
- "refsource": "SECTRACK",
- "url": "http://www.securitytracker.com/id/1036239"
- },
- {
- "name": "http://qpid.apache.org/components/jms/security-0-x.html",
- "refsource": "CONFIRM",
- "url": "http://qpid.apache.org/components/jms/security-0-x.html"
- },
- {
- "name": "http://packetstormsecurity.com/files/137749/Apache-Qpid-Untrusted-Input-Deserialization.html",
+ "url": "http://packetstormsecurity.com/files/137749/Apache-Qpid-Untrusted-Input-Deserialization.html",
"refsource": "MISC",
- "url": "http://packetstormsecurity.com/files/137749/Apache-Qpid-Untrusted-Input-Deserialization.html"
+ "name": "http://packetstormsecurity.com/files/137749/Apache-Qpid-Untrusted-Input-Deserialization.html"
},
{
- "name": "http://qpid.apache.org/components/jms/security.html",
- "refsource": "CONFIRM",
- "url": "http://qpid.apache.org/components/jms/security.html"
+ "url": "http://qpid.apache.org/components/jms/security-0-x.html",
+ "refsource": "MISC",
+ "name": "http://qpid.apache.org/components/jms/security-0-x.html"
+ },
+ {
+ "url": "http://qpid.apache.org/components/jms/security.html",
+ "refsource": "MISC",
+ "name": "http://qpid.apache.org/components/jms/security.html"
+ },
+ {
+ "url": "http://www.securityfocus.com/archive/1/538813/100/0/threaded",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/archive/1/538813/100/0/threaded"
+ },
+ {
+ "url": "http://www.securityfocus.com/bid/91537",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/91537"
+ },
+ {
+ "url": "http://www.securitytracker.com/id/1036239",
+ "refsource": "MISC",
+ "name": "http://www.securitytracker.com/id/1036239"
+ },
+ {
+ "url": "https://issues.apache.org/jira/browse/QPIDJMS-188",
+ "refsource": "MISC",
+ "name": "https://issues.apache.org/jira/browse/QPIDJMS-188"
}
]
}
diff --git a/2016/4xxx/CVE-2016-4983.json b/2016/4xxx/CVE-2016-4983.json
index 9f07b175e91..c6830d3e237 100644
--- a/2016/4xxx/CVE-2016-4983.json
+++ b/2016/4xxx/CVE-2016-4983.json
@@ -1,12 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4983",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -39,40 +39,15 @@
"version": {
"version_data": [
{
+ "version_affected": "=",
"version_value": "dovecot22-2.2.25-3.1"
- }
- ]
- }
- }
- ]
- }
- },
- {
- "vendor_name": "Fedora",
- "product": {
- "product_data": [
- {
- "product_name": "dovecot22",
- "version": {
- "version_data": [
+ },
{
+ "version_affected": "=",
"version_value": "dovecot22-2.2.18-9.1"
- }
- ]
- }
- }
- ]
- }
- },
- {
- "vendor_name": "Fedora",
- "product": {
- "product_data": [
- {
- "product_name": "dovecot22",
- "version": {
- "version_data": [
+ },
{
+ "version_affected": "=",
"version_value": "dovecot22-2.2.13-3.7.1"
}
]
@@ -87,19 +62,19 @@
"references": {
"reference_data": [
{
+ "url": "http://lists.opensuse.org/opensuse-updates/2016-11/msg00096.html",
"refsource": "MISC",
- "name": "https://bugzilla.suse.com/show_bug.cgi?id=984639",
- "url": "https://bugzilla.suse.com/show_bug.cgi?id=984639"
+ "name": "http://lists.opensuse.org/opensuse-updates/2016-11/msg00096.html"
},
{
+ "url": "https://bugzilla.suse.com/show_bug.cgi?id=984639",
"refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1346055",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346055"
+ "name": "https://bugzilla.suse.com/show_bug.cgi?id=984639"
},
{
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346055",
"refsource": "MISC",
- "name": "http://lists.opensuse.org/opensuse-updates/2016-11/msg00096.html",
- "url": "http://lists.opensuse.org/opensuse-updates/2016-11/msg00096.html"
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1346055"
}
]
}
diff --git a/2016/4xxx/CVE-2016-4984.json b/2016/4xxx/CVE-2016-4984.json
index c073edb403f..5ea9c027d4f 100644
--- a/2016/4xxx/CVE-2016-4984.json
+++ b/2016/4xxx/CVE-2016-4984.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4984",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,12 +27,36 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1346120",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346120"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346120",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1346120"
}
]
}
diff --git a/2016/4xxx/CVE-2016-4985.json b/2016/4xxx/CVE-2016-4985.json
index 226cdbdc7ff..89e6cb92bff 100644
--- a/2016/4xxx/CVE-2016-4985.json
+++ b/2016/4xxx/CVE-2016-4985.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew (or was able to guess) the MAC address of a network card belonging to a node, the flaw could be exploited by sending a crafted POST request to the node's /v1/drivers/$DRIVER_NAME/vendor_passthru resource. The response included the node's full details, including management passwords, even if the /etc/ironic/policy.json file was configured to hide passwords in API responses."
+ "value": "The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource."
}
]
},
@@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Authentication Bypass by Spoofing",
- "cweId": "CWE-290"
+ "value": "n/a"
}
]
}
@@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "n/a",
"product": {
"product_data": [
{
- "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
+ "product_name": "n/a",
"version": {
"version_data": [
{
- "version_value": "0:2015.1.2-4.el7ost",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
- "version": {
- "version_data": [
- {
- "version_value": "1:4.2.5-1.el7ost",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -80,21 +68,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1378"
},
- {
- "url": "https://access.redhat.com/security/cve/CVE-2016-4985",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2016-4985"
- },
{
"url": "https://bugs.launchpad.net/ironic/+bug/1572796",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/ironic/+bug/1572796"
},
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346193",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1346193"
- },
{
"url": "https://review.openstack.org/332195",
"refsource": "MISC",
@@ -111,50 +89,5 @@
"name": "https://review.openstack.org/332197"
}
]
- },
- "credits": [
- {
- "lang": "en",
- "value": "Red Hat would like to thank the OpenStack Ironic project for reporting this issue. Upstream acknowledges Devananda van der Veen (IBM) as the original reporter."
- }
- ],
- "impact": {
- "cvss": [
- {
- "accessComplexity": "MEDIUM",
- "accessVector": "NETWORK",
- "authentication": "NONE",
- "availabilityImpact": "NONE",
- "availabilityRequirement": "NOT_DEFINED",
- "baseScore": 4.3,
- "collateralDamagePotential": "NOT_DEFINED",
- "confidentialityImpact": "PARTIAL",
- "confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 0,
- "exploitability": "NOT_DEFINED",
- "integrityImpact": "NONE",
- "integrityRequirement": "NOT_DEFINED",
- "remediationLevel": "NOT_DEFINED",
- "reportConfidence": "NOT_DEFINED",
- "targetDistribution": "NOT_DEFINED",
- "temporalScore": 0,
- "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
- "version": "2.0"
- },
- {
- "attackComplexity": "HIGH",
- "attackVector": "NETWORK",
- "availabilityImpact": "NONE",
- "baseScore": 5.9,
- "baseSeverity": "MEDIUM",
- "confidentialityImpact": "HIGH",
- "integrityImpact": "NONE",
- "privilegesRequired": "NONE",
- "scope": "UNCHANGED",
- "userInteraction": "NONE",
- "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "version": "3.0"
- }
- ]
}
}
\ No newline at end of file
diff --git a/2016/4xxx/CVE-2016-4993.json b/2016/4xxx/CVE-2016-4993.json
index 2940d2ded81..db40ba66e50 100644
--- a/2016/4xxx/CVE-2016-4993.json
+++ b/2016/4xxx/CVE-2016-4993.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4993",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,62 +27,86 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "RHSA-2016:1841",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2016-1841.html"
+ "url": "http://rhn.redhat.com/errata/RHSA-2016-1838.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2016-1838.html"
},
{
- "name": "92894",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/92894"
+ "url": "http://rhn.redhat.com/errata/RHSA-2016-1839.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2016-1839.html"
},
{
- "name": "RHSA-2017:3458",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:3458"
+ "url": "http://rhn.redhat.com/errata/RHSA-2016-1840.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2016-1840.html"
},
{
- "name": "1036758",
- "refsource": "SECTRACK",
- "url": "http://www.securitytracker.com/id/1036758"
+ "url": "http://rhn.redhat.com/errata/RHSA-2016-1841.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2016-1841.html"
},
{
- "name": "RHSA-2016:1838",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2016-1838.html"
+ "url": "http://www.securityfocus.com/bid/92894",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/92894"
},
{
- "name": "RHSA-2017:3455",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:3455"
+ "url": "http://www.securitytracker.com/id/1036758",
+ "refsource": "MISC",
+ "name": "http://www.securitytracker.com/id/1036758"
},
{
- "name": "RHSA-2017:3456",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:3456"
+ "url": "https://access.redhat.com/errata/RHSA-2017:3454",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1344321",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344321"
+ "url": "https://access.redhat.com/errata/RHSA-2017:3455",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
- "name": "RHSA-2017:3454",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:3454"
+ "url": "https://access.redhat.com/errata/RHSA-2017:3456",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
- "name": "RHSA-2016:1839",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2016-1839.html"
+ "url": "https://access.redhat.com/errata/RHSA-2017:3458",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
- "name": "RHSA-2016:1840",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2016-1840.html"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344321",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1344321"
}
]
}
diff --git a/2016/4xxx/CVE-2016-4994.json b/2016/4xxx/CVE-2016-4994.json
index 23818caec7e..2eafc3d7415 100644
--- a/2016/4xxx/CVE-2016-4994.json
+++ b/2016/4xxx/CVE-2016-4994.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "Multiple use-after-free vulnerabilities were found in GIMP in the channel and layer properties parsing process when loading XCF files. An attacker could create a specially crafted XCF file which could cause GIMP to crash."
+ "value": "Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file."
}
]
},
@@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Use After Free",
- "cweId": "CWE-416"
+ "value": "n/a"
}
]
}
@@ -32,20 +31,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "n/a",
"product": {
"product_data": [
{
- "product_name": "Red Hat Enterprise Linux 7",
+ "product_name": "n/a",
"version": {
"version_data": [
{
- "version_value": "2:2.8.16-3.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.8.2-1.el7",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -93,70 +88,16 @@
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3025-1"
},
- {
- "url": "https://access.redhat.com/errata/RHSA-2016:2589",
- "refsource": "MISC",
- "name": "https://access.redhat.com/errata/RHSA-2016:2589"
- },
- {
- "url": "https://access.redhat.com/security/cve/CVE-2016-4994",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2016-4994"
- },
{
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=767873",
"refsource": "MISC",
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=767873"
},
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348617",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1348617"
- },
{
"url": "https://git.gnome.org/browse/gimp/commit/?id=e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f",
"refsource": "MISC",
"name": "https://git.gnome.org/browse/gimp/commit/?id=e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f"
}
]
- },
- "impact": {
- "cvss": [
- {
- "accessComplexity": "HIGH",
- "accessVector": "NETWORK",
- "authentication": "NONE",
- "availabilityImpact": "PARTIAL",
- "availabilityRequirement": "NOT_DEFINED",
- "baseScore": 2.6,
- "collateralDamagePotential": "NOT_DEFINED",
- "confidentialityImpact": "NONE",
- "confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 0,
- "exploitability": "NOT_DEFINED",
- "integrityImpact": "NONE",
- "integrityRequirement": "NOT_DEFINED",
- "remediationLevel": "NOT_DEFINED",
- "reportConfidence": "NOT_DEFINED",
- "targetDistribution": "NOT_DEFINED",
- "temporalScore": 0,
- "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
- "version": "2.0"
- },
- {
- "attackComplexity": "HIGH",
- "attackVector": "LOCAL",
- "availabilityImpact": "LOW",
- "baseScore": 2.5,
- "baseSeverity": "LOW",
- "confidentialityImpact": "NONE",
- "integrityImpact": "NONE",
- "privilegesRequired": "NONE",
- "scope": "UNCHANGED",
- "userInteraction": "REQUIRED",
- "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
- "version": "3.0"
- }
- ]
}
}
\ No newline at end of file
diff --git a/2016/9xxx/CVE-2016-9588.json b/2016/9xxx/CVE-2016-9588.json
index e8555c42220..00659ad352c 100644
--- a/2016/9xxx/CVE-2016-9588.json
+++ b/2016/9xxx/CVE-2016-9588.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to an uncaught exception issue. It could occur if an L2 guest was to throw an exception which is not handled by an L1 guest."
+ "value": "arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest."
}
]
},
@@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Uncaught Exception",
- "cweId": "CWE-248"
+ "value": "n/a"
}
]
}
@@ -32,20 +31,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "n/a",
"product": {
"product_data": [
{
- "product_name": "Red Hat Enterprise Linux 7",
+ "product_name": "n/a",
"version": {
"version_data": [
{
- "version_value": "0:3.10.0-693.rt56.617.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.10.0-693.el7",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -88,16 +83,6 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94933"
},
- {
- "url": "https://access.redhat.com/security/cve/CVE-2016-9588",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2016-9588"
- },
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404924",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1404924"
- },
{
"url": "https://github.com/torvalds/linux/commit/ef85b67385436ddc1998f45f1d6a210f935b3388",
"refsource": "MISC",
@@ -112,45 +97,11 @@
"url": "https://usn.ubuntu.com/3822-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3822-2/"
- }
- ]
- },
- "impact": {
- "cvss": [
- {
- "accessComplexity": "LOW",
- "accessVector": "ADJACENT_NETWORK",
- "authentication": "NONE",
- "availabilityImpact": "PARTIAL",
- "availabilityRequirement": "NOT_DEFINED",
- "baseScore": 3.3,
- "collateralDamagePotential": "NOT_DEFINED",
- "confidentialityImpact": "NONE",
- "confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 0,
- "exploitability": "NOT_DEFINED",
- "integrityImpact": "NONE",
- "integrityRequirement": "NOT_DEFINED",
- "remediationLevel": "NOT_DEFINED",
- "reportConfidence": "NOT_DEFINED",
- "targetDistribution": "NOT_DEFINED",
- "temporalScore": 0,
- "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
- "version": "2.0"
},
{
- "attackComplexity": "LOW",
- "attackVector": "ADJACENT_NETWORK",
- "availabilityImpact": "LOW",
- "baseScore": 3.5,
- "baseSeverity": "LOW",
- "confidentialityImpact": "NONE",
- "integrityImpact": "NONE",
- "privilegesRequired": "LOW",
- "scope": "UNCHANGED",
- "userInteraction": "NONE",
- "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
- "version": "3.0"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404924",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1404924"
}
]
}
diff --git a/2016/9xxx/CVE-2016-9589.json b/2016/9xxx/CVE-2016-9589.json
index b2e1004e998..d8e96c1b033 100644
--- a/2016/9xxx/CVE-2016-9589.json
+++ b/2016/9xxx/CVE-2016-9589.json
@@ -1,36 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
- "DATE_PUBLIC": "2017-03-22T00:00:00",
"ID": "CVE-2016-9589",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "wildfly",
- "version": {
- "version_data": [
- {
- "version_value": "11.0.0.Beta1"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "Red Hat, Inc."
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -45,78 +21,103 @@
"description": [
{
"lang": "eng",
- "value": "CWE-400"
+ "value": "CWE-400",
+ "cweId": "CWE-400"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat, Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "wildfly",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "11.0.0.Beta1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "RHSA-2017:0831",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2017-0831.html"
+ "url": "https://access.redhat.com/errata/RHSA-2017:3454",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
- "name": "RHSA-2017:0876",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2017-0876.html"
+ "url": "https://access.redhat.com/errata/RHSA-2017:3455",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
- "name": "RHSA-2017:0834",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2017-0834.html"
+ "url": "https://access.redhat.com/errata/RHSA-2017:3456",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1404782",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404782"
+ "url": "https://access.redhat.com/errata/RHSA-2017:3458",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
- "name": "RHSA-2017:3458",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:3458"
+ "url": "http://rhn.redhat.com/errata/RHSA-2017-0830.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2017-0830.html"
},
{
- "name": "RHSA-2017:0832",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2017-0832.html"
+ "url": "http://rhn.redhat.com/errata/RHSA-2017-0831.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2017-0831.html"
},
{
- "name": "97060",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/97060"
+ "url": "http://rhn.redhat.com/errata/RHSA-2017-0832.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2017-0832.html"
},
{
- "name": "RHSA-2017:3455",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:3455"
+ "url": "http://rhn.redhat.com/errata/RHSA-2017-0834.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2017-0834.html"
},
{
- "name": "RHSA-2017:3456",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:3456"
+ "url": "http://rhn.redhat.com/errata/RHSA-2017-0876.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2017-0876.html"
},
{
- "name": "RHSA-2017:0873",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:0873"
+ "url": "http://www.securityfocus.com/bid/97060",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/97060"
},
{
- "name": "RHSA-2017:3454",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:3454"
+ "url": "https://access.redhat.com/errata/RHSA-2017:0872",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:0872"
},
{
- "name": "RHSA-2017:0830",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2017-0830.html"
+ "url": "https://access.redhat.com/errata/RHSA-2017:0873",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:0873"
},
{
- "name": "RHSA-2017:0872",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:0872"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404782",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1404782"
}
]
}
diff --git a/2016/9xxx/CVE-2016-9596.json b/2016/9xxx/CVE-2016-9596.json
index 349cfe68fb3..eed7cc283f6 100644
--- a/2016/9xxx/CVE-2016-9596.json
+++ b/2016/9xxx/CVE-2016-9596.json
@@ -1,40 +1,17 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9596",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627."
+ "value": "libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627."
}
]
},
@@ -50,12 +27,36 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1408302",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408302"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408302",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1408302"
}
]
}
diff --git a/2016/9xxx/CVE-2016-9598.json b/2016/9xxx/CVE-2016-9598.json
index 916a7bcbaed..0ddd2bee456 100644
--- a/2016/9xxx/CVE-2016-9598.json
+++ b/2016/9xxx/CVE-2016-9598.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9598",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,17 +27,41 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1408306",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408306"
+ "url": "https://access.redhat.com/errata/RHSA-2018:2486",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
- "name": "RHSA-2018:2486",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2018:2486"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408306",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1408306"
}
]
}
diff --git a/2016/9xxx/CVE-2016-9846.json b/2016/9xxx/CVE-2016-9846.json
index 9af4cb8449d..8e113d2e532 100644
--- a/2016/9xxx/CVE-2016-9846.json
+++ b/2016/9xxx/CVE-2016-9846.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9846",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,32 +27,56 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "[oss-security] 20161205 Re: CVE request Qemu: display: virtio-gpu: memory leakage while updating cursor",
- "refsource": "MLIST",
- "url": "http://www.openwall.com/lists/oss-security/2016/12/05/23"
+ "url": "https://security.gentoo.org/glsa/201701-49",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/201701-49"
},
{
- "name": "[oss-security] 20161205 CVE request Qemu: display: virtio-gpu: memory leakage while updating cursor",
- "refsource": "MLIST",
- "url": "http://www.openwall.com/lists/oss-security/2016/12/05/18"
+ "url": "http://www.openwall.com/lists/oss-security/2016/12/05/18",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2016/12/05/18"
},
{
- "name": "GLSA-201701-49",
- "refsource": "GENTOO",
- "url": "https://security.gentoo.org/glsa/201701-49"
+ "url": "http://www.openwall.com/lists/oss-security/2016/12/05/23",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2016/12/05/23"
},
{
- "name": "[qemu-devel] 20161101 [PATCH] virtio-gpu: fix memory leak in update_cursor_data_virgl",
- "refsource": "MLIST",
- "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html"
+ "url": "http://www.securityfocus.com/bid/94765",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/94765"
},
{
- "name": "94765",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/94765"
+ "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html",
+ "refsource": "MISC",
+ "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html"
}
]
}
diff --git a/2016/9xxx/CVE-2016-9908.json b/2016/9xxx/CVE-2016-9908.json
index 0a39190ab1c..1f79533f48a 100644
--- a/2016/9xxx/CVE-2016-9908.json
+++ b/2016/9xxx/CVE-2016-9908.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9908",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,22 +27,46 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "[oss-security] 20161208 Re: CVE request Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset",
- "refsource": "MLIST",
- "url": "http://www.openwall.com/lists/oss-security/2016/12/08/4"
+ "url": "https://security.gentoo.org/glsa/201701-49",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/201701-49"
},
{
- "name": "GLSA-201701-49",
- "refsource": "GENTOO",
- "url": "https://security.gentoo.org/glsa/201701-49"
+ "url": "http://www.openwall.com/lists/oss-security/2016/12/08/4",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2016/12/08/4"
},
{
- "name": "94761",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/94761"
+ "url": "http://www.securityfocus.com/bid/94761",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/94761"
}
]
}
diff --git a/2017/15xxx/CVE-2017-15108.json b/2017/15xxx/CVE-2017-15108.json
index 35fd89e6433..72c4726c6c8 100644
--- a/2017/15xxx/CVE-2017-15108.json
+++ b/2017/15xxx/CVE-2017-15108.json
@@ -1,36 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
- "DATE_PUBLIC": "2017-11-29T00:00:00",
"ID": "CVE-2017-15108",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "spice-vdagent",
- "version": {
- "version_data": [
- {
- "version_value": "up to and including 0.17.0"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "Red Hat, Inc."
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -45,28 +21,53 @@
"description": [
{
"lang": "eng",
- "value": "CWE-78"
+ "value": "CWE-78",
+ "cweId": "CWE-78"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat, Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "spice-vdagent",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "up to and including 0.17.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "GLSA-201804-09",
- "refsource": "GENTOO",
- "url": "https://security.gentoo.org/glsa/201804-09"
+ "url": "https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61",
+ "refsource": "MISC",
+ "name": "https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61"
},
{
- "name": "https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61",
- "refsource": "CONFIRM",
- "url": "https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61"
+ "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html",
+ "refsource": "MISC",
+ "name": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html"
},
{
- "refsource": "MLIST",
- "name": "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update",
- "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html"
+ "url": "https://security.gentoo.org/glsa/201804-09",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/201804-09"
}
]
}
diff --git a/2017/15xxx/CVE-2017-15114.json b/2017/15xxx/CVE-2017-15114.json
index ea02b6bcfbe..5192dec7717 100644
--- a/2017/15xxx/CVE-2017-15114.json
+++ b/2017/15xxx/CVE-2017-15114.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-15114",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,17 +27,41 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=994922a8ba996fe68d047df0e1486fa805dbea31",
- "refsource": "CONFIRM",
- "url": "https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=994922a8ba996fe68d047df0e1486fa805dbea31"
+ "url": "http://www.securityfocus.com/bid/101971",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/101971"
},
{
- "name": "101971",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/101971"
+ "url": "https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=994922a8ba996fe68d047df0e1486fa805dbea31",
+ "refsource": "MISC",
+ "name": "https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=994922a8ba996fe68d047df0e1486fa805dbea31"
}
]
}
diff --git a/2017/15xxx/CVE-2017-15115.json b/2017/15xxx/CVE-2017-15115.json
index ad1f3711472..ffe661a60d7 100644
--- a/2017/15xxx/CVE-2017-15115.json
+++ b/2017/15xxx/CVE-2017-15115.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-15115",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "Linux kernel before 4.14-rc6",
- "version": {
- "version_data": [
- {
- "version_value": "Linux kernel before 4.14-rc6"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -50,87 +27,111 @@
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Linux kernel before 4.14-rc6",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "Linux kernel before 4.14-rc6"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1513345",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1513345"
+ "url": "https://usn.ubuntu.com/3583-1/",
+ "refsource": "MISC",
+ "name": "https://usn.ubuntu.com/3583-1/"
},
{
- "name": "https://github.com/torvalds/linux/commit/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74",
- "refsource": "CONFIRM",
- "url": "https://github.com/torvalds/linux/commit/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74"
+ "url": "https://usn.ubuntu.com/3583-2/",
+ "refsource": "MISC",
+ "name": "https://usn.ubuntu.com/3583-2/"
},
{
- "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
- "refsource": "MLIST",
- "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
+ "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df80cd9b28b9ebaa284a41df611dbf3a2d05ca74",
+ "refsource": "MISC",
+ "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df80cd9b28b9ebaa284a41df611dbf3a2d05ca74"
},
{
- "name": "USN-3583-2",
- "refsource": "UBUNTU",
- "url": "https://usn.ubuntu.com/3583-2/"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
- "name": "SUSE-SU-2018:0011",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
+ "url": "http://seclists.org/oss-sec/2017/q4/282",
+ "refsource": "MISC",
+ "name": "http://seclists.org/oss-sec/2017/q4/282"
},
{
- "name": "https://patchwork.ozlabs.org/patch/827077/",
- "refsource": "CONFIRM",
- "url": "https://patchwork.ozlabs.org/patch/827077/"
+ "url": "http://www.securityfocus.com/bid/101877",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/101877"
},
{
- "name": "USN-3582-1",
- "refsource": "UBUNTU",
- "url": "https://usn.ubuntu.com/3582-1/"
+ "url": "https://github.com/torvalds/linux/commit/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74",
+ "refsource": "MISC",
+ "name": "https://github.com/torvalds/linux/commit/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74"
},
{
- "name": "https://source.android.com/security/bulletin/pixel/2018-04-01",
- "refsource": "CONFIRM",
- "url": "https://source.android.com/security/bulletin/pixel/2018-04-01"
+ "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html",
+ "refsource": "MISC",
+ "name": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
- "name": "USN-3583-1",
- "refsource": "UBUNTU",
- "url": "https://usn.ubuntu.com/3583-1/"
+ "url": "https://patchwork.ozlabs.org/patch/827077/",
+ "refsource": "MISC",
+ "name": "https://patchwork.ozlabs.org/patch/827077/"
},
{
- "name": "101877",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/101877"
+ "url": "https://source.android.com/security/bulletin/pixel/2018-04-01",
+ "refsource": "MISC",
+ "name": "https://source.android.com/security/bulletin/pixel/2018-04-01"
},
{
- "name": "USN-3581-1",
- "refsource": "UBUNTU",
- "url": "https://usn.ubuntu.com/3581-1/"
+ "url": "https://usn.ubuntu.com/3581-1/",
+ "refsource": "MISC",
+ "name": "https://usn.ubuntu.com/3581-1/"
},
{
- "name": "USN-3581-3",
- "refsource": "UBUNTU",
- "url": "https://usn.ubuntu.com/3581-3/"
+ "url": "https://usn.ubuntu.com/3581-2/",
+ "refsource": "MISC",
+ "name": "https://usn.ubuntu.com/3581-2/"
},
{
- "name": "USN-3581-2",
- "refsource": "UBUNTU",
- "url": "https://usn.ubuntu.com/3581-2/"
+ "url": "https://usn.ubuntu.com/3581-3/",
+ "refsource": "MISC",
+ "name": "https://usn.ubuntu.com/3581-3/"
},
{
- "name": "http://seclists.org/oss-sec/2017/q4/282",
- "refsource": "CONFIRM",
- "url": "http://seclists.org/oss-sec/2017/q4/282"
+ "url": "https://usn.ubuntu.com/3582-1/",
+ "refsource": "MISC",
+ "name": "https://usn.ubuntu.com/3582-1/"
},
{
- "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df80cd9b28b9ebaa284a41df611dbf3a2d05ca74",
- "refsource": "CONFIRM",
- "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df80cd9b28b9ebaa284a41df611dbf3a2d05ca74"
+ "url": "https://usn.ubuntu.com/3582-2/",
+ "refsource": "MISC",
+ "name": "https://usn.ubuntu.com/3582-2/"
},
{
- "name": "USN-3582-2",
- "refsource": "UBUNTU",
- "url": "https://usn.ubuntu.com/3582-2/"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1513345",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1513345"
}
]
}
diff --git a/2017/15xxx/CVE-2017-15116.json b/2017/15xxx/CVE-2017-15116.json
index 88c85333f75..fb22d70b6f5 100644
--- a/2017/15xxx/CVE-2017-15116.json
+++ b/2017/15xxx/CVE-2017-15116.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A flaw was found in the Linux kernel's random number generator API. A null pointer dereference in the rngapi_reset function may result in denial of service, crashing the system."
+ "value": "The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference)."
}
]
},
@@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
- "cweId": "CWE-119"
+ "value": "null pointer dereference"
}
]
}
@@ -32,20 +31,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "n/a",
"product": {
"product_data": [
{
- "product_name": "Red Hat Enterprise Linux 7",
+ "product_name": "Linux kernel",
"version": {
"version_data": [
{
- "version_value": "0:3.10.0-862.rt56.804.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.10.0-862.el7",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "Linux kernel"
}
]
}
@@ -73,49 +68,20 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1062"
},
- {
- "url": "https://access.redhat.com/security/cve/CVE-2017-15116",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2017-15116"
- },
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1485815",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1485815"
},
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1514609",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1514609"
- },
{
"url": "https://github.com/torvalds/linux/commit/94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6"
- }
- ]
- },
- "credits": [
- {
- "lang": "en",
- "value": "This issue was discovered by ChunYu Wang (Red Hat)."
- }
- ],
- "impact": {
- "cvss": [
+ },
{
- "attackComplexity": "LOW",
- "attackVector": "LOCAL",
- "availabilityImpact": "LOW",
- "baseScore": 3.3,
- "baseSeverity": "LOW",
- "confidentialityImpact": "NONE",
- "integrityImpact": "NONE",
- "privilegesRequired": "LOW",
- "scope": "UNCHANGED",
- "userInteraction": "NONE",
- "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
- "version": "3.0"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1514609",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1514609"
}
]
}
diff --git a/2017/15xxx/CVE-2017-15121.json b/2017/15xxx/CVE-2017-15121.json
index cc81826c1d6..db0a38fcd04 100644
--- a/2017/15xxx/CVE-2017-15121.json
+++ b/2017/15xxx/CVE-2017-15121.json
@@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Improper Input Validation",
+ "value": "CWE-20",
"cweId": "CWE-20"
}
]
@@ -32,31 +32,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
- "product_name": "Red Hat Enterprise Linux 6",
+ "product_name": "Red Hat Enterprise Linux",
"version": {
"version_data": [
{
- "version_value": "0:2.6.32-754.el6",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat Enterprise Linux 7",
- "version": {
- "version_data": [
- {
- "version_value": "0:3.10.0-862.rt56.804.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.10.0-862.el7",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "6, 7"
}
]
}
@@ -90,43 +75,14 @@
"name": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
- "url": "https://access.redhat.com/security/cve/CVE-2017-15121",
+ "url": "https://support.f5.com/csp/article/K42142782?utm_source=f5support&%3Butm_medium=RSS",
"refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2017-15121"
+ "name": "https://support.f5.com/csp/article/K42142782?utm_source=f5support&%3Butm_medium=RSS"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1520893",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1520893"
- },
- {
- "url": "https://support.f5.com/csp/article/K42142782?utm_source=f5support&%3Butm_medium=RSS",
- "refsource": "MISC",
- "name": "https://support.f5.com/csp/article/K42142782?utm_source=f5support&%3Butm_medium=RSS"
- }
- ]
- },
- "credits": [
- {
- "lang": "en",
- "value": "This issue was discovered by Miklos Szeredi (Red Hat)."
- }
- ],
- "impact": {
- "cvss": [
- {
- "attackComplexity": "LOW",
- "attackVector": "LOCAL",
- "availabilityImpact": "HIGH",
- "baseScore": 5.5,
- "baseSeverity": "MEDIUM",
- "confidentialityImpact": "NONE",
- "integrityImpact": "NONE",
- "privilegesRequired": "LOW",
- "scope": "UNCHANGED",
- "userInteraction": "NONE",
- "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
- "version": "3.0"
}
]
}
diff --git a/2017/15xxx/CVE-2017-15123.json b/2017/15xxx/CVE-2017-15123.json
index 667e29eeb58..ff8003617a2 100644
--- a/2017/15xxx/CVE-2017-15123.json
+++ b/2017/15xxx/CVE-2017-15123.json
@@ -1,12 +1,33 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-15123",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-306",
+ "cweId": "CWE-306"
+ }
+ ]
+ }
+ ]
+ },
"affects": {
"vendor": {
"vendor_data": [
@@ -19,6 +40,7 @@
"version": {
"version_data": [
{
+ "version_affected": "=",
"version_value": "5.8 - 5.10"
}
]
@@ -30,53 +52,41 @@
]
}
},
- "problemtype": {
- "problemtype_data": [
- {
- "description": [
- {
- "lang": "eng",
- "value": "CWE-306"
- }
- ]
- }
- ]
- },
"references": {
"reference_data": [
{
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123",
- "refsource": "CONFIRM"
- },
- {
- "refsource": "BID",
- "name": "108690",
- "url": "http://www.securityfocus.com/bid/108690"
- },
- {
+ "url": "http://www.securityfocus.com/bid/108690",
"refsource": "MISC",
- "name": "https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/",
- "url": "https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/"
- }
- ]
- },
- "description": {
- "description_data": [
+ "name": "http://www.securityfocus.com/bid/108690"
+ },
{
- "lang": "eng",
- "value": "A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines."
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123"
+ },
+ {
+ "url": "https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/",
+ "refsource": "MISC",
+ "name": "https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/"
}
]
},
"impact": {
"cvss": [
- [
- {
- "vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
- "version": "3.0"
- }
- ]
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "version": "3.0"
+ }
]
}
}
\ No newline at end of file
diff --git a/2017/15xxx/CVE-2017-15124.json b/2017/15xxx/CVE-2017-15124.json
index c508f42da2b..cd76c7448f8 100644
--- a/2017/15xxx/CVE-2017-15124.json
+++ b/2017/15xxx/CVE-2017-15124.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "VNC server implementation in Quick Emulator (QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host."
+ "value": "VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host."
}
]
},
@@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Allocation of Resources Without Limits or Throttling",
+ "value": "CWE-770",
"cweId": "CWE-770"
}
]
@@ -32,86 +32,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "QEMU",
"product": {
"product_data": [
{
- "product_name": "Red Hat Enterprise Linux 7",
+ "product_name": "Qemu",
"version": {
"version_data": [
{
- "version_value": "10:1.5.3-156.el7",
- "version_affected": "!"
- },
- {
- "version_value": "10:2.12.0-18.el7",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
- "version": {
- "version_data": [
- {
- "version_value": "10:2.10.0-21.el7",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat OpenStack Platform 11.0 (Ocata)",
- "version": {
- "version_data": [
- {
- "version_value": "10:2.10.0-21.el7",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat OpenStack Platform 12.0 (Pike)",
- "version": {
- "version_data": [
- {
- "version_value": "10:2.10.0-21.el7",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
- "version": {
- "version_data": [
- {
- "version_value": "10:2.10.0-21.el7",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
- "version": {
- "version_data": [
- {
- "version_value": "10:2.10.0-21.el7",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
- "version": {
- "version_data": [
- {
- "version_value": "10:2.10.0-21.el7",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "2.11.0 and older"
}
]
}
@@ -149,16 +79,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3062"
},
- {
- "url": "https://access.redhat.com/security/cve/CVE-2017-15124",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2017-15124"
- },
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
- },
{
"url": "https://usn.ubuntu.com/3575-1/",
"refsource": "MISC",
@@ -168,51 +88,11 @@
"url": "https://www.debian.org/security/2018/dsa-4213",
"refsource": "MISC",
"name": "https://www.debian.org/security/2018/dsa-4213"
- }
- ]
- },
- "credits": [
- {
- "lang": "en",
- "value": "This issue was discovered by Daniel Berrange (Red Hat)."
- }
- ],
- "impact": {
- "cvss": [
- {
- "accessComplexity": "HIGH",
- "accessVector": "NETWORK",
- "authentication": "SINGLE",
- "availabilityImpact": "PARTIAL",
- "availabilityRequirement": "NOT_DEFINED",
- "baseScore": 2.1,
- "collateralDamagePotential": "NOT_DEFINED",
- "confidentialityImpact": "NONE",
- "confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 0,
- "exploitability": "NOT_DEFINED",
- "integrityImpact": "NONE",
- "integrityRequirement": "NOT_DEFINED",
- "remediationLevel": "NOT_DEFINED",
- "reportConfidence": "NOT_DEFINED",
- "targetDistribution": "NOT_DEFINED",
- "temporalScore": 0,
- "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P",
- "version": "2.0"
},
{
- "attackComplexity": "HIGH",
- "attackVector": "NETWORK",
- "availabilityImpact": "LOW",
- "baseScore": 3.5,
- "baseSeverity": "LOW",
- "confidentialityImpact": "NONE",
- "integrityImpact": "NONE",
- "privilegesRequired": "LOW",
- "scope": "CHANGED",
- "userInteraction": "NONE",
- "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
- "version": "3.0"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
}
]
}
diff --git a/2017/15xxx/CVE-2017-15126.json b/2017/15xxx/CVE-2017-15126.json
index 385f22acc0b..e157b315189 100644
--- a/2017/15xxx/CVE-2017-15126.json
+++ b/2017/15xxx/CVE-2017-15126.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A flaw was found in the Linux kernel's handling of fork failure when dealing with event messages in the userfaultfd code. Failure to fork correctly can create a fork event that will be removed from an already freed list of events."
+ "value": "A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd_ctx_put()."
}
]
},
@@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
+ "value": "CWE-119",
"cweId": "CWE-119"
}
]
@@ -32,20 +32,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "n/a",
"product": {
"product_data": [
{
- "product_name": "Red Hat Enterprise Linux 7",
+ "product_name": "Linux Kernel before 4.13.6",
"version": {
"version_data": [
{
- "version_value": "0:3.10.0-862.rt56.804.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.10.0-862.el7",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "Linux Kernel before 4.13.6"
}
]
}
@@ -83,11 +79,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-15126"
},
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523481",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1523481"
- },
{
"url": "https://github.com/torvalds/linux/commit/384632e67e0829deb8015ee6ad916b180049d252",
"refsource": "MISC",
@@ -97,30 +88,11 @@
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6",
"refsource": "MISC",
"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6"
- }
- ]
- },
- "credits": [
- {
- "lang": "en",
- "value": "This issue was discovered by Andrea Arcangeli (Red Hat Engineering)."
- }
- ],
- "impact": {
- "cvss": [
+ },
{
- "attackComplexity": "HIGH",
- "attackVector": "LOCAL",
- "availabilityImpact": "HIGH",
- "baseScore": 7,
- "baseSeverity": "HIGH",
- "confidentialityImpact": "HIGH",
- "integrityImpact": "HIGH",
- "privilegesRequired": "LOW",
- "scope": "UNCHANGED",
- "userInteraction": "NONE",
- "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "version": "3.0"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523481",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1523481"
}
]
}
diff --git a/2017/15xxx/CVE-2017-15127.json b/2017/15xxx/CVE-2017-15127.json
index b97535be647..e61f93a8fa8 100644
--- a/2017/15xxx/CVE-2017-15127.json
+++ b/2017/15xxx/CVE-2017-15127.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A flaw was found in the Linux kernel when freeing pages in hugetlbfs. This could trigger a local denial of service by crashing the kernel."
+ "value": "A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG)."
}
]
},
@@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Improper Cleanup on Thrown Exception",
+ "value": "CWE-460",
"cweId": "CWE-460"
}
]
@@ -32,20 +32,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "n/a",
"product": {
"product_data": [
{
- "product_name": "Red Hat Enterprise Linux 7",
+ "product_name": "Linux kernel before 4.13",
"version": {
"version_data": [
{
- "version_value": "0:3.10.0-862.rt56.804.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.10.0-862.el7",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "Linux kernel before 4.13"
}
]
}
@@ -83,33 +79,15 @@
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-15127"
},
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525218",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525218"
- },
{
"url": "https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995"
- }
- ]
- },
- "impact": {
- "cvss": [
+ },
{
- "attackComplexity": "HIGH",
- "attackVector": "LOCAL",
- "availabilityImpact": "HIGH",
- "baseScore": 4.7,
- "baseSeverity": "MEDIUM",
- "confidentialityImpact": "NONE",
- "integrityImpact": "NONE",
- "privilegesRequired": "LOW",
- "scope": "UNCHANGED",
- "userInteraction": "NONE",
- "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
- "version": "3.0"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525218",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525218"
}
]
}
diff --git a/2017/15xxx/CVE-2017-15128.json b/2017/15xxx/CVE-2017-15128.json
index 91b44a96be4..2d17c1af262 100644
--- a/2017/15xxx/CVE-2017-15128.json
+++ b/2017/15xxx/CVE-2017-15128.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-15128",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "Linux kernel before 4.13.12",
- "version": {
- "version_data": [
- {
- "version_value": "Linux kernel before 4.13.12"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -44,38 +21,63 @@
"description": [
{
"lang": "eng",
- "value": "CWE-119"
+ "value": "CWE-119",
+ "cweId": "CWE-119"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Linux kernel before 4.13.12",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "Linux kernel before 4.13.12"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12",
+ "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e3921471354244f70fe268586ff94a97a6dd4df",
"refsource": "MISC",
- "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12"
+ "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e3921471354244f70fe268586ff94a97a6dd4df"
},
{
- "name": "https://access.redhat.com/security/cve/CVE-2017-15128",
+ "url": "https://access.redhat.com/security/cve/CVE-2017-15128",
"refsource": "MISC",
- "url": "https://access.redhat.com/security/cve/CVE-2017-15128"
+ "name": "https://access.redhat.com/security/cve/CVE-2017-15128"
},
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525222",
+ "url": "https://github.com/torvalds/linux/commit/1e3921471354244f70fe268586ff94a97a6dd4df",
"refsource": "MISC",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525222"
+ "name": "https://github.com/torvalds/linux/commit/1e3921471354244f70fe268586ff94a97a6dd4df"
},
{
- "name": "https://github.com/torvalds/linux/commit/1e3921471354244f70fe268586ff94a97a6dd4df",
+ "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12",
"refsource": "MISC",
- "url": "https://github.com/torvalds/linux/commit/1e3921471354244f70fe268586ff94a97a6dd4df"
+ "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12"
},
{
- "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e3921471354244f70fe268586ff94a97a6dd4df",
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525222",
"refsource": "MISC",
- "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e3921471354244f70fe268586ff94a97a6dd4df"
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525222"
}
]
}
diff --git a/2017/15xxx/CVE-2017-15129.json b/2017/15xxx/CVE-2017-15129.json
index 3cfe8729920..70dc54125a8 100644
--- a/2017/15xxx/CVE-2017-15129.json
+++ b/2017/15xxx/CVE-2017-15129.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A use-after-free vulnerability was found in a network namespaces code affecting the Linux kernel since v4.0-rc1 through v4.15-rc5. The function get_net_ns_by_id() does not check for the net::count value after it has found a peer network in netns_ids idr which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely."
+ "value": "A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely."
}
]
},
@@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
+ "value": "CWE-362",
"cweId": "CWE-362"
}
]
@@ -32,35 +32,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "n/a",
"product": {
"product_data": [
{
- "product_name": "Red Hat Enterprise Linux 7",
+ "product_name": "Linux kernel v4.0-rc1 through v4.15-rc5",
"version": {
"version_data": [
{
- "version_value": "0:3.10.0-862.rt56.804.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:4.14.0-49.el7a",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.10.0-862.el7",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support",
- "version": {
- "version_data": [
- {
- "version_value": "0:3.10.0-693.55.1.el7",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "Linux kernel v4.0-rc1 through v4.15-rc5"
}
]
}
@@ -113,11 +94,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-15129"
},
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531174",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1531174"
- },
{
"url": "https://github.com/torvalds/linux/commit/21b5944350052d2583e82dd59b19a9ba94a007f0",
"refsource": "MISC",
@@ -167,30 +143,11 @@
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11",
"refsource": "MISC",
"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11"
- }
- ]
- },
- "credits": [
- {
- "lang": "en",
- "value": "Red Hat would like to thank Kirill Tkhai for reporting this issue."
- }
- ],
- "impact": {
- "cvss": [
+ },
{
- "attackComplexity": "LOW",
- "attackVector": "LOCAL",
- "availabilityImpact": "HIGH",
- "baseScore": 6.1,
- "baseSeverity": "MEDIUM",
- "confidentialityImpact": "NONE",
- "integrityImpact": "LOW",
- "privilegesRequired": "LOW",
- "scope": "UNCHANGED",
- "userInteraction": "NONE",
- "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
- "version": "3.0"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531174",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1531174"
}
]
}
diff --git a/2017/15xxx/CVE-2017-15131.json b/2017/15xxx/CVE-2017-15131.json
index d4e90658020..3cce9c429ca 100644
--- a/2017/15xxx/CVE-2017-15131.json
+++ b/2017/15xxx/CVE-2017-15131.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users."
+ "value": "It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux."
}
]
},
@@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
- "value": "Incorrect Privilege Assignment",
- "cweId": "CWE-266"
+ "value": "CWE-284",
+ "cweId": "CWE-284"
}
]
}
@@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
- "product_name": "Red Hat Enterprise Linux 7",
+ "product_name": "RHEL shipped xdg-user-dirs and gnome-session",
"version": {
"version_data": [
{
- "version_value": "0:0.15-5.el7",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "before 0.15-5"
}
]
}
@@ -59,44 +59,16 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0842"
},
- {
- "url": "https://access.redhat.com/security/cve/CVE-2017-15131",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2017-15131"
- },
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412762",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1412762"
},
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455094",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1455094"
- },
{
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
]
- },
- "impact": {
- "cvss": [
- {
- "attackComplexity": "LOW",
- "attackVector": "LOCAL",
- "availabilityImpact": "NONE",
- "baseScore": 3.3,
- "baseSeverity": "LOW",
- "confidentialityImpact": "LOW",
- "integrityImpact": "NONE",
- "privilegesRequired": "LOW",
- "scope": "UNCHANGED",
- "userInteraction": "NONE",
- "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
- "version": "3.0"
- }
- ]
}
}
\ No newline at end of file
diff --git a/2017/15xxx/CVE-2017-15135.json b/2017/15xxx/CVE-2017-15135.json
index e6a5eb2d508..6954f76ec1d 100644
--- a/2017/15xxx/CVE-2017-15135.json
+++ b/2017/15xxx/CVE-2017-15135.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "It was found that 389-ds-base did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances."
+ "value": "It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances."
}
]
},
@@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Improper Authentication",
+ "value": "CWE-287",
"cweId": "CWE-287"
}
]
@@ -32,27 +32,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
- "product_name": "Red Hat Enterprise Linux 6",
+ "product_name": "389-ds-base",
"version": {
"version_data": [
{
- "version_value": "0:1.2.11.15-94.el6_9",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat Enterprise Linux 7",
- "version": {
- "version_data": [
- {
- "version_value": "0:1.3.6.1-28.el7_4",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "since 1.3.6.1 up to and including 1.4.0.3"
}
]
}
@@ -85,40 +74,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0515"
},
- {
- "url": "https://access.redhat.com/security/cve/CVE-2017-15135",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2017-15135"
- },
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525628",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525628"
}
]
- },
- "credits": [
- {
- "lang": "en",
- "value": "This issue was discovered by Martin Poole (Red Hat)."
- }
- ],
- "impact": {
- "cvss": [
- {
- "attackComplexity": "HIGH",
- "attackVector": "NETWORK",
- "availabilityImpact": "LOW",
- "baseScore": 4.6,
- "baseSeverity": "MEDIUM",
- "confidentialityImpact": "LOW",
- "integrityImpact": "LOW",
- "privilegesRequired": "LOW",
- "scope": "UNCHANGED",
- "userInteraction": "REQUIRED",
- "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
- "version": "3.0"
- }
- ]
}
}
\ No newline at end of file
diff --git a/2017/15xxx/CVE-2017-15136.json b/2017/15xxx/CVE-2017-15136.json
index 7e8d3f8bdcf..8772583984a 100644
--- a/2017/15xxx/CVE-2017-15136.json
+++ b/2017/15xxx/CVE-2017-15136.json
@@ -1,36 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
- "DATE_PUBLIC": "2018-01-30T00:00:00",
"ID": "CVE-2017-15136",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "Satellite 6",
- "version": {
- "version_data": [
- {
- "version_value": "6.3.0"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "Red Hat, Inc."
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -45,23 +21,48 @@
"description": [
{
"lang": "eng",
- "value": "CWE-20"
+ "value": "CWE-20",
+ "cweId": "CWE-20"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat, Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Satellite 6",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "6.3.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "103210",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/103210"
+ "url": "http://www.securityfocus.com/bid/103210",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/103210"
},
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1540343",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1540343"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1540343",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1540343"
}
]
}
diff --git a/2017/15xxx/CVE-2017-15137.json b/2017/15xxx/CVE-2017-15137.json
index 9252be7c210..0daf1425720 100644
--- a/2017/15xxx/CVE-2017-15137.json
+++ b/2017/15xxx/CVE-2017-15137.json
@@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Improper Input Validation",
+ "value": "CWE-20",
"cweId": "CWE-20"
}
]
@@ -32,1336 +32,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
- "product_name": "Red Hat OpenShift Container Platform 3.9",
+ "product_name": "atomic-openshift",
"version": {
"version_data": [
{
- "version_value": "0:0.1.1-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.4.0-8.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.1.16-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.1.15-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.1.5-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.9.14-1.git.0.4efa2ca.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.9.14-1.git.349.1018739.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.9.14-1.git.229.04c20c2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:160-3.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.5.2-5.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.9.10-1.git8723732.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.0-2.alpha.0.git653cc8c.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.1.3-12.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.5.0-2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.4.4-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.4.4.01_redhat_1-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.12.42-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.1-2.git885c9f40.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0-2.gitceca8c1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.14.0-1.git30af4d0.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.15.2-2.git98bc649.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.1.0-1.git85f23d8.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0-2.git85ceabc.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:183.0.0-3.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.8.1-5.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.2.2-2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.3.0-3.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.7.1-4.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.1.2-2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.89.4.1519670652-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.651.2-2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.9.1519779801-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.1-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.3-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.1.2-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.7-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.1-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.0-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.2.0-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.0.9-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:6.0.4-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.1.13-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.11-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.0-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.6-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.13-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.0.4-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.3.0-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.4.5-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.27.0-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.85-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.0.5-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.7-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.1.1-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.0.3-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.7.3-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.2.1-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.20-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.11-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.9.0-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.5-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.10-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.59-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.1.2.9-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.6-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.9.6-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.12-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.47-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.24-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.1-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.3-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.7-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.3.1-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.1.4-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.1.1-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.6-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.2-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.3.0-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.4-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.8-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.1.1-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.29-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.15-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.6-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.7.2-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.1-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.1-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.13-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.4-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.30-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.8-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.11-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.10-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.14-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.9-10.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:4.6.4-4.el7",
- "version_affected": "!"
- },
- {
- "version_value": "1:1.7.5-3.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.1.10-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.23.13-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.1.7-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.2-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:4.7.2-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.7-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.3.3-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.3-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.4-5.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.0.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.1.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.3-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.1.1-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.0.3-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.11-4.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.4-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.4.2-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.5.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.2.1-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.4-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.0-3.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.10.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.14.1-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.8.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.2.1-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.0-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.11.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.1-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.1.1-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.7.0-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.1.0-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.10.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.1.2-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.5-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.8.1-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.1-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.4.7-3.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.1-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.2.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.5.0-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.6-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.0.5-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.5.3-3.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.2.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.1.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.7.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.7.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.4.14-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.2-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:4.13.3-4.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.0.0-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.4.0-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.3.0-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.6.1-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.0-rc3.1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.3.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.2.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:5.0.15-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:4.1.2-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.4.5-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.13-3.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.7.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.8.2-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.2-3.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.1-3.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.2.0-3.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.8.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.7-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.1.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.14.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.2.3-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.3.1-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.11.2-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.4.13-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.4.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.4-6.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.0.1-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.2-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.1-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.12.2-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:5.0.1-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.4.3-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.0.2-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.5.3-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.10.1-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:4.0.2-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.0.0-3.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.3.4-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.23.0-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.1.11-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.0.2-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.2.0-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.6.1-3.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.7.1-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.6.1-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.4.7-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.0.4-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.9.13-3.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.8.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:4.0.1-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.3.2-5.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.3.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.4.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:7-5.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.1-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.3.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.2.2-4.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.1.2-4.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.0-4.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.2.1-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.2.0-2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.1-3.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:7.1.1-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.8-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.2-2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:5.2.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.1.4-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.0.2-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.0.0-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.5.2-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.61.0-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.1-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.1.6-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.3-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.4.4-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.13.0-3.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.10.0-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.9-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.33-3.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.2.1-3.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.10.31-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.4-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.0.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.1.1-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.3.1-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.4.1-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.6-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.6.9-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.3-3.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.2.2-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.1-4.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:4.0.0-4.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.0.0-2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.24.0-1.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.9.14-1.git.0.ca2cfc3.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.4.4.21__redhat_1-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.8.0-1.git.216.b6b90bb.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1-2.git5bd9251.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.1-8.git78d6339.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.0-2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:4.5.1-8.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.08-20.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.1.14-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.34.0-5.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.4.0-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.4.57-5.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.3-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2016.9.26-2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.2-4.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:4.1-3.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.0.2-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.6.1-16.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.4.2-1.3.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.3.0-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.0.3-2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.9.2-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.9.0-3.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.4.0-2.1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.71c-2.el7aos",
- "version_affected": "!"
- },
- {
- "version_value": "0:5.0.0-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.2.1-20180102gitd701bf9.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.1-9.2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.6.0-2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "1:0.5.0-8.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.1.1-2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.6.5-2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.4.32-2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.5.7-4.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.4.0-7.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.4.1-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.4.9-5.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.15.23-2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.3-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:17.1.1-4.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.5.2.2-3.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.21.1-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "1:4.2.10-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.5.2-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.5-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.5.3-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.22.4-2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.5.20170404-2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.60.0-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.13.1-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.9.23-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.4.0-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.1-2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.13.2-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.6.2-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.5.6-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.4.5-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.9-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.13-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.9.8-2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.6.0-4.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.9.5-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.1.0-2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.1-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.2016.0521-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:5.10.3-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.2.2-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.13.1-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.0.0-3.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.11.0-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.3-2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.0.5-5.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.0-2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.0-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.2.4-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.5-4.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.3.6-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.2.5-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.2018.3-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.1.4-5.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.0.7.5-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.1.5-2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.0.0-24.rc4.dev.gitc6e4a1e.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.5.1-1.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:2.4.4.10_redhat_1-3.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:1.06-2.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:0.9.1-15.el7",
- "version_affected": "!"
- },
- {
- "version_value": "1:3.14.5.10-25.el7",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -1379,16 +59,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2018:0489"
},
- {
- "url": "https://access.redhat.com/security/cve/CVE-2017-15137",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2017-15137"
- },
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566191",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1566191"
- },
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137",
"refsource": "MISC",
@@ -1396,12 +66,6 @@
}
]
},
- "credits": [
- {
- "lang": "en",
- "value": "This issue was discovered by Ben Parees (Red Hat)."
- }
- ],
"impact": {
"cvss": [
{
diff --git a/2017/2xxx/CVE-2017-2582.json b/2017/2xxx/CVE-2017-2582.json
index e10b74521a6..4644a0fdcd8 100644
--- a/2017/2xxx/CVE-2017-2582.json
+++ b/2017/2xxx/CVE-2017-2582.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2582",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "keycloak",
- "version": {
- "version_data": [
- {
- "version_value": "2.5.1"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "Red Hat"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -38,129 +15,162 @@
}
]
},
- "impact": {
- "cvss": [
- [
- {
- "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
- "version": "3.0"
- }
- ]
- ]
- },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
- "value": "CWE-201"
+ "value": "CWE-201",
+ "cweId": "CWE-201"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "keycloak",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2.5.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "RHSA-2017:3220",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:3220"
+ "url": "http://www.securityfocus.com/bid/101046",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/101046"
},
{
- "name": "RHSA-2017:3216",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:3216"
+ "url": "http://www.securitytracker.com/id/1041707",
+ "refsource": "MISC",
+ "name": "http://www.securitytracker.com/id/1041707"
},
{
- "name": "RHSA-2017:2809",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:2809"
+ "url": "https://access.redhat.com/errata/RHSA-2017:2808",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:2808"
},
{
- "name": "RHSA-2018:2740",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2018:2740"
+ "url": "https://access.redhat.com/errata/RHSA-2017:2809",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:2809"
},
{
- "name": "RHSA-2017:3218",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:3218"
+ "url": "https://access.redhat.com/errata/RHSA-2017:2810",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:2810"
},
{
- "name": "RHSA-2017:2810",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:2810"
+ "url": "https://access.redhat.com/errata/RHSA-2017:2811",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:2811"
},
{
- "name": "RHSA-2018:2741",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2018:2741"
+ "url": "https://access.redhat.com/errata/RHSA-2017:3216",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:3216"
},
{
- "name": "RHSA-2018:2742",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2018:2742"
+ "url": "https://access.redhat.com/errata/RHSA-2017:3217",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:3217"
},
{
- "name": "RHSA-2017:2808",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:2808"
+ "url": "https://access.redhat.com/errata/RHSA-2017:3218",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:3218"
},
{
- "name": "RHSA-2019:0137",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2019:0137"
+ "url": "https://access.redhat.com/errata/RHSA-2017:3219",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:3219"
},
{
- "name": "RHSA-2017:3219",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:3219"
+ "url": "https://access.redhat.com/errata/RHSA-2017:3220",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:3220"
},
{
- "name": "RHSA-2019:0139",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2019:0139"
+ "url": "https://access.redhat.com/errata/RHSA-2018:2740",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2018:2740"
},
{
- "name": "https://github.com/keycloak/keycloak/pull/3715/commits/0cb5ba0f6e83162d221681f47b470c3042eef237",
- "refsource": "CONFIRM",
- "url": "https://github.com/keycloak/keycloak/pull/3715/commits/0cb5ba0f6e83162d221681f47b470c3042eef237"
+ "url": "https://access.redhat.com/errata/RHSA-2018:2741",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2018:2741"
},
{
- "name": "1041707",
- "refsource": "SECTRACK",
- "url": "http://www.securitytracker.com/id/1041707"
+ "url": "https://access.redhat.com/errata/RHSA-2018:2742",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2018:2742"
},
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582"
+ "url": "https://access.redhat.com/errata/RHSA-2018:2743",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2018:2743"
},
{
- "name": "RHSA-2019:0136",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2019:0136"
+ "url": "https://access.redhat.com/errata/RHSA-2019:0136",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2019:0136"
},
{
- "name": "RHSA-2018:2743",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2018:2743"
+ "url": "https://access.redhat.com/errata/RHSA-2019:0137",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2019:0137"
},
{
- "name": "RHSA-2017:3217",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:3217"
+ "url": "https://access.redhat.com/errata/RHSA-2019:0139",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2019:0139"
},
{
- "name": "RHSA-2017:2811",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:2811"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582"
},
{
- "name": "101046",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/101046"
+ "url": "https://github.com/keycloak/keycloak/pull/3715/commits/0cb5ba0f6e83162d221681f47b470c3042eef237",
+ "refsource": "MISC",
+ "name": "https://github.com/keycloak/keycloak/pull/3715/commits/0cb5ba0f6e83162d221681f47b470c3042eef237"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "version": "3.0"
}
]
}
diff --git a/2017/2xxx/CVE-2017-2583.json b/2017/2xxx/CVE-2017-2583.json
index d9dd00f6cd1..68c27c48284 100644
--- a/2017/2xxx/CVE-2017-2583.json
+++ b/2017/2xxx/CVE-2017-2583.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest."
+ "value": "The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a \"MOV SS, NULL selector\" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application."
}
]
},
@@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Execution with Unnecessary Privileges",
- "cweId": "CWE-250"
+ "value": "n/a"
}
]
}
@@ -32,20 +31,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "n/a",
"product": {
"product_data": [
{
- "product_name": "Red Hat Enterprise Linux 7",
+ "product_name": "n/a",
"version": {
"version_data": [
{
- "version_value": "0:3.10.0-514.26.1.rt56.442.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.10.0-514.26.1.el7",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -93,16 +88,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1616"
},
- {
- "url": "https://access.redhat.com/security/cve/CVE-2017-2583",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2017-2583"
- },
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414735",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1414735"
- },
{
"url": "https://github.com/torvalds/linux/commit/33ab91103b3415e12457e3104f0e4517ce12d0f3",
"refsource": "MISC",
@@ -112,51 +97,11 @@
"url": "https://usn.ubuntu.com/3754-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3754-1/"
- }
- ]
- },
- "credits": [
- {
- "lang": "en",
- "value": "Red Hat would like to thank Xiaohan Zhang (Huawei Inc.) for reporting this issue."
- }
- ],
- "impact": {
- "cvss": [
- {
- "accessComplexity": "MEDIUM",
- "accessVector": "ADJACENT_NETWORK",
- "authentication": "SINGLE",
- "availabilityImpact": "PARTIAL",
- "availabilityRequirement": "NOT_DEFINED",
- "baseScore": 4.9,
- "collateralDamagePotential": "NOT_DEFINED",
- "confidentialityImpact": "PARTIAL",
- "confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 0,
- "exploitability": "NOT_DEFINED",
- "integrityImpact": "PARTIAL",
- "integrityRequirement": "NOT_DEFINED",
- "remediationLevel": "NOT_DEFINED",
- "reportConfidence": "NOT_DEFINED",
- "targetDistribution": "NOT_DEFINED",
- "temporalScore": 0,
- "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
- "version": "2.0"
},
{
- "attackComplexity": "HIGH",
- "attackVector": "ADJACENT_NETWORK",
- "availabilityImpact": "HIGH",
- "baseScore": 6.4,
- "baseSeverity": "MEDIUM",
- "confidentialityImpact": "HIGH",
- "integrityImpact": "HIGH",
- "privilegesRequired": "HIGH",
- "scope": "UNCHANGED",
- "userInteraction": "NONE",
- "vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
- "version": "3.0"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414735",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1414735"
}
]
}
diff --git a/2017/2xxx/CVE-2017-2589.json b/2017/2xxx/CVE-2017-2589.json
index 13d2674fe84..c2fe520a028 100644
--- a/2017/2xxx/CVE-2017-2589.json
+++ b/2017/2xxx/CVE-2017-2589.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2589",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "hawtio",
- "version": {
- "version_data": [
- {
- "version_value": "1.4"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "Red Hat"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -38,39 +15,72 @@
}
]
},
- "impact": {
- "cvss": [
- [
- {
- "vectorString": "8.7/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
- "version": "3.0"
- }
- ]
- ]
- },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
- "value": "CWE-285"
+ "value": "CWE-285",
+ "cweId": "CWE-285"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "hawtio",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.4"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "RHSA-2017:1832",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:1832"
+ "url": "https://access.redhat.com/errata/RHSA-2017:1832",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:1832"
},
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2589",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2589"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2589",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2589"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 8.7,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
+ "version": "3.0"
}
]
}
diff --git a/2017/2xxx/CVE-2017-2595.json b/2017/2xxx/CVE-2017-2595.json
index f8a82cc353b..ab81b05837c 100644
--- a/2017/2xxx/CVE-2017-2595.json
+++ b/2017/2xxx/CVE-2017-2595.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2595",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "wildfly",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "[UNKNOWN]"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -38,109 +15,142 @@
}
]
},
- "impact": {
- "cvss": [
- [
- {
- "vectorString": "7.7/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
- "version": "3.0"
- }
- ]
- ]
- },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
- "value": "CWE-22"
+ "value": "CWE-22",
+ "cweId": "CWE-22"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "[UNKNOWN]",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "wildfly",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "RHSA-2017:1411",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:1411"
+ "url": "https://access.redhat.com/errata/RHSA-2017:3454",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
- "name": "RHSA-2017:1409",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2017-1409.html"
+ "url": "https://access.redhat.com/errata/RHSA-2017:3455",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
- "name": "RHSA-2017:1548",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:1548"
+ "url": "https://access.redhat.com/errata/RHSA-2017:3456",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
- "name": "RHSA-2017:1549",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:1549"
+ "url": "https://access.redhat.com/errata/RHSA-2017:3458",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
- "name": "RHSA-2017:3458",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:3458"
+ "url": "http://rhn.redhat.com/errata/RHSA-2017-1409.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2017-1409.html"
},
{
- "name": "RHSA-2017:1552",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:1552"
+ "url": "http://rhn.redhat.com/errata/RHSA-2017-1551.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2017-1551.html"
},
{
- "name": "1038757",
- "refsource": "SECTRACK",
- "url": "http://www.securitytracker.com/id/1038757"
+ "url": "http://www.securityfocus.com/bid/98967",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/98967"
},
{
- "name": "RHSA-2017:1410",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:1410"
+ "url": "http://www.securitytracker.com/id/1038757",
+ "refsource": "MISC",
+ "name": "http://www.securitytracker.com/id/1038757"
},
{
- "name": "RHSA-2017:1412",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:1412"
+ "url": "https://access.redhat.com/errata/RHSA-2017:1410",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:1410"
},
{
- "name": "RHSA-2017:1551",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2017-1551.html"
+ "url": "https://access.redhat.com/errata/RHSA-2017:1411",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:1411"
},
{
- "name": "RHSA-2017:3455",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:3455"
+ "url": "https://access.redhat.com/errata/RHSA-2017:1412",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:1412"
},
{
- "name": "RHSA-2017:3456",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:3456"
+ "url": "https://access.redhat.com/errata/RHSA-2017:1548",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:1548"
},
{
- "name": "98967",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/98967"
+ "url": "https://access.redhat.com/errata/RHSA-2017:1549",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:1549"
},
{
- "name": "RHSA-2017:3454",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:3454"
+ "url": "https://access.redhat.com/errata/RHSA-2017:1550",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:1550"
},
{
- "name": "RHSA-2017:1550",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:1550"
+ "url": "https://access.redhat.com/errata/RHSA-2017:1552",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:1552"
},
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2595",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2595"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2595",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2595"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.7,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
+ "version": "3.0"
}
]
}
diff --git a/2017/2xxx/CVE-2017-2596.json b/2017/2xxx/CVE-2017-2596.json
index e08a1e54ed9..cf80b360a96 100644
--- a/2017/2xxx/CVE-2017-2596.json
+++ b/2017/2xxx/CVE-2017-2596.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to host memory leakage issue. It could occur while emulating VMXON instruction in 'handle_vmon'. An L1 guest user could use this flaw to leak host memory potentially resulting in DoS."
+ "value": "The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references."
}
]
},
@@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Missing Release of Resource after Effective Lifetime",
- "cweId": "CWE-772"
+ "value": "n/a"
}
]
}
@@ -32,20 +31,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "n/a",
"product": {
"product_data": [
{
- "product_name": "Red Hat Enterprise Linux 7",
+ "product_name": "n/a",
"version": {
"version_data": [
{
- "version_value": "0:3.10.0-693.rt56.617.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.10.0-693.el7",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -83,61 +78,11 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/95878"
},
- {
- "url": "https://access.redhat.com/security/cve/CVE-2017-2596",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2017-2596"
- },
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1417812",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1417812"
}
]
- },
- "credits": [
- {
- "lang": "en",
- "value": "Red Hat would like to thank Dmitry Vyukov (Google Inc.) for reporting this issue."
- }
- ],
- "impact": {
- "cvss": [
- {
- "accessComplexity": "HIGH",
- "accessVector": "ADJACENT_NETWORK",
- "authentication": "SINGLE",
- "availabilityImpact": "COMPLETE",
- "availabilityRequirement": "NOT_DEFINED",
- "baseScore": 4.3,
- "collateralDamagePotential": "NOT_DEFINED",
- "confidentialityImpact": "NONE",
- "confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 0,
- "exploitability": "NOT_DEFINED",
- "integrityImpact": "NONE",
- "integrityRequirement": "NOT_DEFINED",
- "remediationLevel": "NOT_DEFINED",
- "reportConfidence": "NOT_DEFINED",
- "targetDistribution": "NOT_DEFINED",
- "temporalScore": 0,
- "vectorString": "AV:A/AC:H/Au:S/C:N/I:N/A:C",
- "version": "2.0"
- },
- {
- "attackComplexity": "HIGH",
- "attackVector": "ADJACENT_NETWORK",
- "availabilityImpact": "HIGH",
- "baseScore": 5.8,
- "baseSeverity": "MEDIUM",
- "confidentialityImpact": "NONE",
- "integrityImpact": "NONE",
- "privilegesRequired": "LOW",
- "scope": "CHANGED",
- "userInteraction": "NONE",
- "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
- "version": "3.0"
- }
- ]
}
}
\ No newline at end of file
diff --git a/2017/2xxx/CVE-2017-2615.json b/2017/2xxx/CVE-2017-2615.json
index f58b8a4cb84..daeae5b52a1 100644
--- a/2017/2xxx/CVE-2017-2615.json
+++ b/2017/2xxx/CVE-2017-2615.json
@@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Out-of-bounds Write",
+ "value": "CWE-787",
"cweId": "CWE-787"
}
]
@@ -32,148 +32,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "qemu",
"product": {
"product_data": [
{
- "product_name": "Red Hat Enterprise Linux 5",
+ "product_name": "display",
"version": {
"version_data": [
{
- "version_value": "0:83-277.el5_11",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat Enterprise Linux 6",
- "version": {
- "version_data": [
- {
- "version_value": "2:0.12.1.2-2.491.el6_8.6",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat Enterprise Linux 7",
- "version": {
- "version_data": [
- {
- "version_value": "10:1.5.3-126.el7_3.5",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
- "version": {
- "version_data": [
- {
- "version_value": "2:0.12.1.2-2.491.el6_8.7",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
- "version": {
- "version_data": [
- {
- "version_value": "10:2.6.0-28.el7_3.6",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
- "version": {
- "version_data": [
- {
- "version_value": "10:2.6.0-28.el7_3.6",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
- "version": {
- "version_data": [
- {
- "version_value": "10:2.6.0-28.el7_3.6",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
- "version": {
- "version_data": [
- {
- "version_value": "10:2.6.0-28.el7_3.6",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
- "version": {
- "version_data": [
- {
- "version_value": "10:2.6.0-28.el7_3.6",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
- "version": {
- "version_data": [
- {
- "version_value": "10:2.6.0-28.el7_3.6",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
- "version": {
- "version_data": [
- {
- "version_value": "10:2.6.0-28.el7_3.6",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
- "version": {
- "version_data": [
- {
- "version_value": "2:0.12.1.2-2.491.el6_8.6",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "RHEV 3.X Hypervisor and Agents for RHEL-7",
- "version": {
- "version_data": [
- {
- "version_value": "10:2.6.0-28.el7_3.6",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -271,76 +139,6 @@
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037804"
},
- {
- "url": "https://access.redhat.com/errata/RHSA-2017:0309",
- "refsource": "MISC",
- "name": "https://access.redhat.com/errata/RHSA-2017:0309"
- },
- {
- "url": "https://access.redhat.com/errata/RHSA-2017:0328",
- "refsource": "MISC",
- "name": "https://access.redhat.com/errata/RHSA-2017:0328"
- },
- {
- "url": "https://access.redhat.com/errata/RHSA-2017:0329",
- "refsource": "MISC",
- "name": "https://access.redhat.com/errata/RHSA-2017:0329"
- },
- {
- "url": "https://access.redhat.com/errata/RHSA-2017:0330",
- "refsource": "MISC",
- "name": "https://access.redhat.com/errata/RHSA-2017:0330"
- },
- {
- "url": "https://access.redhat.com/errata/RHSA-2017:0331",
- "refsource": "MISC",
- "name": "https://access.redhat.com/errata/RHSA-2017:0331"
- },
- {
- "url": "https://access.redhat.com/errata/RHSA-2017:0332",
- "refsource": "MISC",
- "name": "https://access.redhat.com/errata/RHSA-2017:0332"
- },
- {
- "url": "https://access.redhat.com/errata/RHSA-2017:0333",
- "refsource": "MISC",
- "name": "https://access.redhat.com/errata/RHSA-2017:0333"
- },
- {
- "url": "https://access.redhat.com/errata/RHSA-2017:0334",
- "refsource": "MISC",
- "name": "https://access.redhat.com/errata/RHSA-2017:0334"
- },
- {
- "url": "https://access.redhat.com/errata/RHSA-2017:0344",
- "refsource": "MISC",
- "name": "https://access.redhat.com/errata/RHSA-2017:0344"
- },
- {
- "url": "https://access.redhat.com/errata/RHSA-2017:0350",
- "refsource": "MISC",
- "name": "https://access.redhat.com/errata/RHSA-2017:0350"
- },
- {
- "url": "https://access.redhat.com/errata/RHSA-2017:0396",
- "refsource": "MISC",
- "name": "https://access.redhat.com/errata/RHSA-2017:0396"
- },
- {
- "url": "https://access.redhat.com/errata/RHSA-2017:0454",
- "refsource": "MISC",
- "name": "https://access.redhat.com/errata/RHSA-2017:0454"
- },
- {
- "url": "https://access.redhat.com/security/cve/CVE-2017-2615",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2017-2615"
- },
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418200",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1418200"
- },
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615",
"refsource": "MISC",
@@ -363,35 +161,8 @@
}
]
},
- "credits": [
- {
- "lang": "en",
- "value": "Red Hat would like to thank Li Qiang (360.cn Inc.) and Wjjzhang (Tencent.com Inc.) for reporting this issue."
- }
- ],
"impact": {
"cvss": [
- {
- "accessComplexity": "MEDIUM",
- "accessVector": "ADJACENT_NETWORK",
- "authentication": "SINGLE",
- "availabilityImpact": "PARTIAL",
- "availabilityRequirement": "NOT_DEFINED",
- "baseScore": 4.9,
- "collateralDamagePotential": "NOT_DEFINED",
- "confidentialityImpact": "PARTIAL",
- "confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 0,
- "exploitability": "NOT_DEFINED",
- "integrityImpact": "PARTIAL",
- "integrityRequirement": "NOT_DEFINED",
- "remediationLevel": "NOT_DEFINED",
- "reportConfidence": "NOT_DEFINED",
- "targetDistribution": "NOT_DEFINED",
- "temporalScore": 0,
- "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
- "version": "2.0"
- },
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
diff --git a/2017/2xxx/CVE-2017-2618.json b/2017/2xxx/CVE-2017-2618.json
index 04750cbd167..6e8cdb2dd85 100644
--- a/2017/2xxx/CVE-2017-2618.json
+++ b/2017/2xxx/CVE-2017-2618.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory."
+ "value": "A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory."
}
]
},
@@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Off-by-one Error",
+ "value": "CWE-193",
"cweId": "CWE-193"
}
]
@@ -32,31 +32,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "Linux",
"product": {
"product_data": [
{
- "product_name": "Red Hat Enterprise Linux 7",
+ "product_name": "kernel",
"version": {
"version_data": [
{
- "version_value": "0:3.10.0-514.16.1.rt56.437.el7",
- "version_affected": "!"
- },
- {
- "version_value": "0:3.10.0-514.16.1.el7",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat Enterprise MRG 2",
- "version": {
- "version_data": [
- {
- "version_value": "1:3.10.0-514.rt56.219.el6rt",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "4.9.10"
}
]
}
@@ -89,16 +74,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0933"
},
- {
- "url": "https://access.redhat.com/security/cve/CVE-2017-2618",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2017-2618"
- },
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1419916",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1419916"
- },
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2618",
"refsource": "MISC",
@@ -121,12 +96,6 @@
}
]
},
- "credits": [
- {
- "lang": "en",
- "value": "This issue was discovered by Paul Moore (Red Hat Engineering)."
- }
- ],
"impact": {
"cvss": [
{
diff --git a/2017/2xxx/CVE-2017-2621.json b/2017/2xxx/CVE-2017-2621.json
index df88eaa0da3..48217a2dabf 100644
--- a/2017/2xxx/CVE-2017-2621.json
+++ b/2017/2xxx/CVE-2017-2621.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "An access-control flaw was found in the OpenStack Orchestration (heat) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information."
+ "value": "An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information."
}
]
},
@@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Files or Directories Accessible to External Parties",
+ "value": "CWE-552",
"cweId": "CWE-552"
}
]
@@ -36,23 +36,20 @@
"product": {
"product_data": [
{
- "product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
+ "product_name": "openstack-heat",
"version": {
"version_data": [
{
- "version_value": "1:7.0.2-4.el7ost",
- "version_affected": "!"
- }
- ]
- }
- },
- {
- "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
- "version": {
- "version_data": [
+ "version_affected": "=",
+ "version_value": "openstack-heat-8.0.0"
+ },
{
- "version_value": "1:6.1.0-3.el7ost",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "openstack-heat-6.1.0"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "openstack-heat-7.0.2"
}
]
}
@@ -80,16 +77,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1464"
},
- {
- "url": "https://access.redhat.com/security/cve/CVE-2017-2621",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2017-2621"
- },
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420990",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1420990"
- },
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2621",
"refsource": "MISC",
@@ -97,12 +84,6 @@
}
]
},
- "credits": [
- {
- "lang": "en",
- "value": "Red Hat would like to thank Hans Feldt (Ericsson) for reporting this issue."
- }
- ],
"impact": {
"cvss": [
{
diff --git a/2017/2xxx/CVE-2017-2622.json b/2017/2xxx/CVE-2017-2622.json
index 6c72a933728..f4b5694f167 100644
--- a/2017/2xxx/CVE-2017-2622.json
+++ b/2017/2xxx/CVE-2017-2622.json
@@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Files or Directories Accessible to External Parties",
+ "value": "CWE-552",
"cweId": "CWE-552"
}
]
@@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Red Hat",
+ "vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
- "product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
+ "product_name": "openstack-mistral",
"version": {
"version_data": [
{
- "version_value": "0:3.0.2-11.el7ost",
- "version_affected": "!"
+ "version_affected": "=",
+ "version_value": "n/a"
}
]
}
@@ -59,16 +59,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1584"
},
- {
- "url": "https://access.redhat.com/security/cve/CVE-2017-2622",
- "refsource": "MISC",
- "name": "https://access.redhat.com/security/cve/CVE-2017-2622"
- },
- {
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420992",
- "refsource": "MISC",
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1420992"
- },
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2622",
"refsource": "MISC",
@@ -76,12 +66,6 @@
}
]
},
- "credits": [
- {
- "lang": "en",
- "value": "Red Hat would like to thank Hans Feldt (Ericsson) for reporting this issue."
- }
- ],
"impact": {
"cvss": [
{
diff --git a/2017/2xxx/CVE-2017-2624.json b/2017/2xxx/CVE-2017-2624.json
index a9e1855a59b..a9f418be0d9 100644
--- a/2017/2xxx/CVE-2017-2624.json
+++ b/2017/2xxx/CVE-2017-2624.json
@@ -1,35 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2624",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "xorg-x11-server",
- "version": {
- "version_data": [
- {
- "version_value": "1.19.0"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "Xorg"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -38,69 +15,102 @@
}
]
},
- "impact": {
- "cvss": [
- [
- {
- "vectorString": "5.9/CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
- "version": "3.0"
- }
- ]
- ]
- },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
- "value": "CWE-385"
+ "value": "CWE-385",
+ "cweId": "CWE-385"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Xorg",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "xorg-x11-server",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.19.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "GLSA-201704-03",
- "refsource": "GENTOO",
- "url": "https://security.gentoo.org/glsa/201704-03"
- },
- {
- "name": "https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c",
- "refsource": "CONFIRM",
- "url": "https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c"
- },
- {
- "name": "1037919",
- "refsource": "SECTRACK",
- "url": "http://www.securitytracker.com/id/1037919"
- },
- {
- "name": "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update",
- "refsource": "MLIST",
- "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html"
- },
- {
- "name": "GLSA-201710-30",
- "refsource": "GENTOO",
- "url": "https://security.gentoo.org/glsa/201710-30"
- },
- {
- "name": "96480",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/96480"
- },
- {
- "name": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/",
+ "url": "http://www.securityfocus.com/bid/96480",
"refsource": "MISC",
- "url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"
+ "name": "http://www.securityfocus.com/bid/96480"
},
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624"
+ "url": "http://www.securitytracker.com/id/1037919",
+ "refsource": "MISC",
+ "name": "http://www.securitytracker.com/id/1037919"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/201704-03",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/201704-03"
+ },
+ {
+ "url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/",
+ "refsource": "MISC",
+ "name": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/201710-30",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/201710-30"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624"
+ },
+ {
+ "url": "https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c",
+ "refsource": "MISC",
+ "name": "https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html",
+ "refsource": "MISC",
+ "name": "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
+ "version": "3.0"
}
]
}
diff --git a/2018/1xxx/CVE-2018-1041.json b/2018/1xxx/CVE-2018-1041.json
index 72f6d936f0b..419f0a2bacf 100644
--- a/2018/1xxx/CVE-2018-1041.json
+++ b/2018/1xxx/CVE-2018-1041.json
@@ -1,36 +1,12 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
- "DATE_PUBLIC": "2018-02-05T00:00:00",
"ID": "CVE-2018-1041",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "jboss-remoting",
- "version": {
- "version_data": [
- {
- "version_value": "since 3.3.10"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "Red Hat, Inc."
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
@@ -45,53 +21,78 @@
"description": [
{
"lang": "eng",
- "value": "CWE-835"
+ "value": "CWE-835",
+ "cweId": "CWE-835"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat, Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "jboss-remoting",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "since 3.3.10"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "44099",
- "refsource": "EXPLOIT-DB",
- "url": "https://www.exploit-db.com/exploits/44099/"
+ "url": "https://access.redhat.com/errata/RHSA-2018:0268",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2018:0268"
},
{
- "name": "RHSA-2018:0269",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2018:0269"
+ "url": "https://access.redhat.com/errata/RHSA-2018:0269",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2018:0269"
},
{
- "name": "RHSA-2018:0270",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2018:0270"
+ "url": "https://access.redhat.com/errata/RHSA-2018:0270",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2018:0270"
},
{
- "name": "RHSA-2018:0271",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2018:0271"
+ "url": "https://access.redhat.com/errata/RHSA-2018:0271",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2018:0271"
},
{
- "name": "RHSA-2018:0268",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2018:0268"
+ "url": "https://access.redhat.com/errata/RHSA-2018:0275",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2018:0275"
},
{
- "name": "RHSA-2018:0275",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2018:0275"
+ "url": "http://www.securitytracker.com/id/1040323",
+ "refsource": "MISC",
+ "name": "http://www.securitytracker.com/id/1040323"
},
{
- "name": "1040323",
- "refsource": "SECTRACK",
- "url": "http://www.securitytracker.com/id/1040323"
+ "url": "https://www.exploit-db.com/exploits/44099/",
+ "refsource": "MISC",
+ "name": "https://www.exploit-db.com/exploits/44099/"
},
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1530457",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1530457"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1530457",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1530457"
}
]
}
diff --git a/2023/0xxx/CVE-2023-0801.json b/2023/0xxx/CVE-2023-0801.json
new file mode 100644
index 00000000000..8dd0dcececa
--- /dev/null
+++ b/2023/0xxx/CVE-2023-0801.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-0801",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/0xxx/CVE-2023-0802.json b/2023/0xxx/CVE-2023-0802.json
new file mode 100644
index 00000000000..588caea181c
--- /dev/null
+++ b/2023/0xxx/CVE-2023-0802.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-0802",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/0xxx/CVE-2023-0803.json b/2023/0xxx/CVE-2023-0803.json
new file mode 100644
index 00000000000..22d05b15737
--- /dev/null
+++ b/2023/0xxx/CVE-2023-0803.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-0803",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/0xxx/CVE-2023-0804.json b/2023/0xxx/CVE-2023-0804.json
new file mode 100644
index 00000000000..b01f6630937
--- /dev/null
+++ b/2023/0xxx/CVE-2023-0804.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-0804",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/25xxx/CVE-2023-25692.json b/2023/25xxx/CVE-2023-25692.json
new file mode 100644
index 00000000000..c84ffd655fa
--- /dev/null
+++ b/2023/25xxx/CVE-2023-25692.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-25692",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file