admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-12 23:01:54 +00:00
parent 10982becdc
commit 10ef78553f
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
100 changed files with 2903 additions and 7018 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
2015/1xxx/CVE-2015-1798.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was found that ntpd did not check whether a Message Authentication Code (MAC) was present in a received packet when ntpd was configured to use symmetric cryptographic keys. A man-in-the-middle attacker could use this flaw to send crafted packets that would be accepted by a client or a peer without the attacker knowing the symmetric key."
"value": "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Verification of Cryptographic Signature",
"cweId": "CWE-347"
"value": "n/a"
}
]
}
@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:4.2.6p5-5.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:4.2.6p5-22.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -85,16 +73,6 @@
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1459",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1459"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2231",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2231"
},
{
"url": "http://support.apple.com/kb/HT204942",
"refsource": "MISC",
@ -170,16 +148,6 @@
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2567-1"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-1798",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-1798"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1199430",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1199430"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10114",
"refsource": "MISC",
@ -191,30 +159,5 @@
"name": "https://security.gentoo.org/glsa/201509-01"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}
}

67
2015/1xxx/CVE-2015-1818.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1818",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,17 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1539",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1539.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1539.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1539.html"
},
{
"name": "RHSA-2015:1704",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1704.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1704.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1704.html"
}
]
}

56
2015/1xxx/CVE-2015-1827.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the IPA extdom Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for a list of groups for a user that belongs to a large number of groups would cause a Directory Server to crash."
"value": "The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Incorrect Calculation of Buffer Size",
"cweId": "CWE-131"
"value": "n/a"
}
]
}
@ -32,20 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:4.1.0-18.ael7b_1.3",
"version_affected": "!"
},
{
"version_value": "0:0.54-3.ael7b_1",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -73,55 +68,20 @@
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0728.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:0728",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0728"
},
{
"url": "http://www.securityfocus.com/bid/73376",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/73376"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-1827",
"url": "https://fedorahosted.org/freeipa/ticket/4908",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-1827"
"name": "https://fedorahosted.org/freeipa/ticket/4908"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205200",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205200"
},
{
"url": "https://fedorahosted.org/freeipa/ticket/4908",
"refsource": "MISC",
"name": "https://fedorahosted.org/freeipa/ticket/4908"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}

81
2015/1xxx/CVE-2015-1846.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1846",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,27 +27,51 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "1032011",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032011"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1207647",
"url": "http://www.openwall.com/lists/oss-security/2015/04/01/5",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207647"
"name": "http://www.openwall.com/lists/oss-security/2015/04/01/5"
},
{
"name": "73686",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73686"
"url": "http://www.securitytracker.com/id/1032011",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1032011"
},
{
"name": "[oss-security] 20150401 CVE-2015-1845, CVE-2015-1846 - unzoo - Buffer overflow & Infinite loop",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/01/5"
"url": "http://www.securityfocus.com/bid/73686",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/73686"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207647",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1207647"
}
]
}

69
2015/1xxx/CVE-2015-1848.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI."
"value": "The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Verification of Cryptographic Signature",
"cweId": "CWE-347"
"value": "n/a"
}
]
}
@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:0.9.123-9.el6_6.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:0.9.137-13.el7_1.2",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -95,55 +83,10 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/74623"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:0980",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0980"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:0990",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0990"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-1848",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-1848"
},
{
"url": "https://bugzilla.redhat.com/attachment.cgi?id=1009855",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/attachment.cgi?id=1009855"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208294",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1208294"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

121
2015/1xxx/CVE-2015-1856.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1856",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,62 +27,86 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1845",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1845.html"
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "https://bugs.launchpad.net/swift/+bug/1430645",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/swift/+bug/1430645"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html"
},
{
"name": "SUSE-SU-2015:1846",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1845.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1845.html"
},
{
"name": "RHSA-2015:1846",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1846.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1846.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1846.html"
},
{
"name": "RHSA-2015:1681",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1681.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163113.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163113.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-April/000349.html",
"refsource": "MISC",
"name": "http://lists.openstack.org/pipermail/openstack-announce/2015-April/000349.html"
},
{
"name": "USN-2704-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2704-1"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1681.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1681.html"
},
{
"name": "74182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74182"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1684.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1684.html"
},
{
"name": "FEDORA-2015-12245",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163113.html"
"url": "http://www.securityfocus.com/bid/74182",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/74182"
},
{
"name": "[openstack-announce] 20150414 [OSSA 2015-006] Unauthorized delete of versioned Swift object (CVE-2015-1856)",
"refsource": "MLIST",
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-April/000349.html"
"url": "http://www.ubuntu.com/usn/USN-2704-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2704-1"
},
{
"name": "RHSA-2015:1684",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1684.html"
"url": "https://bugs.launchpad.net/swift/+bug/1430645",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/swift/+bug/1430645"
}
]
}

115
2015/1xxx/CVE-2015-1858.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1858",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,57 +27,81 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-6114",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
"url": "http://www.ubuntu.com/usn/USN-2626-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "FEDORA-2015-6123",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"name": "GLSA-201603-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-10"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"name": "FEDORA-2015-6315",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"name": "https://codereview.qt-project.org/#/c/108312/",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/#/c/108312/"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"name": "FEDORA-2015-6364",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
},
{
"name": "USN-2626-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2626-1"
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html",
"refsource": "MISC",
"name": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
"refsource": "MLIST",
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
"url": "http://www.securityfocus.com/bid/74309",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/74309"
},
{
"name": "74309",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74309"
"url": "https://codereview.qt-project.org/#/c/108312/",
"refsource": "MISC",
"name": "https://codereview.qt-project.org/#/c/108312/"
},
{
"name": "FEDORA-2015-6252",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
"url": "https://security.gentoo.org/glsa/201603-10",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201603-10"
}
]
}

72
2015/1xxx/CVE-2015-1867.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the way pacemaker, a cluster resource manager, evaluated added nodes in certain situations. A user with read-only access could potentially assign any other existing roles to themselves and then add privileges to other users as well."
"value": "Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Incorrect Authorization",
"cweId": "CWE-863"
"value": "n/a"
}
]
}
@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:1.1.12-8.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.1.13-10.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -95,26 +83,6 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/74231"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1424",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1424"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2383",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2383"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-1867",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-1867"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211370",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1211370"
},
{
"url": "https://github.com/ClusterLabs/pacemaker/commit/84ac07c",
"refsource": "MISC",
@ -124,31 +92,11 @@
"url": "https://security.gentoo.org/glsa/201710-08",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201710-08"
}
]
},
"impact": {
"cvss": [
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211370",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1211370"
}
]
}

80
2015/3xxx/CVE-2015-3147.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was discovered that, when moving problem reports between certain directories, abrt-handle-upload did not verify that the new problem directory had appropriate permissions and did not contain symbolic links. An attacker able to create a crafted problem report could use this flaw to expose other parts of ABRT, or to overwrite arbitrary files on the system."
"value": "daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Unverified Ownership",
"cweId": "CWE-283"
"value": "Symbolic Link Following"
}
]
}
@ -32,35 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "ABRT",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "ABRT",
"version": {
"version_data": [
{
"version_value": "0:2.0.8-26.el6_6.1",
"version_affected": "!"
},
{
"version_value": "0:2.0.9-21.el6_6.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.1.11-22.el7_1",
"version_affected": "!"
},
{
"version_value": "0:2.1.11-23.el7_1",
"version_affected": "!"
"version_affected": "=",
"version_value": "before 2.6.0"
}
]
}
@ -78,31 +58,11 @@
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/04/17/5"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1083",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1083"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1210",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1210"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1083.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1083.html"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-3147",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-3147"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212953",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1212953"
},
{
"url": "https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091",
"refsource": "MISC",
@ -112,31 +72,11 @@
"url": "https://github.com/abrt/abrt/pull/955",
"refsource": "MISC",
"name": "https://github.com/abrt/abrt/pull/955"
}
]
},
"impact": {
"cvss": [
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:P",
"version": "2.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212953",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1212953"
}
]
}

101
2015/3xxx/CVE-2015-3156.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3156",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,62 +27,86 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/mysql/service.py#L790",
"url": "https://bugs.launchpad.net/trove/+bug/1398195",
"refsource": "MISC",
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/mysql/service.py#L790"
"name": "https://bugs.launchpad.net/trove/+bug/1398195"
},
{
"name": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L110",
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/cassandra/service.py#L230",
"refsource": "MISC",
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L110"
"name": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/cassandra/service.py#L230"
},
{
"name": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/cassandra/service.py#L230",
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/mongodb/service.py#L176",
"refsource": "MISC",
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/cassandra/service.py#L230"
"name": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/mongodb/service.py#L176"
},
{
"name": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L55",
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/redis/service.py#L236",
"refsource": "MISC",
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L55"
"name": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/redis/service.py#L236"
},
{
"name": "https://bugs.launchpad.net/trove/+bug/1398195",
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/mysql/service.py#L790",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/trove/+bug/1398195"
"name": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/mysql/service.py#L790"
},
{
"name": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/experimental/couchbase_impl.py#L30",
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/experimental/couchbase_impl.py#L30",
"refsource": "MISC",
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/experimental/couchbase_impl.py#L30"
"name": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/experimental/couchbase_impl.py#L30"
},
{
"name": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/mongodb/service.py#L176",
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L110",
"refsource": "MISC",
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/mongodb/service.py#L176"
"name": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L110"
},
{
"name": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L36",
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L36",
"refsource": "MISC",
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L36"
"name": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L36"
},
{
"name": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/restore/mysql_impl.py#L194",
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L55",
"refsource": "MISC",
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/restore/mysql_impl.py#L194"
"name": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L55"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1216073",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216073"
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/restore/mysql_impl.py#L194",
"refsource": "MISC",
"name": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/restore/mysql_impl.py#L194"
},
{
"name": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/redis/service.py#L236",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216073",
"refsource": "MISC",
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/redis/service.py#L236"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1216073"
}
]
}

103
2015/3xxx/CVE-2015-3158.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3158",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,47 +27,71 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1671",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1671.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1669.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1669.html"
},
{
"name": "RHSA-2015:1672",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1672.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1670.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1670.html"
},
{
"name": "RHSA-2015:1673",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1673.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1671.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1671.html"
},
{
"name": "RHSA-2015:1670",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1670.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1672.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1672.html"
},
{
"name": "https://github.com/picketlink/picketlink-bindings/pull/124",
"refsource": "CONFIRM",
"url": "https://github.com/picketlink/picketlink-bindings/pull/124"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1673.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1673.html"
},
{
"name": "https://issues.jboss.org/browse/PLINK-708",
"refsource": "CONFIRM",
"url": "https://issues.jboss.org/browse/PLINK-708"
"url": "https://github.com/picketlink/picketlink-bindings/pull/124",
"refsource": "MISC",
"name": "https://github.com/picketlink/picketlink-bindings/pull/124"
},
{
"name": "RHSA-2015:1669",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1669.html"
"url": "https://issues.jboss.org/browse/PLINK-708",
"refsource": "MISC",
"name": "https://issues.jboss.org/browse/PLINK-708"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1216123",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216123"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216123",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1216123"
}
]
}

83
2015/3xxx/CVE-2015-3198.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3198",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,27 +27,51 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1224787",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1224787"
},
{
"name": "https://stackoverflow.com/questions/30028346/with-trailing-slash-in-url-jsp-show-source-code",
"url": "https://developer.jboss.org/message/927301#927301",
"refsource": "MISC",
"url": "https://stackoverflow.com/questions/30028346/with-trailing-slash-in-url-jsp-show-source-code"
"name": "https://developer.jboss.org/message/927301#927301"
},
{
"name": "https://issues.jboss.org/browse/WFLY-4595",
"refsource": "CONFIRM",
"url": "https://issues.jboss.org/browse/WFLY-4595"
},
{
"name": "https://developer.jboss.org/message/927301#927301",
"url": "https://issues.jboss.org/browse/WFLY-4595",
"refsource": "MISC",
"url": "https://developer.jboss.org/message/927301#927301"
"name": "https://issues.jboss.org/browse/WFLY-4595"
},
{
"url": "https://stackoverflow.com/questions/30028346/with-trailing-slash-in-url-jsp-show-source-code",
"refsource": "MISC",
"name": "https://stackoverflow.com/questions/30028346/with-trailing-slash-in-url-jsp-show-source-code"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1224787",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1224787"
}
]
}

85
2015/3xxx/CVE-2015-3206.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3206",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150521 CVE-2015-3206 python-kerberos: checkPassword() does not verify KDC authenticity",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/05/21/3"
"url": "http://www.openwall.com/lists/oss-security/2015/05/21/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/05/21/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1223802",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223802"
"url": "http://www.securityfocus.com/bid/74760",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/74760"
},
{
"name": "https://pypi.python.org/pypi/kerberos",
"refsource": "CONFIRM",
"url": "https://pypi.python.org/pypi/kerberos"
"url": "https://github.com/apple/ccs-pykerberos/issues/31",
"refsource": "MISC",
"name": "https://github.com/apple/ccs-pykerberos/issues/31"
},
{
"name": "74760",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74760"
"url": "https://pypi.python.org/pypi/kerberos",
"refsource": "MISC",
"name": "https://pypi.python.org/pypi/kerberos"
},
{
"name": "https://github.com/apple/ccs-pykerberos/issues/31",
"refsource": "CONFIRM",
"url": "https://github.com/apple/ccs-pykerberos/issues/31"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223802",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1223802"
}
]
}

115
2015/3xxx/CVE-2015-3216.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3216",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,57 +27,81 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2015:1184",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "1032587",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032587"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
},
{
"name": "SUSE-SU-2015:1150",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
},
{
"name": "RHSA-2015:1115",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
},
{
"name": "SUSE-SU-2015:1182",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
},
{
"name": "SUSE-SU-2015:1143",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
},
{
"name": "75219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75219"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1225994",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1225994"
"url": "http://www.securityfocus.com/bid/75219",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/75219"
},
{
"name": "RHSA-2016:2957",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
"url": "http://www.securitytracker.com/id/1032587",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1032587"
},
{
"name": "openSUSE-SU-2015:1139",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1225994",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1225994"
}
]
}

115
2015/3xxx/CVE-2015-3218.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3218",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,57 +27,81 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[polkit-devel] 20150529 Crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html"
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html",
"refsource": "MISC",
"name": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "USN-3717-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3717-1/"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "FEDORA-2015-11058",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "openSUSE-SU-2015:1927",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
"url": "http://www.securitytracker.com/id/1035023",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1035023"
},
{
"name": "FEDORA-2015-11743",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
},
{
"name": "[polkit-devel] 20150702 polkit-0.113 released",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
},
{
"name": "76086",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76086"
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html",
"refsource": "MISC",
"name": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html"
},
{
"name": "openSUSE-SU-2015:1734",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html",
"refsource": "MISC",
"name": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html"
},
{
"name": "1035023",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035023"
"url": "http://www.securityfocus.com/bid/76086",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/76086"
},
{
"name": "[polkit-devel] 20150630 Crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html"
"url": "https://usn.ubuntu.com/3717-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3717-1/"
}
]
}

67
2015/3xxx/CVE-2015-3238.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the _unix_run_helper_binary() function of PAM's unix_pam module could write to a blocking pipe, possibly causing the function to become unresponsive. An attacker able to supply large passwords to the unix_pam module could use this flaw to enumerate valid user accounts, or cause a denial of service on the system."
"value": "The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Observable Discrepancy",
"cweId": "CWE-203"
"value": "n/a"
}
]
}
@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:1.1.1-20.el6_7.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.1.8-12.ael7b_1.1",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -110,21 +98,6 @@
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2935-3"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1640",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1640"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-3238",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-3238"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228571",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1228571"
},
{
"url": "https://security.gentoo.org/glsa/201605-05",
"refsource": "MISC",
@ -139,31 +112,11 @@
"url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/",
"refsource": "MISC",
"name": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/"
}
]
},
"impact": {
"cvss": [
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228571",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1228571"
}
]
}

141
2015/3xxx/CVE-2015-3246.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3246",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,57 +27,81 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "76022",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76022"
},
{
"name": "FEDORA-2015-12301",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162947.html"
},
{
"name": "44633",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44633/"
},
{
"name": "https://access.redhat.com/articles/1537873",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/articles/1537873"
},
{
"name": "RHSA-2015:1482",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1482.html"
},
{
"name": "FEDORA-2015-12064",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163044.html"
},
{
"name": "openSUSE-SU-2015:1332",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00000.html"
},
{
"name": "https://www.qualys.com/2015/07/23/cve-2015-3245-cve-2015-3246/cve-2015-3245-cve-2015-3246.txt",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163044.html",
"refsource": "MISC",
"url": "https://www.qualys.com/2015/07/23/cve-2015-3245-cve-2015-3246/cve-2015-3245-cve-2015-3246.txt"
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163044.html"
},
{
"name": "1033040",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033040"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162947.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162947.html"
},
{
"name": "RHSA-2015:1483",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1483.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1482.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1482.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1483.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1483.html"
},
{
"url": "http://www.securitytracker.com/id/1033040",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1033040"
},
{
"url": "https://access.redhat.com/articles/1537873",
"refsource": "MISC",
"name": "https://access.redhat.com/articles/1537873"
},
{
"url": "https://www.exploit-db.com/exploits/44633/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/44633/"
},
{
"url": "https://www.qualys.com/2015/07/23/cve-2015-3245-cve-2015-3246/cve-2015-3245-cve-2015-3246.txt",
"refsource": "MISC",
"name": "https://www.qualys.com/2015/07/23/cve-2015-3245-cve-2015-3246/cve-2015-3245-cve-2015-3246.txt"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00000.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00000.html"
},
{
"url": "http://www.securityfocus.com/bid/76022",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/76022"
}
]
}

100
2015/3xxx/CVE-2015-3247.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A race condition flaw, leading to a heap-based memory corruption, was found in spice's worker_update_monitors_config() function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process."
"value": "Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
"cweId": "CWE-362"
"value": "n/a"
}
]
}
@ -32,53 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:0.12.4-12.el6_7.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:0.12.4-9.el7_1.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
"version": {
"version_data": [
{
"version_value": "0:6.7-20150828.0.el6ev",
"version_affected": "!"
},
{
"version_value": "0:7.1-20150827.1.el6ev",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-7",
"version": {
"version_data": [
{
"version_value": "0:7.1-20150827.1.el7ev",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -140,56 +102,6 @@
"url": "http://www.ubuntu.com/usn/USN-2736-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2736-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1713",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1713"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1714",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1714"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1715",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1715"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-3247",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-3247"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1233238",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1233238"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.7,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
]
}

53
2015/3xxx/CVE-2015-3248.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was found that the \"/var/lib/openhpi\" directory provided by OpenHPI used world-writeable and world-readable permissions. A local user could use this flaw to view, modify, and delete OpenHPI-related data, or even fill up the storage device hosting the /var/lib directory."
"value": "openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service (disk consumption)."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Files or Directories Accessible to External Parties",
"cweId": "CWE-552"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.4.0-2.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -64,51 +63,11 @@
"refsource": "MISC",
"name": "http://openhpi.org/Changelogs/3.6.0"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2369",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2369"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-3248",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-3248"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1233520",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1233520"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1233521",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1233521"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}
}

103
2015/3xxx/CVE-2015-3256.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3256",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,47 +27,71 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1245684",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245684"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "RHSA-2016:0189",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0189.html"
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html",
"refsource": "MISC",
"name": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "77356",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77356"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "openSUSE-SU-2015:1927",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
"url": "http://www.securitytracker.com/id/1035023",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1035023"
},
{
"name": "[polkit-devel] 20150702 polkit-0.113 released",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-0189.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0189.html"
},
{
"name": "openSUSE-SU-2015:1734",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
"url": "http://www.securityfocus.com/bid/77356",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/77356"
},
{
"name": "1035023",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035023"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245684",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1245684"
}
]
}

67
2015/3xxx/CVE-2015-3257.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3257",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,17 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://framework.zend.com/security/advisory/ZF2015-05",
"refsource": "CONFIRM",
"url": "https://framework.zend.com/security/advisory/ZF2015-05"
"url": "http://www.securityfocus.com/bid/75466",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/75466"
},
{
"name": "75466",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75466"
"url": "https://framework.zend.com/security/advisory/ZF2015-05",
"refsource": "MISC",
"name": "https://framework.zend.com/security/advisory/ZF2015-05"
}
]
}

52
2015/3xxx/CVE-2015-3258.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the \"lp\" user."
"value": "Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write",
"cweId": "CWE-787"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:1.0.35-21.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -95,49 +94,14 @@
"name": "http://www.securityfocus.com/bid/75436"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2360",
"url": "https://security.gentoo.org/glsa/201510-08",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2360"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-3258",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-3258"
"name": "https://security.gentoo.org/glsa/201510-08"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1235385",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1235385"
},
{
"url": "https://security.gentoo.org/glsa/201510-08",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201510-08"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
}

73
2015/3xxx/CVE-2015-3267.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3267",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,22 +27,46 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "1033136",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033136"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1525.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1525.html"
},
{
"name": "RHSA-2015:1525",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1525.html"
"url": "http://www.securityfocus.com/bid/76335",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/76335"
},
{
"name": "76335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76335"
"url": "http://www.securitytracker.com/id/1033136",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1033136"
}
]
}

48
2015/3xxx/CVE-2015-3276.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled."
"value": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Incorrect Calculation",
"cweId": "CWE-682"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.4.40-8.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -59,11 +58,6 @@
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2131",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2131"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-2131.html",
"refsource": "MISC",
@ -74,41 +68,11 @@
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1034221"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-3276",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-3276"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238322",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1238322"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}
}

73
2015/3xxx/CVE-2015-3277.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3277",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,22 +27,46 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-13616",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170607.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170607.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170607.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1243518",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243518"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243518",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1243518"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1238324",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238324"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238324",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1238324"
}
]
}

324
2016/4xxx/CVE-2016-4995.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in foreman's handling of template previews. An attacker with permissions to preview host templates can access the template preview for any host if they are able to guess the host name, disclosing potentially sensitive information."
"value": "Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
"value": "n/a"
}
]
}
@ -32,272 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 6.3 for RHEL 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.1.14-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.34-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:201801241201-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.4-1",
"version_affected": "!"
},
{
"version_value": "1:1.15.6.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.4-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5-15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.5.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5.26-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.2.1.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.16-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:4.0.5-4.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.9-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.0-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.2.1-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.4-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.10-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.6.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.0-1.git.0.b5c2768.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.7-2.git.0.3b416c9.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.3.0-23.0.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.3.0.12-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.1.1.4-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:10.0.2.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:9.1.5.3-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.1.0.3-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.14-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.11-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.13-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.7.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.6-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.9.6.4-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.8-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.0.1-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.4.16-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.9-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.0.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.3.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.0.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3.3-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.5-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.12-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.3.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5.58-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.10-1.fm1_15.el7sat",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -325,66 +68,11 @@
"refsource": "MISC",
"name": "http://projects.theforeman.org/projects/foreman/repository/revisions/c3c186de12be15e55d9582e54659f765304a1073"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-4995",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-4995"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348939",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1348939"
},
{
"url": "https://theforeman.org/security.html#2016-4995",
"refsource": "MISC",
"name": "https://theforeman.org/security.html#2016-4995"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Dominic Cleal (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
}
}

135
2016/5xxx/CVE-2016-5003.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was discovered in the Apache XML-RPC (ws-xmlrpc) library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a <ex:serializable> element."
"value": "The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data",
"cweId": "CWE-502"
"value": "n/a"
}
]
}
@ -32,104 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.0-4.17.el6_9",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "1:3.1.3-9.el7_5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "1:3.1.3-8.16.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS",
"version": {
"version_data": [
{
"version_value": "1:3.1.3-8.16.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "1:3.1.3-8.16.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS",
"version": {
"version_data": [
{
"version_value": "1:3.1.3-8.16.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS",
"version": {
"version_data": [
{
"version_value": "1:3.1.3-8.16.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS",
"version": {
"version_data": [
{
"version_value": "1:3.1.3-8.16.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "1:3.1.3-9.el7_5",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -202,45 +113,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2317"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-5003",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-5003"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508123",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1508123"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/115043",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/115043"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Setting enabledForExtensions is false by default, thus <ex:serializable> elements are not automatically deserialized. However, if you have it enabled and you don't need any of the provided functions (https://ws.apache.org/xmlrpc/extensions.html) we suggest you disable it."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}
}

89
2016/5xxx/CVE-2016-5004.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5004",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160712 Vulnerabilities in Apache Archiva",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/12/5"
},
{
"name": "1036294",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036294"
},
{
"name": "https://github.com/0ang3el/unsafe-xmlrpc",
"url": "http://www.openwall.com/lists/oss-security/2016/07/12/5",
"refsource": "MISC",
"url": "https://github.com/0ang3el/unsafe-xmlrpc"
"name": "http://www.openwall.com/lists/oss-security/2016/07/12/5"
},
{
"name": "https://0ang3el.blogspot.in/2016/07/beware-of-ws-xmlrpc-library-in-your.html",
"url": "http://www.securityfocus.com/bid/91736",
"refsource": "MISC",
"url": "https://0ang3el.blogspot.in/2016/07/beware-of-ws-xmlrpc-library-in-your.html"
"name": "http://www.securityfocus.com/bid/91736"
},
{
"name": "91736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91736"
"url": "http://www.securitytracker.com/id/1036294",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1036294"
},
{
"url": "https://0ang3el.blogspot.in/2016/07/beware-of-ws-xmlrpc-library-in-your.html",
"refsource": "MISC",
"name": "https://0ang3el.blogspot.in/2016/07/beware-of-ws-xmlrpc-library-in-your.html"
},
{
"url": "https://github.com/0ang3el/unsafe-xmlrpc",
"refsource": "MISC",
"name": "https://github.com/0ang3el/unsafe-xmlrpc"
}
]
}

97
2016/5xxx/CVE-2016-5105.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5105",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,42 +27,66 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-3047-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3047-1"
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[oss-security] 20160525 CVE Request Qemu: scsi: megasas: stack information leakage while reading configuration",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/5"
"url": "http://www.ubuntu.com/usn/USN-3047-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "[qemu-devel] 20160525 [Qemu-devel] [PATCH v2] scsi: megasas: initialise local configuration da",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html"
"url": "http://www.ubuntu.com/usn/USN-3047-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "USN-3047-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3047-2"
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/05/25/5"
},
{
"name": "[oss-security] 20160526 Re: CVE Request Qemu: scsi: megasas: stack information leakage while reading configuration",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/26/7"
"url": "http://www.openwall.com/lists/oss-security/2016/05/26/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/05/26/7"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1339583",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1339583"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1339583",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1339583"
}
]
}

109
2016/5xxx/CVE-2016-5363.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5363",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,52 +27,76 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:1473",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1473"
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/06/10/5"
},
{
"name": "https://review.openstack.org/#/c/299025/",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/#/c/299025/"
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/06/10/6"
},
{
"name": "[oss-security] 20160610 CVE request for vulnerability in OpenStack Neutron",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/5"
"url": "https://access.redhat.com/errata/RHSA-2016:1473",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1473"
},
{
"name": "[oss-security] 20160610 Re: CVE request for vulnerability in OpenStack Neutron",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/6"
"url": "https://access.redhat.com/errata/RHSA-2016:1474",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1474"
},
{
"name": "https://security.openstack.org/ossa/OSSA-2016-009.html",
"refsource": "CONFIRM",
"url": "https://security.openstack.org/ossa/OSSA-2016-009.html"
"url": "https://security.openstack.org/ossa/OSSA-2016-009.html",
"refsource": "MISC",
"name": "https://security.openstack.org/ossa/OSSA-2016-009.html"
},
{
"name": "https://bugs.launchpad.net/neutron/+bug/1558658",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/neutron/+bug/1558658"
"url": "https://bugs.launchpad.net/neutron/+bug/1558658",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/neutron/+bug/1558658"
},
{
"name": "RHSA-2016:1474",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1474"
"url": "https://review.openstack.org/#/c/299021/",
"refsource": "MISC",
"name": "https://review.openstack.org/#/c/299021/"
},
{
"name": "https://review.openstack.org/#/c/299021/",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/#/c/299021/"
"url": "https://review.openstack.org/#/c/299023/",
"refsource": "MISC",
"name": "https://review.openstack.org/#/c/299023/"
},
{
"name": "https://review.openstack.org/#/c/299023/",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/#/c/299023/"
"url": "https://review.openstack.org/#/c/299025/",
"refsource": "MISC",
"name": "https://review.openstack.org/#/c/299025/"
}
]
}

73
2016/5xxx/CVE-2016-5384.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was found that cache files were insufficiently validated in fontconfig. A local attacker could create a specially crafted cache file to trigger arbitrary free() calls, which in turn could lead to arbitrary code execution."
"value": "fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.10.95-10.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -74,21 +73,6 @@
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3063-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2601",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2601"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-5384",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-5384"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1350891",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1350891"
},
{
"url": "https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940",
"refsource": "MISC",
@ -110,50 +94,5 @@
"name": "https://lists.freedesktop.org/archives/fontconfig/2016-August/005792.html"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Tobias Stoeckmann for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.7,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
}
}

219
2016/5xxx/CVE-2016-5385.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request."
"value": "PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an \"httpoxy\" issue."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
"value": "n/a"
}
]
}
@ -32,141 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:5.3.3-48.el6_8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:5.4.16-36.3.el7_2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:5.4.40-4.el6",
"version_affected": "!"
},
{
"version_value": "0:5.5.21-5.el6",
"version_affected": "!"
},
{
"version_value": "0:5.6.5-9.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS",
"version": {
"version_data": [
{
"version_value": "0:5.4.40-4.el6",
"version_affected": "!"
},
{
"version_value": "0:5.5.21-5.el6",
"version_affected": "!"
},
{
"version_value": "0:5.6.5-9.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS",
"version": {
"version_data": [
{
"version_value": "0:5.4.40-4.el6",
"version_affected": "!"
},
{
"version_value": "0:5.5.21-5.el6",
"version_affected": "!"
},
{
"version_value": "0:5.6.5-9.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:5.4.40-4.el7",
"version_affected": "!"
},
{
"version_value": "0:5.5.21-5.el7",
"version_affected": "!"
},
{
"version_value": "0:5.6.5-9.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS",
"version": {
"version_data": [
{
"version_value": "0:5.4.40-4.el7",
"version_affected": "!"
},
{
"version_value": "0:5.5.21-5.el7",
"version_affected": "!"
},
{
"version_value": "0:5.6.5-9.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS",
"version": {
"version_data": [
{
"version_value": "0:5.4.40-4.el7",
"version_affected": "!"
},
{
"version_value": "0:5.5.21-5.el7",
"version_affected": "!"
},
{
"version_value": "0:5.6.5-9.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -249,41 +123,6 @@
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1036335"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1609",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1609"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1610",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1610"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1611",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1611"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1612",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1612"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1613",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1613"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-5385",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-5385"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353794",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1353794"
},
{
"url": "https://github.com/guzzle/guzzle/releases/tag/6.2.1",
"refsource": "MISC",
@ -333,51 +172,11 @@
"url": "https://www.drupal.org/SA-CORE-2016-003",
"refsource": "MISC",
"name": "https://www.drupal.org/SA-CORE-2016-003"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353794",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1353794"
}
]
}

181
2016/5xxx/CVE-2016-5403.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5403",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,112 +27,136 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "RHSA-2016:1756",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1756.html"
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-184.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-184.html"
"url": "http://www.ubuntu.com/usn/USN-3047-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "USN-3047-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3047-1"
"url": "http://www.ubuntu.com/usn/USN-3047-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "RHSA-2016:1655",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1655.html"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1358359",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358359"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1943.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1943.html"
},
{
"name": "RHSA-2016:1763",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1763.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1606.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1606.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1607.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1607.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1653.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1653.html"
},
{
"name": "RHSA-2016:1585",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1585.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1654.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1654.html"
},
{
"name": "RHSA-2016:1653",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1653.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1655.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1655.html"
},
{
"name": "RHSA-2016:1607",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1607.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1756.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1756.html"
},
{
"name": "RHSA-2016:1654",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1654.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1763.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1763.html"
},
{
"name": "1036476",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036476"
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"name": "USN-3047-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3047-2"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1585.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1585.html"
},
{
"name": "RHSA-2016:1606",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1606.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1586.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1586.html"
},
{
"name": "RHSA-2016:1586",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1586.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1652.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1652.html"
},
{
"name": "RHSA-2016:1943",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1943.html"
"url": "http://www.securityfocus.com/bid/92148",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92148"
},
{
"name": "92148",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92148"
"url": "http://www.securitytracker.com/id/1036476",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1036476"
},
{
"name": "RHSA-2016:1652",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1652.html"
"url": "http://xenbits.xen.org/xsa/advisory-184.html",
"refsource": "MISC",
"name": "http://xenbits.xen.org/xsa/advisory-184.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358359",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1358359"
}
]
}

84
2016/5xxx/CVE-2016-5404.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An insufficient permission check issue was found in the way IPA server treats certificate revocation requests. An attacker logged in with the 'retrieve certificate' permission enabled could use this flaw to revoke certificates, possibly triggering a denial of service attack."
"value": "The cert_revoke command in FreeIPA does not check for the \"revoke certificate\" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the \"retrieve certificate\" permission."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Authorization",
"cweId": "CWE-285"
"value": "n/a"
}
]
}
@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.0.0-50.el6_8.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:4.2.0-15.el7_2.19",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -85,21 +73,6 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92525"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1797",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1797"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-5404",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-5404"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1351593",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1351593"
},
{
"url": "https://fedorahosted.org/freeipa/ticket/6232",
"refsource": "MISC",
@ -126,50 +99,5 @@
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQDYWANTMDFZP3HTGSEOA2IONVUITYX5/"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Fraser Tweedale (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
}
}

84
2016/5xxx/CVE-2016-5405.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was found that 389 Directory Server was vulnerable to a remote password disclosure via timing attack. A remote attacker could possibly use this flaw to retrieve directory server password after many tries."
"value": "389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Covert Timing Channel",
"cweId": "CWE-385"
"value": "n/a"
}
]
}
@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:1.2.11.15-84.el6_8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.3.5.10-11.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -80,71 +68,11 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/93884"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2594",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2594"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2765",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2765"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-5405",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-5405"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358865",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1358865"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by William Brown (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
]
}
}

67
2016/5xxx/CVE-2016-5414.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5414",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,17 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/attachment.cgi?id=1184610",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=1184610"
"url": "https://bugzilla.redhat.com/attachment.cgi?id=1184610",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/attachment.cgi?id=1184610"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1360757",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1360757"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1360757",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1360757"
}
]
}

78
2016/5xxx/CVE-2016-5425.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges."
"value": "The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Access Control",
"cweId": "CWE-284"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:7.0.54-8.el7_2",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -69,11 +68,6 @@
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2046.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2046",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2046"
},
{
"url": "https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3E",
"refsource": "MISC",
@ -84,11 +78,6 @@
"refsource": "MISC",
"name": "http://legalhackers.com/advisories/Tomcat-RedHat-Pkgs-Root-PrivEsc-Exploit-CVE-2016-5425.html"
},
{
"url": "http://legalhackers.com/advisories/Tomcat-RedHat-based-Root-Privilege-Escalation-Exploit.txt",
"refsource": "MISC",
"name": "http://legalhackers.com/advisories/Tomcat-RedHat-based-Root-Privilege-Escalation-Exploit.txt"
},
{
"url": "http://packetstormsecurity.com/files/139041/Apache-Tomcat-8-7-6-Privilege-Escalation.html",
"refsource": "MISC",
@ -109,66 +98,11 @@
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1036979"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-5425",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-5425"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1362545",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1362545"
},
{
"url": "https://www.exploit-db.com/exploits/40488/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/40488/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Dawid Golunski (http://legalhackers.com) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}
}

129
2016/6xxx/CVE-2016-6173.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-6173",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,47 +27,71 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[nsd-users] 20160809 NSD 4.1.11",
"refsource": "MLIST",
"url": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html"
},
{
"name": "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
},
{
"name": "91678",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91678"
},
{
"name": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790",
"refsource": "CONFIRM",
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790"
},
{
"name": "[dns-operations] 20160704 DNS activities in Japan",
"refsource": "MLIST",
"url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
},
{
"name": "[oss-security] 20160706 Re: Malicious primary DNS servers can crash secondaries",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/4"
},
{
"name": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES",
"refsource": "CONFIRM",
"url": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES"
},
{
"name": "https://github.com/sischkg/xfer-limit/blob/master/README.md",
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/3",
"refsource": "MISC",
"url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
"name": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
},
{
"url": "https://github.com/sischkg/xfer-limit/blob/master/README.md",
"refsource": "MISC",
"name": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
},
{
"url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html",
"refsource": "MISC",
"name": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/07/06/4"
},
{
"url": "http://www.securityfocus.com/bid/91678",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/91678"
},
{
"url": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES",
"refsource": "MISC",
"name": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES"
},
{
"url": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html",
"refsource": "MISC",
"name": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html"
},
{
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790",
"refsource": "MISC",
"name": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790"
}
]
}

169
2016/6xxx/CVE-2016-6303.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-6303",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,102 +27,126 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/tns-2016-20",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-20"
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
"refsource": "MISC",
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "1036885",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036885"
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"name": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource": "MISC",
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
},
{
"name": "https://www.tenable.com/security/tns-2016-16",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-16"
"url": "https://www.tenable.com/security/tns-2016-20",
"refsource": "MISC",
"name": "https://www.tenable.com/security/tns-2016-20"
},
{
"name": "https://www.tenable.com/security/tns-2016-21",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-21"
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312",
"refsource": "MISC",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
},
{
"name": "92984",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92984"
"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/",
"refsource": "MISC",
"name": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
"url": "https://www.tenable.com/security/tns-2016-16",
"refsource": "MISC",
"name": "https://www.tenable.com/security/tns-2016-16"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1370146",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1370146"
"url": "https://www.tenable.com/security/tns-2016-21",
"refsource": "MISC",
"name": "https://www.tenable.com/security/tns-2016-21"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa132",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa132"
"url": "http://www.securityfocus.com/bid/92984",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92984"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
"url": "http://www.securitytracker.com/id/1036885",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1036885"
},
{
"name": "FreeBSD-SA-16:26",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
"url": "https://bto.bluecoat.com/security-advisory/sa132",
"refsource": "MISC",
"name": "https://bto.bluecoat.com/security-advisory/sa132"
},
{
"name": "https://git.openssl.org/?p=openssl.git;a=commit;h=55d83bf7c10c7b205fffa23fa7c3977491e56c07",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/?p=openssl.git;a=commit;h=55d83bf7c10c7b205fffa23fa7c3977491e56c07"
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=55d83bf7c10c7b205fffa23fa7c3977491e56c07",
"refsource": "MISC",
"name": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=55d83bf7c10c7b205fffa23fa7c3977491e56c07"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc",
"refsource": "MISC",
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1370146",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1370146"
}
]
}

175
2016/6xxx/CVE-2016-6325.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges."
"value": "The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Access Control",
"cweId": "CWE-284"
"value": "n/a"
}
]
}
@ -32,113 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:6.0.24-98.el6_8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:7.0.54-8.el7_2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Web Server 3 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:4.2.23-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:1-3.jbcs.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.15-1.redhat_2.1.jbcs.el6",
"version_affected": "!"
},
{
"version_value": "1:1.0.15-17.redhat_2.jbcs.el6",
"version_affected": "!"
},
{
"version_value": "0:1.3.5-2.Final_redhat_2.1.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:7.0.70-16.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:8.0.36-17.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:1.2.8-9.redhat_9.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.8-9.Final_redhat_2.1.ep7.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Web Server 3 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:4.2.23-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:1-3.jbcs.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.15-1.redhat_2.1.jbcs.el7",
"version_affected": "!"
},
{
"version_value": "1:1.0.15-17.redhat_2.jbcs.el7",
"version_affected": "!"
},
{
"version_value": "0:1.3.5-2.Final_redhat_2.1.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:7.0.70-16.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:8.0.36-17.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:1.2.8-9.redhat_9.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.8-9.Final_redhat_2.1.ep7.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -166,16 +68,6 @@
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2046.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2045",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2045"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2046",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2046"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html",
"refsource": "MISC",
@ -196,66 +88,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0456"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0457",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0457"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-6325",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-6325"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367447",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1367447"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Red Hat Product Security."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}
}

116
2016/6xxx/CVE-2016-6343.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-6343",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dashbuilder",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,55 +15,82 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
[
{
"vectorString": "5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
"value": "CWE-79",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "Dashbuilder",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "96987",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96987"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0557.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0557.html"
},
{
"name": "RHSA-2017:0557",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0557.html"
"url": "http://www.securityfocus.com/bid/96987",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/96987"
},
{
"name": "RHSA-2018:0296",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0296"
"url": "https://access.redhat.com/errata/RHSA-2018:0296",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0296"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6343",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6343"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6343",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6343"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
]
}

79
2016/6xxx/CVE-2016-6344.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-6344",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,27 +27,51 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1371807",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371807"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0248.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0248.html"
},
{
"name": "RHSA-2017:0248",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0248.html"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0249.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0249.html"
},
{
"name": "RHSA-2017:0249",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0249.html"
"url": "http://www.securityfocus.com/bid/92714",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92714"
},
{
"name": "92714",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92714"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371807",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1371807"
}
]
}

97
2016/6xxx/CVE-2016-6833.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-6833",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,42 +27,66 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "93255",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93255"
"url": "https://security.gentoo.org/glsa/201609-01",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20160812 CVE request: Qemu net: vmxnet3: use after free while writing",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/12/1"
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8"
},
{
"name": "[qemu-devel] 20160809 [PULL 2/3] net: vmxnet3: check for device_active before write",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01602.html"
"url": "http://www.openwall.com/lists/oss-security/2016/08/12/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/08/12/1"
},
{
"name": "GLSA-201609-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201609-01"
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/08/18/3"
},
{
"name": "[oss-security] 20160817 Re: CVE request: Qemu net: vmxnet3: use after free while writing",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/3"
"url": "http://www.securityfocus.com/bid/93255",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/93255"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01602.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01602.html"
}
]
}

97
2016/6xxx/CVE-2016-6834.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-6834",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,42 +27,66 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05"
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "92446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92446"
"url": "https://security.gentoo.org/glsa/201609-01",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "GLSA-201609-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201609-01"
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05"
},
{
"name": "[oss-security] 20160817 Re: CVE request Qemu: an infinite loop during packet fragmentation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/7"
"url": "http://www.openwall.com/lists/oss-security/2016/08/11/8",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/08/11/8"
},
{
"name": "[qemu-devel] 20160809 [PULL 1/3] net: check fragment length during fragmentation",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html"
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/08/18/7"
},
{
"name": "[oss-security] 20160812 CVE request Qemu: an infinite loop during packet fragmentation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/11/8"
"url": "http://www.securityfocus.com/bid/92446",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92446"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html"
}
]
}

68
2016/6xxx/CVE-2016-6835.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2016-6835 Qemu: net: vmxnet: buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device emulation"
"value": "The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-14.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -79,66 +78,11 @@
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/08/18/4"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-6835",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-6835"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369012",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369012"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Li Qiang (Qihoo 360 Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
]
}
}

73
2016/7xxx/CVE-2016-7033.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7033",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,22 +27,46 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "92762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92762"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0249.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0249.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1373344",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373344"
"url": "http://www.securityfocus.com/bid/92762",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92762"
},
{
"name": "RHSA-2017:0249",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0249.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373344",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1373344"
}
]
}

79
2016/7xxx/CVE-2016-7034.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7034",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,27 +27,51 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0557",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0557.html"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0557.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0557.html"
},
{
"name": "RHSA-2018:0296",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0296"
"url": "https://access.redhat.com/errata/RHSA-2018:0296",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0296"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1373347",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373347"
"url": "http://www.securityfocus.com/bid/92760",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92760"
},
{
"name": "92760",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92760"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373347",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1373347"
}
]
}

78
2016/7xxx/CVE-2016-7043.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7043",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-260",
"cweId": "CWE-260"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "affects < 7.21.0.Final"
}
]
@ -30,54 +52,36 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-260"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7043",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7043",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7043"
},
{
"url": "https://github.com/kiegroup/droolsjbpm-integration/pull/1273",
"name": "https://github.com/kiegroup/droolsjbpm-integration/pull/1273",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther services."
"refsource": "MISC",
"name": "https://github.com/kiegroup/droolsjbpm-integration/pull/1273"
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
[
{
"vectorString": "4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
]
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
}
}

79
2016/7xxx/CVE-2016-7065.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7065",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,27 +27,51 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1382534",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1382534"
"url": "http://seclists.org/fulldisclosure/2016/Nov/143",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2016/Nov/143"
},
{
"name": "40842",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40842/"
"url": "http://www.securityfocus.com/bid/93462",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/93462"
},
{
"name": "20161125 Red Hat JBoss EAP deserialization of untrusted data",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Nov/143"
"url": "https://www.exploit-db.com/exploits/40842/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/40842/"
},
{
"name": "93462",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93462"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1382534",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1382534"
}
]
}

63
2016/7xxx/CVE-2016-7075.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was found that Kubernetes did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate."
"value": "It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Certificate Validation",
"value": "CWE-295",
"cweId": "CWE-295"
}
]
@ -36,34 +36,12 @@
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 3.2",
"product_name": "OpenShift",
"version": {
"version_data": [
{
"version_value": "0:3.2.1.17-1.git.0.6d01b60.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 3.3",
"version": {
"version_data": [
{
"version_value": "0:3.3.0.35-1.git.0.d7bd9b6.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Enterprise 3.1",
"version": {
"version_data": [
{
"version_value": "0:3.1.1.8-1.git.0.d469026.el7aos",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -81,16 +59,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2064"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-7075",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-7075"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384112",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1384112"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075",
"refsource": "MISC",
@ -105,27 +73,6 @@
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",

156
2017/2xxx/CVE-2017-2625.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was discovered that libXdmcp used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions."
"value": "It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Insufficient Entropy",
"value": "CWE-331",
"cweId": "CWE-331"
}
]
@ -32,144 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Xorg",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "libXdmcp",
"version": {
"version_data": [
{
"version_value": "0:2.4.74-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.3.1-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.5.6-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.3-3.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.9-9.el7",
"version_affected": "!"
},
{
"version_value": "0:1.6.3-2.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.1-3.el7",
"version_affected": "!"
},
{
"version_value": "0:0.24-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.6.5-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.13-4.el7",
"version_affected": "!"
},
{
"version_value": "0:1.12-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.14-8.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.2-6.el7",
"version_affected": "!"
},
{
"version_value": "0:5.0.3-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.5.2-1.el7",
"version_affected": "!"
},
{
"version_value": "0:2.0.1-2.el7",
"version_affected": "!"
},
{
"version_value": "0:1.7.9-1.el7",
"version_affected": "!"
},
{
"version_value": "0:0.7.1-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.9-3.el7",
"version_affected": "!"
},
{
"version_value": "0:3.5.12-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.5.1-2.el7",
"version_affected": "!"
},
{
"version_value": "0:0.9.10-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.5-3.el7",
"version_affected": "!"
},
{
"version_value": "0:1.2.3-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.11-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.10-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.4-1.el7",
"version_affected": "!"
},
{
"version_value": "0:17.0.1-6.20170307.el7",
"version_affected": "!"
},
{
"version_value": "0:3.9.1-3.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.39.1-2.el7",
"version_affected": "!"
},
{
"version_value": "0:1.12-2.el7",
"version_affected": "!"
},
{
"version_value": "0:2.20-1.el7",
"version_affected": "!"
},
{
"version_value": "0:7.7-20.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "1.1.2"
}
]
}
@ -197,16 +69,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1865"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-2625",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2625"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1424987",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1424987"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625",
"refsource": "MISC",
@ -234,12 +96,6 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Eric Sesterhenn (X41 D-Sec GmbH) for reporting this issue."
}
],
"impact": {
"cvss": [
{

156
2017/2xxx/CVE-2017-2626.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was discovered that libICE used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list."
"value": "It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Insufficient Entropy",
"value": "CWE-331",
"cweId": "CWE-331"
}
]
@ -32,144 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Xorg",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "libICE",
"version": {
"version_data": [
{
"version_value": "0:2.4.74-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.3.1-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.5.6-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.3-3.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.9-9.el7",
"version_affected": "!"
},
{
"version_value": "0:1.6.3-2.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.1-3.el7",
"version_affected": "!"
},
{
"version_value": "0:0.24-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.6.5-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.13-4.el7",
"version_affected": "!"
},
{
"version_value": "0:1.12-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.14-8.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.2-6.el7",
"version_affected": "!"
},
{
"version_value": "0:5.0.3-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.5.2-1.el7",
"version_affected": "!"
},
{
"version_value": "0:2.0.1-2.el7",
"version_affected": "!"
},
{
"version_value": "0:1.7.9-1.el7",
"version_affected": "!"
},
{
"version_value": "0:0.7.1-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.9-3.el7",
"version_affected": "!"
},
{
"version_value": "0:3.5.12-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.5.1-2.el7",
"version_affected": "!"
},
{
"version_value": "0:0.9.10-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.5-3.el7",
"version_affected": "!"
},
{
"version_value": "0:1.2.3-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.11-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.10-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.4-1.el7",
"version_affected": "!"
},
{
"version_value": "0:17.0.1-6.20170307.el7",
"version_affected": "!"
},
{
"version_value": "0:3.9.1-3.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.39.1-2.el7",
"version_affected": "!"
},
{
"version_value": "0:1.12-2.el7",
"version_affected": "!"
},
{
"version_value": "0:2.20-1.el7",
"version_affected": "!"
},
{
"version_value": "0:7.7-20.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "1.0.9-8"
}
]
}
@ -212,16 +84,6 @@
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2019/07/14/3"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-2626",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2626"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1424992",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1424992"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2626",
"refsource": "MISC",
@ -239,12 +101,6 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Eric Sesterhenn (X41 D-Sec GmbH) for reporting this issue."
}
],
"impact": {
"cvss": [
{

92
2017/2xxx/CVE-2017-2627.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2627",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openstack-tripleo-common",
"version": {
"version_data": [
{
"version_value": "As shipped with Red Hat Openstack Enterprise 10 and 11"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,34 +15,67 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.2/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22"
"value": "CWE-22",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "openstack-tripleo-common",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "As shipped with Red Hat Openstack Enterprise 10 and 11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2627",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2627"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2627",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2627"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
}

46
2017/2xxx/CVE-2017-2628.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentication could incorrectly re-use credentials for subsequent requests to the same server."
"value": "curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl only."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Authentication",
"value": "CWE-287",
"cweId": "CWE-287"
}
]
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "curl",
"version": {
"version_data": [
{
"version_value": "0:7.19.7-53.el6_9",
"version_affected": "!"
"version_affected": "=",
"version_value": "7.19.7-53"
}
]
}
@ -64,45 +64,11 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/97187"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0847",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0847"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-2628",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2628"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422464",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1422464"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Paulo Andrade (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
]
}
}

65
2017/2xxx/CVE-2017-2634.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system."
"value": "It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"value": "CWE-476",
"cweId": "CWE-476"
}
]
@ -32,38 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"product_name": "kernel:",
"version": {
"version_data": [
{
"version_value": "0:2.6.18-419.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5.6 Long Life",
"version": {
"version_data": [
{
"version_value": "0:2.6.18-238.58.1.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5.9 Long Life",
"version": {
"version_data": [
{
"version_value": "0:2.6.18-348.33.1.el5",
"version_affected": "!"
"version_affected": "=",
"version_value": "2.6.22.17"
}
]
}
@ -101,31 +79,6 @@
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037909"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0323",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0323"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0346",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0346"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0347",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0347"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-2634",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2634"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1424751",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1424751"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2634",
"refsource": "MISC",
@ -138,12 +91,6 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Wade Mealing (Red Hat Product Security)."
}
],
"impact": {
"cvss": [
{

167
2017/2xxx/CVE-2017-2636.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system."
"value": "Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
"cweId": "CWE-362"
"value": "n/a"
}
]
}
@ -32,130 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-696.1.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-220.71.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.4 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-358.78.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-431.80.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.5 Telco Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-431.80.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.6 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-504.60.2.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.6 Telco Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-504.60.2.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.7 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-573.42.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.16.1.rt56.437.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-514.16.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.2 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-327.53.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-514.rt56.219.el6rt",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -243,51 +128,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1488"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-2636",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2636"
},
{
"url": "https://access.redhat.com/security/vulnerabilities/CVE-2017-2636",
"refsource": "MISC",
"name": "https://access.redhat.com/security/vulnerabilities/CVE-2017-2636"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1428319",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1428319"
}
]
},
"work_around": [
{
"lang": "en",
"value": "The n_hdlc kernel module will be automatically loaded when an application attempts to use the HDLC line discipline from userspace. This module can be prevented from being loaded by using the system-wide modprobe rules. The following command, run as root, will prevent accidental or intentional loading of the module. Red Hat Product Security believe this method is a robust method to prevent accidental loading of the module, even by privileged users.\n\n\u200b# echo \"install n_hdlc /bin/true\" >> /etc/modprobe.d/disable-n_hdlc.conf\n\nThe system will need to be restarted if the n_hdlc modules are already loaded. In most circumstances, the n_hdlc kernel modules will be unable to be unloaded if in use and while any current process using this line discipline is required.\n\nExploiting this flaw does not require Microgate or SyncLink hardware to be in use.\n\nIf further assistance is needed, see this KCS article ( https://access.redhat.com/solutions/41278 ) or contact Red Hat Global Support Services."
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Alexander Popov for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}
}

109
2017/2xxx/CVE-2017-2637.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Missing Authentication for Critical Function",
"value": "CWE-306",
"cweId": "CWE-306"
}
]
@ -32,93 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform director 7.0 for RHEL 7",
"product_name": "rhosp-director",
"version": {
"version_data": [
{
"version_value": "0:0.8.6-135.el7ost",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-6.el7ost",
"version_affected": "!"
},
{
"version_value": "0:0.0.10-34.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"version": {
"version_data": [
{
"version_value": "1:14.0.3-9.el7ost",
"version_affected": "!"
},
{
"version_value": "0:5.4.1-6.el7ost",
"version_affected": "!"
},
{
"version_value": "0:5.2.0-15.el7ost",
"version_affected": "!"
},
{
"version_value": "0:5.2.0-3.el7ost",
"version_affected": "!"
},
{
"version_value": "0:9.5.0-4.el7ost",
"version_affected": "!"
},
{
"version_value": "0:5.5.0-12.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty) director",
"version": {
"version_data": [
{
"version_value": "0:0.8.14-29.el7ost",
"version_affected": "!"
},
{
"version_value": "0:0.0.5-2.el7ost",
"version_affected": "!"
},
{
"version_value": "0:0.3.4-14.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka) director",
"version": {
"version_data": [
{
"version_value": "0:2.0.0-57.el7ost",
"version_affected": "!"
},
{
"version_value": "0:2.0.0-6.el7ost",
"version_affected": "!"
},
{
"version_value": "0:2.0.0-14.el7ost",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -156,21 +79,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1546"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-2637",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2637"
},
{
"url": "https://access.redhat.com/solutions/3022771",
"refsource": "MISC",
"name": "https://access.redhat.com/solutions/3022771"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1428240",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1428240"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2637",
"refsource": "MISC",
@ -183,18 +96,6 @@
}
]
},
"work_around": [
{
"lang": "en",
"value": "A KCS article with more details on this flaw is available at: https://access.redhat.com/solutions/3022771"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by David Gurtner (Red Hat)."
}
],
"impact": {
"cvss": [
{

221
2017/2xxx/CVE-2017-2639.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Certificate Validation",
"value": "CWE-295",
"cweId": "CWE-295"
}
]
@ -32,196 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "CloudForms Management Engine 5.8",
"product_name": "CloudForms",
"version": {
"version_data": [
{
"version_value": "0:2.2.1.0-2.el7",
"version_affected": "!"
},
{
"version_value": "0:3.1.2-1.el7at",
"version_affected": "!"
},
{
"version_value": "0:0.1.7-1.el7",
"version_affected": "!"
},
{
"version_value": "0:5.8.0.17-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:19.0.4-1.el7at",
"version_affected": "!"
},
{
"version_value": "0:1.5.1-2.el7cf",
"version_affected": "!"
},
{
"version_value": "0:2.0.0-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.17-23.el7",
"version_affected": "!"
},
{
"version_value": "0:0.42.0-4.el7",
"version_affected": "!"
},
{
"version_value": "1:1.10.2-1.el7at",
"version_affected": "!"
},
{
"version_value": "0:9.4.11-2PGDG.el7at",
"version_affected": "!"
},
{
"version_value": "0:9.0r2-10.el7cf",
"version_affected": "!"
},
{
"version_value": "0:2.6.1-7.el7",
"version_affected": "!"
},
{
"version_value": "0:0.11-4.el7",
"version_affected": "!"
},
{
"version_value": "0:0.9.1-2.1.el7",
"version_affected": "!"
},
{
"version_value": "0:0.71c-2.el7",
"version_affected": "!"
},
{
"version_value": "0:0.6.10-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.15.2-3.el7",
"version_affected": "!"
},
{
"version_value": "0:1.6.5-1.1.el7",
"version_affected": "!"
},
{
"version_value": "0:3.6.5-1.el7at",
"version_affected": "!"
},
{
"version_value": "0:1.2.1-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:3.1.3-2.el7cf",
"version_affected": "!"
},
{
"version_value": "0:3.1.10-3.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.0.7-6.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.9.8-4.el7cf",
"version_affected": "!"
},
{
"version_value": "0:2.7.2-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.6.0-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:2.0.2-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.2.1-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.1.0-2.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.1.0-3.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.6.8-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:4.1.5-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.18.2-5.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.1.7-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:3.3.0-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.1.0-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.25.0-b10.2.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.7.0-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.0.7.1-3.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.6.3-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.4-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.06-1.el7",
"version_affected": "!"
},
{
"version_value": "0:3.1.3-3.el7",
"version_affected": "!"
},
{
"version_value": "0:1.3.14-7.el7cf",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -249,16 +69,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1367"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-2639",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2639"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429632",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1429632"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2639",
"refsource": "MISC",
@ -268,27 +78,6 @@
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",

104
2017/2xxx/CVE-2017-2647.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges."
"value": "The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
"value": "n/a"
}
]
}
@ -32,64 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-754.33.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.6 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-504.84.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.rt56.617.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-693.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.3 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.28.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-514.rt56.231.el6rt",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -143,53 +94,14 @@
"name": "http://www.securityfocus.com/bid/97258"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:3548",
"url": "https://github.com/torvalds/linux/commit/c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:3548"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:3836",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:3836"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-2647",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2647"
"name": "https://github.com/torvalds/linux/commit/c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1428353",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1428353"
},
{
"url": "https://github.com/torvalds/linux/commit/c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Andrey Ryabinin (Virtuozzo) and Igor Redko (Virtuozzo) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}

117
2017/2xxx/CVE-2017-2658.json
View File

@ -1,13 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2658",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
@ -15,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.4.2"
}
]
@ -25,78 +51,57 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.4.3"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking)."
"url": "http://rhn.redhat.com/errata/RHSA-2017-0557.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0557.html"
},
{
"url": "http://www.securityfocus.com/bid/97025",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/97025"
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:2243",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2243"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2658",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2658"
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "2.6/CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
[
{
"vectorString": "2.9/AV:A/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0557",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0557.html"
},
{
"name": "RHSA-2018:2243",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2243"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2658",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2658"
},
{
"name": "97025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97025"
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
]
}

33
2017/2xxx/CVE-2017-2662.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2017-2662 foreman: Managing repositories with their id via hammer does not respect the role filters"
"value": "A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Missing Authorization",
"value": "CWE-862",
"cweId": "CWE-862"
}
]
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "The Foreman Project",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 6.9 for RHEL 7",
"product_name": "foreman katello plugin",
"version": {
"version_data": [
{
"version_value": "0:2.3.1.20-1.el7sat",
"version_affected": "!"
"version_affected": "=",
"version_value": "3.4.5"
}
]
}
@ -54,21 +54,6 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2021:1313",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:1313"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-2662",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2662"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1434106",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1434106"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2662",
"refsource": "MISC",
@ -81,12 +66,6 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Brad Buckingham (Red Hat)."
}
],
"impact": {
"cvss": [
{

98
2017/2xxx/CVE-2017-2665.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2665",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rhscon-core",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,39 +15,72 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522"
"value": "CWE-522",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "rhscon-core",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "97612",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97612"
"url": "http://www.securityfocus.com/bid/97612",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/97612"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2665",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2665"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2665",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2665"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
}

152
2017/2xxx/CVE-2017-2666.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2666",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "undertow",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,84 +15,117 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-444"
"value": "CWE-444",
"cweId": "CWE-444"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "undertow",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1411",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1411"
"url": "https://access.redhat.com/errata/RHSA-2017:3454",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name": "RHSA-2017:1409",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1409.html"
"url": "https://access.redhat.com/errata/RHSA-2017:3455",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666"
"url": "https://access.redhat.com/errata/RHSA-2017:3456",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name": "DSA-3906",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3906"
"url": "https://access.redhat.com/errata/RHSA-2017:3458",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2017:3458",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
"url": "http://rhn.redhat.com/errata/RHSA-2017-1409.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-1409.html"
},
{
"name": "RHSA-2017:1410",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1410"
"url": "https://access.redhat.com/errata/RHSA-2017:1410",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1410"
},
{
"name": "RHSA-2017:1412",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1412"
"url": "https://access.redhat.com/errata/RHSA-2017:1411",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1411"
},
{
"name": "RHSA-2017:3455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
"url": "https://access.redhat.com/errata/RHSA-2017:1412",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1412"
},
{
"name": "RHSA-2017:3456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
"url": "http://www.securityfocus.com/bid/98966",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/98966"
},
{
"name": "98966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98966"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666"
},
{
"name": "RHSA-2017:3454",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
"url": "https://www.debian.org/security/2017/dsa-3906",
"refsource": "MISC",
"name": "https://www.debian.org/security/2017/dsa-3906"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
]
}

297
2017/2xxx/CVE-2017-2667.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was found that the hammer_cli command line client disables SSL/TLS certificate verification by default. A man-in-the-middle (MITM) attacker could use this flaw to spoof a valid certificate."
"value": "Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Insufficient Verification of Data Authenticity",
"value": "CWE-345",
"cweId": "CWE-345"
}
]
@ -32,272 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Foreman",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 6.3 for RHEL 7",
"product_name": "Hammer CLI",
"version": {
"version_data": [
{
"version_value": "0:2.1.14-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.34-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:201801241201-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.4-1",
"version_affected": "!"
},
{
"version_value": "1:1.15.6.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.4-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5-15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.5.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5.26-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.2.1.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.16-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:4.0.5-4.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.9-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.0-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.2.1-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.4-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.10-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.6.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.0-1.git.0.b5c2768.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.7-2.git.0.3b416c9.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.3.0-23.0.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.3.0.12-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.1.1.4-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:10.0.2.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:9.1.5.3-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.1.0.3-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.14-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.11-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.13-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.7.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.6-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.9.6.4-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.8-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.0.1-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.4.16-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.9-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.0.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.3.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.0.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3.3-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.5-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.12-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.3.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5.58-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.10-1.fm1_15.el7sat",
"version_affected": "!"
"version_affected": "=",
"version_value": "0.10.0"
}
]
}
@ -325,40 +69,11 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/97153"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-2667",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2667"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1436262",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1436262"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Tomas Strachota (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
]
}
}

67
2017/2xxx/CVE-2017-2671.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system."
"value": "The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
"cweId": "CWE-362"
"value": "n/a"
}
]
}
@ -32,42 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-754.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.rt56.617.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-693.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-693.2.1.rt56.585.el6rt",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -115,16 +88,6 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/97407"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-2671",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2671"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1436649",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1436649"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/net/ipv4/ping.c?id=43a6684519ab0a6c52024b5e25322476cabad893",
"refsource": "MISC",
@ -151,23 +114,5 @@
"name": "https://www.exploit-db.com/exploits/42135/"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}
}

37
2017/2xxx/CVE-2017-2673.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Incorrect Authorization",
"value": "CWE-863",
"cweId": "CWE-863"
}
]
@ -32,27 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"product_name": "openstack-keystone",
"version": {
"version_data": [
{
"version_value": "1:10.0.1-3.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
"version": {
"version_data": [
{
"version_value": "1:9.3.0-2.el7ost",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -85,21 +74,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1597"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-2673",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2673"
},
{
"url": "https://bugs.launchpad.net/keystone/+bug/1677723",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/keystone/+bug/1677723"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1439586",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1439586"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2673",
"refsource": "MISC",
@ -107,12 +86,6 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank the Openstack project for reporting this issue. Upstream acknowledges Boris Bobrov (Mail.Ru) as the original reporter."
}
],
"impact": {
"cvss": [
{

91
2017/5xxx/CVE-2017-5525.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-5525",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,37 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170118 Re: CVE request Qemu: audio: memory leakage in ac97 device",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/18/7"
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
"url": "https://security.gentoo.org/glsa/201702-28",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "GLSA-201702-28",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-28"
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=12351a91da97b414eec8cdb09f1d9f41e535a401",
"refsource": "MISC",
"name": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=12351a91da97b414eec8cdb09f1d9f41e535a401"
},
{
"name": "95671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95671"
"url": "http://www.openwall.com/lists/oss-security/2017/01/17/19",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/01/17/19"
},
{
"name": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=12351a91da97b414eec8cdb09f1d9f41e535a401",
"refsource": "CONFIRM",
"url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=12351a91da97b414eec8cdb09f1d9f41e535a401"
"url": "http://www.openwall.com/lists/oss-security/2017/01/18/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/01/18/7"
},
{
"name": "[oss-security] 20170118 CVE request Qemu: audio: memory leakage in ac97 device",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/17/19"
"url": "http://www.securityfocus.com/bid/95671",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/95671"
}
]
}

85
2017/5xxx/CVE-2017-5526.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-5526",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da",
"refsource": "CONFIRM",
"url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da"
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da",
"refsource": "MISC",
"name": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da"
},
{
"name": "[oss-security] 20170118 Re: CVE request Qemu: audio: memory leakage in es1370 device",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/18/8"
"url": "http://www.openwall.com/lists/oss-security/2017/01/18/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/01/18/1"
},
{
"name": "95669",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95669"
"url": "http://www.openwall.com/lists/oss-security/2017/01/18/8",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/01/18/8"
},
{
"name": "[oss-security] 20170118 CVE request Qemu: audio: memory leakage in es1370 device",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/18/1"
"url": "http://www.securityfocus.com/bid/95669",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/95669"
}
]
}

85
2017/5xxx/CVE-2017-5578.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-5578",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=204f01b30975923c64006f8067f0937b91eea68b",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=204f01b30975923c64006f8067f0937b91eea68b"
"url": "https://security.gentoo.org/glsa/201702-28",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "95781",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95781"
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=204f01b30975923c64006f8067f0937b91eea68b",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=204f01b30975923c64006f8067f0937b91eea68b"
},
{
"name": "GLSA-201702-28",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-28"
"url": "http://www.openwall.com/lists/oss-security/2017/01/23/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/01/23/3"
},
{
"name": "[oss-security] 20170123 CVE request Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/23/3"
"url": "http://www.openwall.com/lists/oss-security/2017/01/25/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/01/25/2"
},
{
"name": "[oss-security] 20170125 Re: CVE request Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/25/2"
"url": "http://www.securityfocus.com/bid/95781",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/95781"
}
]
}

134
2017/5xxx/CVE-2017-5579.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2017-5579 Qemu: serial: host memory leakage 16550A UART emulation"
"value": "Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Missing Release of Resource after Effective Lifetime",
"cweId": "CWE-772"
"value": "n/a"
}
]
}
@ -32,82 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 11.0 (Ocata)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-14.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -155,66 +88,11 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/95780"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-5579",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-5579"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416157",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1416157"
},
{
"url": "https://security.gentoo.org/glsa/201702-28",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201702-28"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Li Qiang (360.cn Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
]
}
}

91
2017/5xxx/CVE-2017-5580.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-5580",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,37 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "GLSA-201707-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-06"
"url": "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html",
"refsource": "MISC",
"name": "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html"
},
{
"name": "[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0",
"refsource": "MLIST",
"url": "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html"
"url": "https://security.gentoo.org/glsa/201707-06",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201707-06"
},
{
"name": "https://cgit.freedesktop.org/virglrenderer/commit/src/gallium/auxiliary/tgsi/tgsi_text.c?id=28894a30a17a84529be102b21118e55d6c9f23fa",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/virglrenderer/commit/src/gallium/auxiliary/tgsi/tgsi_text.c?id=28894a30a17a84529be102b21118e55d6c9f23fa"
"url": "http://www.openwall.com/lists/oss-security/2017/01/24/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/01/24/5"
},
{
"name": "95782",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95782"
"url": "http://www.openwall.com/lists/oss-security/2017/01/25/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/01/25/5"
},
{
"name": "[oss-security] 20170124 CVE request Virglrenderer: OOB access while parsing texture instruction",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/24/5"
"url": "http://www.securityfocus.com/bid/95782",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/95782"
},
{
"name": "[oss-security] 20170125 Re: CVE request Virglrenderer: OOB access while parsing texture instruction",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/25/5"
"url": "https://cgit.freedesktop.org/virglrenderer/commit/src/gallium/auxiliary/tgsi/tgsi_text.c?id=28894a30a17a84529be102b21118e55d6c9f23fa",
"refsource": "MISC",
"name": "https://cgit.freedesktop.org/virglrenderer/commit/src/gallium/auxiliary/tgsi/tgsi_text.c?id=28894a30a17a84529be102b21118e55d6c9f23fa"
}
]
}

103
2017/5xxx/CVE-2017-5667.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-5667",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,47 +27,71 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20170130 CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/30/2"
"url": "https://security.gentoo.org/glsa/201702-28",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "GLSA-201702-28",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-28"
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=42922105beb14c2fc58185ea022b9f72fb5465e9",
"refsource": "MISC",
"name": "http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=42922105beb14c2fc58185ea022b9f72fb5465e9"
},
{
"name": "95885",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95885"
"url": "http://www.openwall.com/lists/oss-security/2017/01/30/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/01/30/2"
},
{
"name": "[oss-security] 20170212 Re: Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/12/1"
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/10",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/01/31/10"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1417559",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1417559"
"url": "http://www.openwall.com/lists/oss-security/2017/02/12/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/02/12/1"
},
{
"name": "[oss-security] 20170131 Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/10"
"url": "http://www.securityfocus.com/bid/95885",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/95885"
},
{
"name": "http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=42922105beb14c2fc58185ea022b9f72fb5465e9",
"refsource": "CONFIRM",
"url": "http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=42922105beb14c2fc58185ea022b9f72fb5465e9"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1417559",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1417559"
}
]
}

97
2017/5xxx/CVE-2017-5856.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-5856",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,42 +27,66 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170201 CVE request Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/01/19"
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "95999",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95999"
"url": "https://security.gentoo.org/glsa/201702-28",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=765a707000e838c30b18d712fe6cb3dd8e0435f3",
"refsource": "MISC",
"name": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=765a707000e838c30b18d712fe6cb3dd8e0435f3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1418342",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418342"
"url": "http://www.openwall.com/lists/oss-security/2017/02/01/19",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/02/01/19"
},
{
"name": "GLSA-201702-28",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-28"
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/14",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/02/02/14"
},
{
"name": "[oss-security] 20170202 Re: CVE request Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/14"
"url": "http://www.securityfocus.com/bid/95999",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/95999"
},
{
"name": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=765a707000e838c30b18d712fe6cb3dd8e0435f3",
"refsource": "CONFIRM",
"url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=765a707000e838c30b18d712fe6cb3dd8e0435f3"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418342",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1418342"
}
]
}

91
2017/5xxx/CVE-2017-5857.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-5857",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,37 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1418382",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418382"
"url": "https://security.gentoo.org/glsa/201702-28",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "[oss-security] 20170202 Re: CVE request Qemu: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/16"
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=5e8e3c4c75c199aa1017db816fca02be2a9f8798",
"refsource": "MISC",
"name": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=5e8e3c4c75c199aa1017db816fca02be2a9f8798"
},
{
"name": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=5e8e3c4c75c199aa1017db816fca02be2a9f8798",
"refsource": "CONFIRM",
"url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=5e8e3c4c75c199aa1017db816fca02be2a9f8798"
"url": "http://www.openwall.com/lists/oss-security/2017/02/01/21",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/02/01/21"
},
{
"name": "95993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95993"
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/16",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/02/02/16"
},
{
"name": "GLSA-201702-28",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-28"
"url": "http://www.securityfocus.com/bid/95993",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/95993"
},
{
"name": "[oss-security] 20170201 CVE request Qemu: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/01/21"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418382",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1418382"
}
]
}

41
2017/5xxx/CVE-2017-5884.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was found that gtk-vnc lacked proper bounds checking while processing messages using RRE, hextile, or copyrect encodings. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library."
"value": "gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write",
"cweId": "CWE-787"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:0.7.0-2.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -74,21 +73,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2258"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-5884",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-5884"
},
{
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=778048",
"refsource": "MISC",
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=778048"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418944",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1418944"
},
{
"url": "https://git.gnome.org/browse/gtk-vnc/commit/?id=ea0386933214c9178aaea9f2f85049ea3fa3e14a",
"refsource": "MISC",
@ -100,23 +89,5 @@
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGPQ5MQR6SN4DYTEFACHP2PP5RR26KYK/"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
}
}

55
2018/10xxx/CVE-2018-10841.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in glusterfs which can lead to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes."
"value": "glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Improper Authentication",
"cweId": "CWE-287"
"value": "CWE-288",
"cweId": "CWE-288"
}
]
}
@ -36,45 +36,12 @@
"product": {
"product_data": [
{
"product_name": "Native Client for RHEL 6 for Red Hat Storage",
"product_name": "glusterfs",
"version": {
"version_data": [
{
"version_value": "0:3.8.4-54.11.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Native Client for RHEL 7 for Red Hat Storage",
"version": {
"version_data": [
{
"version_value": "0:3.8.4-54.10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Gluster Storage 3.3 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:3.8.4-54.11.el6rhs",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Gluster Storage 3.3 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:3.8.4-54.10.el7rhgs",
"version_affected": "!"
"version_affected": "=",
"version_value": "all"
}
]
}
@ -97,16 +64,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1955"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-10841",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10841"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1582043",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1582043"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10841",
"refsource": "MISC",

52
2018/10xxx/CVE-2018-10863.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-10863",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An unauthorized attacker may use this flaw to gather sensible information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552",
"cweId": "CWE-552"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "redhat-certification 7"
}
]
@ -30,37 +52,17 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594122",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1594122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594122"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1594122"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-10863",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10863",
"url": "https://access.redhat.com/security/cve/CVE-2018-10863"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An unauthorized attacker may use this flaw to gather sensible information."
"name": "https://access.redhat.com/security/cve/CVE-2018-10863"
}
]
}

22
2018/10xxx/CVE-2018-10872.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in DoS. This CVE-2018-10872 was assigned due to regression of CVE-2018-8897 in Red Hat Enterprise Linux 6.10 GA kernel; no other versions are affected by this CVE."
"value": "A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in DoS. This CVE-2018-10872 was assigned due to regression of CVE-2018-8897 in Red Hat Enterprise Linux 6.10 GA kernel. No other versions are affected by this CVE."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Execution with Unnecessary Privileges",
"value": "CWE-250",
"cweId": "CWE-250"
}
]
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-754.2.1.el6",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -69,16 +69,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2164"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-10872",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10872"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596094",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1596094"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10872",
"refsource": "MISC",

28
2018/10xxx/CVE-2018-10881.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write",
"value": "CWE-787",
"cweId": "CWE-787"
}
]
@ -32,24 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-957.rt56.910.el7",
"version_affected": "!"
},
{
"version_value": "0:4.14.0-115.el7a",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-957.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -97,21 +89,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-10881",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10881"
},
{
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=200015",
"refsource": "MISC",
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=200015"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596828",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1596828"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881",
"refsource": "MISC",

22
2018/10xxx/CVE-2018-10882.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in the fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image."
"value": "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write",
"value": "CWE-787",
"cweId": "CWE-787"
}
]
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "0:4.14.0-115.el7a",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -99,21 +99,11 @@
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3753-2/"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-10882",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10882"
},
{
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=200069",
"refsource": "MISC",
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=200069"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596842",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1596842"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10882",
"refsource": "MISC",

30
2018/10xxx/CVE-2018-10883.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image."
"value": "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write",
"value": "CWE-787",
"cweId": "CWE-787"
}
]
@ -32,24 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-957.rt56.910.el7",
"version_affected": "!"
},
{
"version_value": "0:4.14.0-115.el7a",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-957.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -102,16 +94,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-10883",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10883"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596846",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1596846"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10883",
"refsource": "MISC",

32
2018/10xxx/CVE-2018-10892.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The default OCI Linux spec in oci/defaults{_linux}.go in Docker/Moby, from 1.11 to current, does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling Bluetooth or turning up/down keyboard brightness."
"value": "The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Execution with Unnecessary Privileges",
"value": "CWE-250",
"cweId": "CWE-250"
}
]
@ -32,20 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7 Extras",
"product_name": "docker",
"version": {
"version_data": [
{
"version_value": "0:0.9.2-5.git37a2afe.el7_5",
"version_affected": "!"
},
{
"version_value": "2:1.13.1-74.git6e3bb8e.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -78,16 +74,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2729"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-10892",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10892"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1598581",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1598581"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892",
"refsource": "MISC",
@ -100,12 +86,6 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Antonio Murdaca (Red Hat)."
}
],
"impact": {
"cvss": [
{

56
2018/10xxx/CVE-2018-10893.json
View File

@ -21,7 +21,16 @@
"description": [
{
"lang": "eng",
"value": "Integer Overflow or Wraparound",
"value": "CWE-122",
"cweId": "CWE-122"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-190",
"cweId": "CWE-190"
}
]
@ -36,35 +45,12 @@
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "spice-client",
"version": {
"version_data": [
{
"version_value": "0:0.26-8.el6_10.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:0.3.4-3.el7",
"version_affected": "!"
},
{
"version_value": "0:0.35-4.el7",
"version_affected": "!"
},
{
"version_value": "0:0.14.0-18.el7",
"version_affected": "!"
},
{
"version_value": "0:5.0-15.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -87,16 +73,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0471"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-10893",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10893"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1598234",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1598234"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10893",
"refsource": "MISC",
@ -109,12 +85,6 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Frediano Ziglio (Red Hat)."
}
],
"impact": {
"cvss": [
{

67
2018/10xxx/CVE-2018-10902.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Use After Free",
"value": "CWE-416",
"cweId": "CWE-416"
}
]
@ -32,57 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-754.11.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-957.rt56.910.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-957.el7",
"version_affected": "!"
},
{
"version_value": "0:4.14.0-115.14.1.el7a",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-862.44.2.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-693.46.1.rt56.639.el6rt",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -135,16 +94,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-10902",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10902"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590720",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1590720"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902",
"refsource": "MISC",
@ -202,12 +151,6 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Trend Micro Zero Day Initiative for reporting this issue."
}
],
"impact": {
"cvss": [
{

98
2018/10xxx/CVE-2018-10921.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10921",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ttembed",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,39 +15,72 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
"value": "CWE-20",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "ttembed",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/hisdeedsaredust/ttembed/issues/3",
"refsource": "CONFIRM",
"url": "https://github.com/hisdeedsaredust/ttembed/issues/3"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10921",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10921"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10921",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10921"
"url": "https://github.com/hisdeedsaredust/ttembed/issues/3",
"refsource": "MISC",
"name": "https://github.com/hisdeedsaredust/ttembed/issues/3"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
]
}

98
2018/10xxx/CVE-2018-10922.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10922",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ttembed",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,39 +15,72 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
"value": "CWE-20",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "ttembed",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10922",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10922"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10922",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10922"
},
{
"name": "https://github.com/hisdeedsaredust/ttembed/issues/2",
"refsource": "CONFIRM",
"url": "https://github.com/hisdeedsaredust/ttembed/issues/2"
"url": "https://github.com/hisdeedsaredust/ttembed/issues/2",
"refsource": "MISC",
"name": "https://github.com/hisdeedsaredust/ttembed/issues/2"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

56
2018/10xxx/CVE-2018-10931.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An API-exposure flaw was found in cobbler, where it exported CobblerXMLRPCInterface private functions over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain important privileges within cobbler, as well as upload files to an arbitrary location in the daemon context."
"value": "It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Exposed Dangerous Method or Function",
"value": "CWE-749",
"cweId": "CWE-749"
}
]
@ -32,38 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "The Cobbler Project",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 5.6",
"product_name": "cobbler",
"version": {
"version_data": [
{
"version_value": "0:2.0.7-44.1.el6sat",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Satellite 5.7",
"version": {
"version_data": [
{
"version_value": "0:2.0.7-68.1.el6sat",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Satellite 5.8",
"version": {
"version_data": [
{
"version_value": "0:2.0.7-73.el6sat",
"version_affected": "!"
"version_affected": "=",
"version_value": "2.6.x"
}
]
}
@ -81,16 +59,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2372"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-10931",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10931"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1613861",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1613861"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10931",
"refsource": "MISC",
@ -108,18 +76,6 @@
}
]
},
"work_around": [
{
"lang": "en",
"value": "If SELinux is enabled, it might prevent some locations from accepting uploaded files from the attacker. This prevents some basic attacks allowing remote code execution, although it would not exclude all other possibilities."
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Cedric Buissart (Red Hat)."
}
],
"impact": {
"cvss": [
{

44
2018/10xxx/CVE-2018-10932.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "lldptool can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal."
"value": "lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Output Neutralization for Logs",
"value": "CWE-117",
"cweId": "CWE-117"
}
]
@ -32,27 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Intel",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "lldptool",
"version": {
"version_data": [
{
"version_value": "0:1.0.1-5.git036e314.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:1.0.1-13.git036e314.el8",
"version_affected": "!"
"version_affected": "=",
"version_value": "1.0.1 and older"
}
]
}
@ -65,31 +54,16 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHBA-2019:2339",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2019:2339"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:3673",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:3673"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-10932",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10932"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551623",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1551623"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1614896",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1614896"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10932",
"refsource": "MISC",
@ -102,12 +76,6 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Aaron Conole (Red Hat)."
}
],
"impact": {
"cvss": [
{

298
2018/14xxx/CVE-2018-14623.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs."
"value": "A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulnerable."
}
]
},
@ -21,7 +21,16 @@
"description": [
{
"lang": "eng",
"value": "Generation of Error Message Containing Sensitive Information",
"value": "CWE-89",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-209",
"cweId": "CWE-209"
}
]
@ -32,272 +41,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "The Foreman Project",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 6.3 for RHEL 7",
"product_name": "katello",
"version": {
"version_data": [
{
"version_value": "0:2.1.14-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.34-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:201801241201-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.4-1",
"version_affected": "!"
},
{
"version_value": "1:1.15.6.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.4-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5-15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.5.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5.26-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.2.1.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.16-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:4.0.5-4.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.9-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.0-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.2.1-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.4-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.10-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.6.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.0-1.git.0.b5c2768.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.7-2.git.0.3b416c9.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.3.0-23.0.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.3.0.12-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.1.1.4-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:10.0.2.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:9.1.5.3-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.1.0.3-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.14-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.11-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.13-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.7.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.6-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.9.6.4-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.8-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.0.1-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.4.16-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.9-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.0.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.3.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.0.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3.3-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.5-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.12-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.3.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5.58-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.10-1.fm1_15.el7sat",
"version_affected": "!"
"version_affected": "=",
"version_value": "3.10 and older"
}
]
}
@ -310,26 +63,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2018:0336",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0336"
},
{
"url": "http://www.securityfocus.com/bid/106224",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/106224"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-14623",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-14623"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1623719",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1623719"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623",
"refsource": "MISC",
@ -337,12 +75,6 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Mohamed Tehami for reporting this issue."
}
],
"impact": {
"cvss": [
{

43
2018/14xxx/CVE-2018-14633.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the ISCSI target code in the Linux kernel. The flaw allows an unauthenticated, remote attacker to cause a stack buffer overflow of 17 bytes of the stack. Depending on how the kernel was compiled (e.g. compiler, compile flags, and hardware architecture), the attack may lead to a system crash or access to data exported by an iSCSI target. Privilege escalation cannot be ruled out. The highest threat from this vulnerability is to system availability."
"value": "A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"value": "CWE-121",
"cweId": "CWE-121"
}
]
@ -32,31 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "The Linux Foundation",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-957.1.3.rt56.913.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-957.1.3.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.55.1.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "4.18.x, 4.14.x, 3.10.x"
}
]
}
@ -109,16 +94,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3666"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-14633",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-14633"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1626035",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1626035"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14633",
"refsource": "MISC",
@ -171,12 +146,6 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Vincent Pelletier for reporting this issue."
}
],
"impact": {
"cvss": [
{

140
2018/14xxx/CVE-2018-14642.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-14642",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "undertow",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,74 +15,107 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
"value": "CWE-200",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "undertow",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642"
"url": "https://access.redhat.com/errata/RHSA-2019:0362",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:0362"
},
{
"name": "RHSA-2019:0364",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0364"
"url": "https://access.redhat.com/errata/RHSA-2019:0364",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:0364"
},
{
"name": "RHSA-2019:0362",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0362"
"url": "https://access.redhat.com/errata/RHSA-2019:0365",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:0365"
},
{
"name": "RHSA-2019:0365",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0365"
"url": "https://access.redhat.com/errata/RHSA-2019:0380",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:0380"
},
{
"name": "RHSA-2019:0380",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0380"
"url": "https://access.redhat.com/errata/RHSA-2019:1106",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:1106"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1107",
"url": "https://access.redhat.com/errata/RHSA-2019:1107"
"url": "https://access.redhat.com/errata/RHSA-2019:1107",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:1107"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1108",
"url": "https://access.redhat.com/errata/RHSA-2019:1108"
"url": "https://access.redhat.com/errata/RHSA-2019:1108",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:1108"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1106",
"url": "https://access.redhat.com/errata/RHSA-2019:1106"
"url": "https://access.redhat.com/errata/RHSA-2019:1140",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:1140"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1140",
"url": "https://access.redhat.com/errata/RHSA-2019:1140"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
}

72
2018/1xxx/CVE-2018-1051.json
View File

@ -1,39 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-01-18T00:00:00",
"ID": "CVE-2018-1051",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "resteasy",
"version": {
"version_data": [
{
"version_value": "after 3.0.22"
},
{
"version_value": "after 3.1.2"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -48,18 +21,47 @@
"description": [
{
"lang": "eng",
"value": "CWE-20"
"value": "CWE-20",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "resteasy",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "after 3.0.22"
},
{
"version_affected": "=",
"version_value": "after 3.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1535411",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535411"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535411",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1535411"
}
]
}

49
2018/1xxx/CVE-2018-1063.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing)."
"value": "Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Improper Ownership Management",
"cweId": "CWE-282"
"value": "CWE-59->CWE-282",
"cweId": "CWE-59"
}
]
}
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "SELinux Project",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "policycoreutils",
"version": {
"version_data": [
{
"version_value": "0:2.5-22.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "2.5-11 and newer"
}
]
}
@ -59,46 +59,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0913"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-1063",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-1063"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550122",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1550122"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Remove any symbolic links from /tmp and /var/tmp directories before relabeling the file system."
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Renaud M\u00e9trich (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
]
}
}

49
2018/1xxx/CVE-2018-1071.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2018-1071 zsh: Stack-based buffer overflow in exec.c:hashcmd()"
"value": "zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"value": "CWE-121",
"cweId": "CWE-121"
}
]
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "zsh",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "zsh",
"version": {
"version_data": [
{
"version_value": "0:5.0.2-31.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "5.4.2"
}
]
}
@ -64,16 +64,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3073"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-1071",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-1071"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553531",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1553531"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html",
"refsource": "MISC",
@ -93,30 +83,11 @@
"url": "https://usn.ubuntu.com/3608-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3608-1/"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Richard Maciel Costa (Red Hat)."
}
],
"impact": {
"cvss": [
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553531",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1553531"
}
]
}

58
2018/1xxx/CVE-2018-1092.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/mballoc.c:ext4_process_freed_data() function. An attacker could trick a legitimate user or a privileged attacker could exploit this by mounting a crafted ext4 image to cause a kernel panic."
"value": "The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
"value": "NULL pointer dereference"
}
]
}
@ -32,24 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "Linux kernel through version 4.15",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-957.rt56.910.el7",
"version_affected": "!"
},
{
"version_value": "0:4.14.0-115.el7a",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-957.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "Linux kernel through version 4.15"
}
]
}
@ -102,11 +93,6 @@
"refsource": "MISC",
"name": "https://www.debian.org/security/2018/dsa-4188"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-1092",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-1092"
},
{
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=199179",
"refsource": "MISC",
@ -117,11 +103,6 @@
"refsource": "MISC",
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=199275"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560777",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1560777"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44",
"refsource": "MISC",
@ -166,30 +147,11 @@
"url": "https://www.debian.org/security/2018/dsa-4187",
"refsource": "MISC",
"name": "https://www.debian.org/security/2018/dsa-4187"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Wen Xu for reporting this issue."
}
],
"impact": {
"cvss": [
},
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560777",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1560777"
}
]
}

163
2018/1xxx/CVE-2018-1093.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1093",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux kernel through version 4.15",
"version": {
"version_data": [
{
"version_value": "Linux kernel through version 4.15"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,77 +27,101 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Linux kernel through version 4.15",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Linux kernel through version 4.15"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-3752-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-2/"
},
{
"name": "USN-3676-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3676-1/"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
},
{
"name": "http://openwall.com/lists/oss-security/2018/03/29/1",
"url": "https://usn.ubuntu.com/3754-1/",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2018/03/29/1"
"name": "https://usn.ubuntu.com/3754-1/"
},
{
"name": "USN-3752-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-3/"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
},
{
"name": "[debian-lts-announce] 20180601 [SECURITY] [DLA 1392-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=199181",
"url": "https://usn.ubuntu.com/3752-1/",
"refsource": "MISC",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=199181"
"name": "https://usn.ubuntu.com/3752-1/"
},
{
"name": "DSA-4188",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4188"
},
{
"name": "USN-3754-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3754-1/"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=7dac4a1726a9c64a517d595c40e95e2d0d135f6f",
"url": "https://usn.ubuntu.com/3752-2/",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=7dac4a1726a9c64a517d595c40e95e2d0d135f6f"
"name": "https://usn.ubuntu.com/3752-2/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1560782",
"url": "https://usn.ubuntu.com/3752-3/",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560782"
"name": "https://usn.ubuntu.com/3752-3/"
},
{
"name": "USN-3676-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3676-2/"
"url": "http://openwall.com/lists/oss-security/2018/03/29/1",
"refsource": "MISC",
"name": "http://openwall.com/lists/oss-security/2018/03/29/1"
},
{
"name": "USN-3752-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-1/"
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=199181",
"refsource": "MISC",
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=199181"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=7dac4a1726a9c64a517d595c40e95e2d0d135f6f",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=7dac4a1726a9c64a517d595c40e95e2d0d135f6f"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
},
{
"url": "https://usn.ubuntu.com/3676-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3676-1/"
},
{
"url": "https://usn.ubuntu.com/3676-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3676-2/"
},
{
"url": "https://www.debian.org/security/2018/dsa-4188",
"refsource": "MISC",
"name": "https://www.debian.org/security/2018/dsa-4188"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560782",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1560782"
}
]
}

262
2018/1xxx/CVE-2018-1102.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"value": "CWE-20",
"cweId": "CWE-20"
}
]
@ -32,228 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 3.2",
"product_name": "atomic-openshift",
"version": {
"version_data": [
{
"version_value": "0:3.2.1.34-2.git.3.aad33c3.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 3.3",
"version": {
"version_data": [
{
"version_value": "0:3.3.1.46.39-2.git.3.cc57f5b.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 3.4",
"version": {
"version_data": [
{
"version_value": "0:3.4.1.44.53-1.git.0.d7eb028.el7",
"version_affected": "!"
},
{
"version_value": "0:3.4.168-1.git.0.bb73aad.el7",
"version_affected": "!"
},
{
"version_value": "0:0.12.14-9.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 3.5",
"version": {
"version_data": [
{
"version_value": "0:3.5.5.31.67-1.git.0.0a8cf24.el7",
"version_affected": "!"
},
{
"version_value": "0:3.5.165-1.git.0.475fa67.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 3.6",
"version": {
"version_data": [
{
"version_value": "0:3.6.173.0.113-1.git.0.65fb9fb.el7",
"version_affected": "!"
},
{
"version_value": "0:1.5.3-1.el7",
"version_affected": "!"
},
{
"version_value": "0:0.60.0-1.el7",
"version_affected": "!"
},
{
"version_value": "0:0.13.1-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.9.23-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.1-1.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.9-1.el7",
"version_affected": "!"
},
{
"version_value": "0:5.10.3-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.2.2-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.13.1-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.3.1-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.2.5-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.2018.3-1.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.7.5-1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 3.7",
"version": {
"version_data": [
{
"version_value": "0:1.0.6-1.el7",
"version_affected": "!"
},
{
"version_value": "0:3.7.44-1.git.0.6b061d4.el7",
"version_affected": "!"
},
{
"version_value": "0:1.14.0-1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 3.8",
"version": {
"version_data": [
{
"version_value": "0:3.8.37-1.git.0.e85a326.el7",
"version_affected": "!"
},
{
"version_value": "0:3.8.37-1.git.224.8e15ecf.el7",
"version_affected": "!"
},
{
"version_value": "0:3.8.37-1.git.0.be319af.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 3.9",
"version": {
"version_data": [
{
"version_value": "0:3.9.25-1.git.0.6bc473e.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Enterprise 3.1",
"version": {
"version_data": [
{
"version_value": "0:3.1.1.11-4.git.3.12809c8.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.1.13-1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS",
"version": {
"version_data": [
{
"version_value": "0:1.1.13-1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS",
"version": {
"version_data": [
{
"version_value": "0:1.1.13-1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS",
"version": {
"version_data": [
{
"version_value": "0:1.1.13-1.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "as shipped with Openshift Enterprise 3.x"
}
]
}
@ -316,51 +104,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:0036"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-1102",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-1102"
},
{
"url": "https://access.redhat.com/security/vulnerabilities/3422241",
"refsource": "MISC",
"name": "https://access.redhat.com/security/vulnerabilities/3422241"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.\n\n* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds\n* OpenShift Enterprise 3.8 is not a production version (only for upgrades).\n* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
}
}

201
2018/1xxx/CVE-2018-1111.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol."
"value": "DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"value": "CWE-77",
"cweId": "CWE-77"
}
]
@ -36,160 +36,34 @@
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "dhcp",
"version": {
"version_data": [
{
"version_value": "12:4.1.1-53.P1.el6_9.4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.4 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "12:4.1.1-34.P1.el6_4.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "12:4.1.1-38.P1.el6_5.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.6 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "12:4.1.1-43.P1.el6_6.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.6 Telco Extended Update Support",
"version": {
"version_data": [
{
"version_value": "12:4.1.1-43.P1.el6_6.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.7 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "12:4.1.1-49.P1.el6_7.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "12:4.2.5-68.el7_5.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "12:4.2.5-42.el7_2.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.2 Telco Extended Update Support",
"version": {
"version_data": [
{
"version_value": "12:4.2.5-42.el7_2.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions",
"version": {
"version_data": [
{
"version_value": "12:4.2.5-42.el7_2.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.3 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "12:4.2.5-47.el7_3.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "12:4.2.5-58.el7_4.4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.0.16-0.1.el7ev",
"version_affected": "!"
"version_affected": "=",
"version_value": "Red Hat Enterprise Linux 6"
},
{
"version_value": "0:4.2.0-0.20170814.0.el7",
"version_affected": "!"
},
"version_affected": "=",
"version_value": "Red Hat Enterprise Linux 7"
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "dhcp",
"version": {
"version_data": [
{
"version_value": "0:4.2-3.0.el7",
"version_affected": "!"
},
{
"version_value": "0:4.2-20180508.0",
"version_affected": "!"
},
{
"version_value": "0:4.2-20180504.0",
"version_affected": "!"
"version_affected": "=",
"version_value": "Fedora 28"
}
]
}
@ -262,26 +136,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1524"
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:1525",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1525"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-1111",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-1111"
},
{
"url": "https://access.redhat.com/security/vulnerabilities/3442151",
"refsource": "MISC",
"name": "https://access.redhat.com/security/vulnerabilities/3442151"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567974",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1567974"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1111",
"refsource": "MISC",
@ -324,18 +183,6 @@
}
]
},
"work_around": [
{
"lang": "en",
"value": "Please access https://access.redhat.com/security/vulnerabilities/3442151 for information on how to mitigate this issue."
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue."
}
],
"impact": {
"cvss": [
{

130
2018/1xxx/CVE-2018-1121.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1121",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "procps-ng, procps",
"version": {
"version_data": [
{
"version_value": "up to procps-ng 3.3.15 and newer"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,54 +15,87 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.9/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-367"
"value": "CWE-367",
"cweId": "CWE-367"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "procps-ng, procps",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "up to procps-ng 3.3.15 and newer"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "44806",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44806/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121"
},
{
"name": "104214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104214"
},
{
"name": "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2018/q2/122"
},
{
"name": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt",
"url": "http://seclists.org/oss-sec/2018/q2/122",
"refsource": "MISC",
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
"name": "http://seclists.org/oss-sec/2018/q2/122"
},
{
"url": "http://www.securityfocus.com/bid/104214",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/104214"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121"
},
{
"url": "https://www.exploit-db.com/exploits/44806/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/44806/"
},
{
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt",
"refsource": "MISC",
"name": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
}
]
}

110
2018/1xxx/CVE-2018-1132.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1132",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "opendaylight",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,49 +15,82 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89"
"value": "CWE-89",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "opendaylight",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "44747",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44747/"
"url": "http://www.securityfocus.com/bid/104238",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/104238"
},
{
"name": "104238",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104238"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1132",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1132"
},
{
"name": "https://jira.opendaylight.org/browse/SDNINTRFAC-14",
"refsource": "CONFIRM",
"url": "https://jira.opendaylight.org/browse/SDNINTRFAC-14"
"url": "https://jira.opendaylight.org/browse/SDNINTRFAC-14",
"refsource": "MISC",
"name": "https://jira.opendaylight.org/browse/SDNINTRFAC-14"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1132",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1132"
"url": "https://www.exploit-db.com/exploits/44747/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/44747/"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
]
}