mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-06 18:53:08 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
0867674ce5
commit
22200a76fa
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2008-2927",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955."
|
||||
"value": "CVE-2008-2927 pidgin MSN integer overflow"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,168 +21,250 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Integer Overflow or Wraparound",
|
||||
"cweId": "CWE-190"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 3",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.5.1-2.el3",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 4",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.5.1-2.el4",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.3.1-2.el5_2",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "USN-675-2",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-675-2"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20080703 Re: Re: CVE Request (pidgin)",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2008/07/04/1"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2008:0584",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2008-0584.html"
|
||||
},
|
||||
{
|
||||
"name": "http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c"
|
||||
},
|
||||
{
|
||||
"name": "32861",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/32861"
|
||||
},
|
||||
{
|
||||
"name": "1020451",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id?1020451"
|
||||
},
|
||||
{
|
||||
"name": "30971",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/30971"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:11695",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695"
|
||||
},
|
||||
{
|
||||
"name": "http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c"
|
||||
},
|
||||
{
|
||||
"name": "29956",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/29956"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2008:143",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:143"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:17972",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972"
|
||||
},
|
||||
{
|
||||
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246"
|
||||
},
|
||||
{
|
||||
"name": "https://issues.rpath.com/browse/RPL-2647",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://issues.rpath.com/browse/RPL-2647"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2009:127",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:127"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20080704 Re: Re: CVE Request (pidgin)",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2008/07/03/6"
|
||||
},
|
||||
{
|
||||
"name": "31105",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/31105"
|
||||
},
|
||||
{
|
||||
"name": "http://www.pidgin.im/news/security/?id=25",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.pidgin.im/news/security/?id=25"
|
||||
},
|
||||
{
|
||||
"name": "USN-675-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-675-1"
|
||||
},
|
||||
{
|
||||
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-054",
|
||||
"url": "http://secunia.com/advisories/32859",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-054"
|
||||
"name": "http://secunia.com/advisories/32859"
|
||||
},
|
||||
{
|
||||
"name": "31642",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/31642"
|
||||
"url": "http://www.ubuntu.com/usn/USN-675-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-675-1"
|
||||
},
|
||||
{
|
||||
"name": "32859",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/32859"
|
||||
"url": "http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c",
|
||||
"refsource": "MISC",
|
||||
"name": "http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c"
|
||||
},
|
||||
{
|
||||
"name": "31387",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/31387"
|
||||
"url": "http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c",
|
||||
"refsource": "MISC",
|
||||
"name": "http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c"
|
||||
},
|
||||
{
|
||||
"name": "DSA-1610",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2008/dsa-1610"
|
||||
"url": "http://secunia.com/advisories/30971",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/30971"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=453764",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=453764"
|
||||
"url": "http://secunia.com/advisories/31016",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/31016"
|
||||
},
|
||||
{
|
||||
"name": "31016",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/31016"
|
||||
"url": "http://secunia.com/advisories/31105",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/31105"
|
||||
},
|
||||
{
|
||||
"name": "20080828 ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/495818/100/0/threaded"
|
||||
"url": "http://secunia.com/advisories/31387",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/31387"
|
||||
},
|
||||
{
|
||||
"name": "adium-msnprotocol-code-execution(44774)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44774"
|
||||
"url": "http://secunia.com/advisories/31642",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/31642"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2008-2032",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2008/2032/references"
|
||||
"url": "http://secunia.com/advisories/32861",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/32861"
|
||||
},
|
||||
{
|
||||
"name": "20080625 Pidgin 2.4.1 Vulnerability",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/493682"
|
||||
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246",
|
||||
"refsource": "MISC",
|
||||
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246"
|
||||
},
|
||||
{
|
||||
"name": "20080806 rPSA-2008-0246-1 gaim",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/495165/100/0/threaded"
|
||||
"url": "http://www.debian.org/security/2008/dsa-1610",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.debian.org/security/2008/dsa-1610"
|
||||
},
|
||||
{
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:143",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:143"
|
||||
},
|
||||
{
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:127",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:127"
|
||||
},
|
||||
{
|
||||
"url": "http://www.openwall.com/lists/oss-security/2008/07/03/6",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2008/07/03/6"
|
||||
},
|
||||
{
|
||||
"url": "http://www.openwall.com/lists/oss-security/2008/07/04/1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2008/07/04/1"
|
||||
},
|
||||
{
|
||||
"url": "http://www.pidgin.im/news/security/?id=25",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.pidgin.im/news/security/?id=25"
|
||||
},
|
||||
{
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2008-0584.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.redhat.com/support/errata/RHSA-2008-0584.html"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/archive/1/493682",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/archive/1/493682"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/archive/1/495165/100/0/threaded",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/archive/1/495165/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/archive/1/495818/100/0/threaded",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/archive/1/495818/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/bid/29956",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/29956"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securitytracker.com/id?1020451",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securitytracker.com/id?1020451"
|
||||
},
|
||||
{
|
||||
"url": "http://www.ubuntu.com/usn/USN-675-2",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-675-2"
|
||||
},
|
||||
{
|
||||
"url": "http://www.vupen.com/english/advisories/2008/2032/references",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2008/2032/references"
|
||||
},
|
||||
{
|
||||
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-054",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-054"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2008:0584",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2008:0584"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2008-2927",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2008-2927"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=453764",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=453764"
|
||||
},
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44774",
|
||||
"refsource": "MISC",
|
||||
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44774"
|
||||
},
|
||||
{
|
||||
"url": "https://issues.rpath.com/browse/RPL-2647",
|
||||
"refsource": "MISC",
|
||||
"name": "https://issues.rpath.com/browse/RPL-2647"
|
||||
},
|
||||
{
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695",
|
||||
"refsource": "MISC",
|
||||
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695"
|
||||
},
|
||||
{
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972",
|
||||
"refsource": "MISC",
|
||||
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "SINGLE",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 6,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2008-2956",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** DISPUTED ** Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents. NOTE: this issue has been disputed by the upstream vendor, who states: \"I was never able to identify a scenario under which a problem occurred and the original reporter wasn't able to supply any sort of reproduction details.\""
|
||||
"value": "CVE-2008-2956 pidgin: memory leak in XML parser"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,48 +21,108 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Missing Release of Memory after Effective Lifetime",
|
||||
"cweId": "CWE-401"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a",
|
||||
"version_affected": "="
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "29985",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/29985"
|
||||
},
|
||||
{
|
||||
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246"
|
||||
},
|
||||
{
|
||||
"name": "https://issues.rpath.com/browse/RPL-2647",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://issues.rpath.com/browse/RPL-2647"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20080627 CVE Request (pidgin)",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2008/06/27/3"
|
||||
},
|
||||
{
|
||||
"name": "31387",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/31387"
|
||||
},
|
||||
{
|
||||
"name": "http://crisp.cs.du.edu/?q=ca2007-1",
|
||||
"url": "http://www.securityfocus.com/bid/29985",
|
||||
"refsource": "MISC",
|
||||
"url": "http://crisp.cs.du.edu/?q=ca2007-1"
|
||||
"name": "http://www.securityfocus.com/bid/29985"
|
||||
},
|
||||
{
|
||||
"name": "20080806 rPSA-2008-0246-1 gaim",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/495165/100/0/threaded"
|
||||
"url": "http://crisp.cs.du.edu/?q=ca2007-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://crisp.cs.du.edu/?q=ca2007-1"
|
||||
},
|
||||
{
|
||||
"url": "http://www.openwall.com/lists/oss-security/2008/06/27/3",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2008/06/27/3"
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/31387",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/31387"
|
||||
},
|
||||
{
|
||||
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246",
|
||||
"refsource": "MISC",
|
||||
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/archive/1/495165/100/0/threaded",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/archive/1/495165/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"url": "https://issues.rpath.com/browse/RPL-2647",
|
||||
"refsource": "MISC",
|
||||
"name": "https://issues.rpath.com/browse/RPL-2647"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2008-2956",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2008-2956"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=453739",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=453739"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 4.3,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "NONE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2008-3276",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Integer overflow in the dccp_setsockopt_change function in net/dccp/proto.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers to cause a denial of service (panic) via a crafted integer value, related to Change L and Change R options without at least one byte in the dccpsf_val field."
|
||||
"value": "CVE-2008-3276 Linux kernel dccp_setsockopt_change() integer overflow"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,118 +21,169 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Integer Overflow or Wraparound",
|
||||
"cweId": "CWE-190"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "MRG for RHEL-5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.24.7-81.el5rt",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.18-92.1.18.el5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "32485",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/32485"
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=459226",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459226"
|
||||
"url": "http://secunia.com/advisories/31836",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/31836"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:11506",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11506"
|
||||
"url": "http://secunia.com/advisories/31881",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/31881"
|
||||
},
|
||||
{
|
||||
"name": "32190",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/32190"
|
||||
"url": "http://secunia.com/advisories/32190",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/32190"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20080815 CVE-2008-3276 Linux kernel dccp_setsockopt_change() integer overflow",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2008/08/15/3"
|
||||
"url": "http://secunia.com/advisories/32370",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/32370"
|
||||
},
|
||||
{
|
||||
"name": "32393",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/32393"
|
||||
"url": "http://www.debian.org/security/2008/dsa-1636",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.debian.org/security/2008/dsa-1636"
|
||||
},
|
||||
{
|
||||
"name": "DSA-1636",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2008/dsa-1636"
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2008-0857.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.redhat.com/support/errata/RHSA-2008-0857.html"
|
||||
},
|
||||
{
|
||||
"name": "32237",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/32237"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2008:0857",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2008:0857"
|
||||
},
|
||||
{
|
||||
"name": "30704",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/30704"
|
||||
"url": "http://secunia.com/advisories/32237",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/32237"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2008:0957",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2008-0957.html"
|
||||
"url": "http://secunia.com/advisories/32485",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/32485"
|
||||
},
|
||||
{
|
||||
"name": "31509",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/31509"
|
||||
"url": "http://www.debian.org/security/2008/dsa-1653",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.debian.org/security/2008/dsa-1653"
|
||||
},
|
||||
{
|
||||
"name": "31881",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/31881"
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2008-0957.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.redhat.com/support/errata/RHSA-2008-0957.html"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SA:2008:052",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2008:0957",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2008:0957"
|
||||
},
|
||||
{
|
||||
"name": "USN-659-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/usn-659-1"
|
||||
"url": "http://secunia.com/advisories/32393",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/32393"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2008-2406",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2008/2406"
|
||||
"url": "http://www.ubuntu.com/usn/usn-659-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/usn-659-1"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2008:0857",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2008-0857.html"
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=3e8a0a559c66ee9e7468195691a56fefc3589740",
|
||||
"refsource": "MISC",
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=3e8a0a559c66ee9e7468195691a56fefc3589740"
|
||||
},
|
||||
{
|
||||
"name": "DSA-1653",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2008/dsa-1653"
|
||||
"url": "http://secunia.com/advisories/31509",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/31509"
|
||||
},
|
||||
{
|
||||
"name": "1020705",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id?1020705"
|
||||
"url": "http://www.openwall.com/lists/oss-security/2008/08/15/3",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2008/08/15/3"
|
||||
},
|
||||
{
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=3e8a0a559c66ee9e7468195691a56fefc3589740",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=3e8a0a559c66ee9e7468195691a56fefc3589740"
|
||||
"url": "http://www.securityfocus.com/bid/30704",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/30704"
|
||||
},
|
||||
{
|
||||
"name": "32370",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/32370"
|
||||
"url": "http://www.securitytracker.com/id?1020705",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securitytracker.com/id?1020705"
|
||||
},
|
||||
{
|
||||
"name": "31836",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/31836"
|
||||
"url": "http://www.vupen.com/english/advisories/2008/2406",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2008/2406"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2008-3276",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2008-3276"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459226",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=459226"
|
||||
},
|
||||
{
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11506",
|
||||
"refsource": "MISC",
|
||||
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11506"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2008-3432",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case."
|
||||
"value": "CVE-2008-3432 vim: heap buffer overflow in mch_expand_wildcards()"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,123 +21,169 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Heap-based Buffer Overflow",
|
||||
"cweId": "CWE-122"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 3",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "1:6.3.046-0.30E.11",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 4",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "1:6.3.046-1.el4_7.5z",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
|
||||
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
|
||||
"url": "http://secunia.com/advisories/32222",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/32222"
|
||||
},
|
||||
{
|
||||
"name": "31681",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/31681"
|
||||
"url": "http://support.apple.com/kb/HT3216",
|
||||
"refsource": "MISC",
|
||||
"name": "http://support.apple.com/kb/HT3216"
|
||||
},
|
||||
{
|
||||
"name": "32858",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/32858"
|
||||
"url": "http://www.securityfocus.com/bid/31681",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/31681"
|
||||
},
|
||||
{
|
||||
"name": "33410",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/33410"
|
||||
"url": "http://www.vupen.com/english/advisories/2008/2780",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2008/2780"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
|
||||
"url": "ftp://ftp.vim.org/pub/vim/patches/6.2.429",
|
||||
"refsource": "MISC",
|
||||
"name": "ftp://ftp.vim.org/pub/vim/patches/6.2.429"
|
||||
},
|
||||
{
|
||||
"name": "ftp://ftp.vim.org/pub/vim/patches/6.2.429",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "ftp://ftp.vim.org/pub/vim/patches/6.2.429"
|
||||
"url": "ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059",
|
||||
"refsource": "MISC",
|
||||
"name": "ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059"
|
||||
},
|
||||
{
|
||||
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"
|
||||
"url": "http://secunia.com/advisories/32858",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/32858"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2009-0904",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2009/0904"
|
||||
"url": "http://secunia.com/advisories/33410",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/33410"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2009-0033",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2009/0033"
|
||||
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm",
|
||||
"refsource": "MISC",
|
||||
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:11203",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203"
|
||||
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/4",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2008/07/15/4"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:5987",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987"
|
||||
"url": "http://www.openwall.com/lists/oss-security/2008/08/01/1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2008/08/01/1"
|
||||
},
|
||||
{
|
||||
"name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.redhat.com/support/errata/RHSA-2008-0617.html"
|
||||
},
|
||||
{
|
||||
"name": "32222",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/32222"
|
||||
"url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "vim-mchexpandwildcards-bo(44722)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44722"
|
||||
"url": "http://www.securityfocus.com/bid/30648",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/30648"
|
||||
},
|
||||
{
|
||||
"name": "30648",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/30648"
|
||||
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2008-2780",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2008/2780"
|
||||
"url": "http://www.vupen.com/english/advisories/2009/0033",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2009/0033"
|
||||
},
|
||||
{
|
||||
"name": "ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059"
|
||||
"url": "http://www.vupen.com/english/advisories/2009/0904",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2009/0904"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=455455",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=455455"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2008:0617",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2008:0617"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2008-10-09",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2008-3432",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2008-3432"
|
||||
},
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT3216",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT3216"
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=455455",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=455455"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2008:0617",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html"
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44722",
|
||||
"refsource": "MISC",
|
||||
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44722"
|
||||
},
|
||||
{
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203",
|
||||
"refsource": "MISC",
|
||||
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203"
|
||||
},
|
||||
{
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987",
|
||||
"refsource": "MISC",
|
||||
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2009-2908",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a \"negative dentry\" and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount."
|
||||
"value": "CVE-2009-2908 kernel ecryptfs NULL pointer dereference"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,98 +21,158 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "NULL Pointer Dereference",
|
||||
"cweId": "CWE-476"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.18-164.6.1.el5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "USN-852-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-852-1"
|
||||
},
|
||||
{
|
||||
"name": "38794",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/38794"
|
||||
},
|
||||
{
|
||||
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
|
||||
},
|
||||
{
|
||||
"name": "kernel-ecryptfs-dos(53693)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53693"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:10216",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10216"
|
||||
},
|
||||
{
|
||||
"name": "37075",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/37075"
|
||||
},
|
||||
{
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.31.y.git;a=commit;h=afc2b6932f48f200736d3e36ad66fee0ec733136",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.31.y.git;a=commit;h=afc2b6932f48f200736d3e36ad66fee0ec733136"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=527534",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=527534"
|
||||
},
|
||||
{
|
||||
"name": "https://bugs.launchpad.net/ecryptfs/+bug/387073",
|
||||
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html",
|
||||
"refsource": "MISC",
|
||||
"url": "https://bugs.launchpad.net/ecryptfs/+bug/387073"
|
||||
"name": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2009:1548",
|
||||
"refsource": "REDHAT",
|
||||
"url": "https://rhn.redhat.com/errata/RHSA-2009-1548.html"
|
||||
"url": "http://secunia.com/advisories/38794",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/38794"
|
||||
},
|
||||
{
|
||||
"name": "38834",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/38834"
|
||||
"url": "http://secunia.com/advisories/38834",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/38834"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2009-10525",
|
||||
"refsource": "FEDORA",
|
||||
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00483.html"
|
||||
"url": "http://www.vupen.com/english/advisories/2010/0528",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2010/0528"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:6992",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6992"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2009:1548",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2009:1548"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20091006 Kernel ecryptfs CVE id (CVE-2009-2908)",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2009/10/06/1"
|
||||
"url": "https://rhn.redhat.com/errata/RHSA-2009-1548.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://rhn.redhat.com/errata/RHSA-2009-1548.html"
|
||||
},
|
||||
{
|
||||
"name": "36639",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/36639"
|
||||
"url": "http://secunia.com/advisories/37105",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/37105"
|
||||
},
|
||||
{
|
||||
"name": "37105",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/37105"
|
||||
"url": "http://www.ubuntu.com/usn/USN-852-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-852-1"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2010-0528",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2010/0528"
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.31.y.git%3Ba=commit%3Bh=afc2b6932f48f200736d3e36ad66fee0ec733136",
|
||||
"refsource": "MISC",
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.31.y.git%3Ba=commit%3Bh=afc2b6932f48f200736d3e36ad66fee0ec733136"
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/37075",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/37075"
|
||||
},
|
||||
{
|
||||
"url": "http://www.openwall.com/lists/oss-security/2009/10/06/1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2009/10/06/1"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/bid/36639",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/36639"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2009-2908",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2009-2908"
|
||||
},
|
||||
{
|
||||
"url": "https://bugs.launchpad.net/ecryptfs/+bug/387073",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugs.launchpad.net/ecryptfs/+bug/387073"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=527534",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=527534"
|
||||
},
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53693",
|
||||
"refsource": "MISC",
|
||||
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53693"
|
||||
},
|
||||
{
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10216",
|
||||
"refsource": "MISC",
|
||||
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10216"
|
||||
},
|
||||
{
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6992",
|
||||
"refsource": "MISC",
|
||||
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6992"
|
||||
},
|
||||
{
|
||||
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00483.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00483.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "LOW",
|
||||
"accessVector": "LOCAL",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "COMPLETE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 7.2,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "COMPLETE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "COMPLETE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2009-2909",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Integer signedness error in the ax25_setsockopt function in net/ax25/af_ax25.c in the ax25 subsystem in the Linux kernel before 2.6.31.2 allows local users to cause a denial of service (OOPS) via a crafted optlen value in an SO_BINDTODEVICE operation."
|
||||
"value": "CVE-2009-2909 kernel: ax25 stack overflow"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,73 +21,128 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Stack-based Buffer Overflow",
|
||||
"cweId": "CWE-121"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a",
|
||||
"version_affected": "="
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=528887",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=528887"
|
||||
"url": "http://www.ubuntu.com/usn/usn-864-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/usn-864-1"
|
||||
},
|
||||
{
|
||||
"name": "USN-864-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/usn-864-1"
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
|
||||
},
|
||||
{
|
||||
"name": "37351",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/37351"
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"
|
||||
},
|
||||
{
|
||||
"name": "37075",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/37075"
|
||||
"url": "http://secunia.com/advisories/37351",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/37351"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20091007 More kernel CVE info (CVE-2009-2909)",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://marc.info/?l=oss-security&m=125494119617994&w=2"
|
||||
"url": "http://secunia.com/advisories/37075",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/37075"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SA:2009:056",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"
|
||||
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00483.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00483.html"
|
||||
},
|
||||
{
|
||||
"name": "[linux-kernel] 20091002 [071/136] net ax25: Fix signed comparison in the sockopt handler",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://article.gmane.org/gmane.linux.kernel/896907"
|
||||
"url": "http://article.gmane.org/gmane.linux.kernel/896907",
|
||||
"refsource": "MISC",
|
||||
"name": "http://article.gmane.org/gmane.linux.kernel/896907"
|
||||
},
|
||||
{
|
||||
"name": "36635",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/36635"
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=b7058842c940ad2c08dd829b21e5c92ebe3b8758",
|
||||
"refsource": "MISC",
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=b7058842c940ad2c08dd829b21e5c92ebe3b8758"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2009-10525",
|
||||
"refsource": "FEDORA",
|
||||
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00483.html"
|
||||
"url": "http://marc.info/?l=oss-security&m=125494119617994&w=2",
|
||||
"refsource": "MISC",
|
||||
"name": "http://marc.info/?l=oss-security&m=125494119617994&w=2"
|
||||
},
|
||||
{
|
||||
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.2",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.2"
|
||||
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.2",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.2"
|
||||
},
|
||||
{
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=b7058842c940ad2c08dd829b21e5c92ebe3b8758",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=b7058842c940ad2c08dd829b21e5c92ebe3b8758"
|
||||
"url": "http://www.securityfocus.com/bid/36635",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/36635"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SA:2009:054",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2009-2909",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2009-2909"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=528887",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=528887"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "LOW",
|
||||
"accessVector": "LOCAL",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "COMPLETE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 7.2,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "COMPLETE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "COMPLETE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2009-3546",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information."
|
||||
"value": "CVE-2009-3546 gd: insufficient input validation in _gdGetColors()"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,73 +21,173 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Improper Input Validation",
|
||||
"cweId": "CWE-20"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 3",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:4.3.2-54.ent",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 4",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.0.28-5.4E.el4_8.1",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:4.3.9-3.29",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.0.33-9.4.el5_4.2",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:5.1.6-24.el5_4.5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "MDVSA-2009:285",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:285"
|
||||
"url": "http://marc.info/?l=oss-security&m=125562113503923&w=2",
|
||||
"refsource": "MISC",
|
||||
"name": "http://marc.info/?l=oss-security&m=125562113503923&w=2"
|
||||
},
|
||||
{
|
||||
"name": "37069",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/37069"
|
||||
"url": "http://secunia.com/advisories/37069",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/37069"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2010:0003",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2010-0003.html"
|
||||
"url": "http://secunia.com/advisories/37080",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/37080"
|
||||
},
|
||||
{
|
||||
"name": "37080",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/37080"
|
||||
"url": "http://secunia.com/advisories/38055",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/38055"
|
||||
},
|
||||
{
|
||||
"name": "36712",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/36712"
|
||||
"url": "http://svn.php.net/viewvc?view=revision&revision=289557",
|
||||
"refsource": "MISC",
|
||||
"name": "http://svn.php.net/viewvc?view=revision&revision=289557"
|
||||
},
|
||||
{
|
||||
"name": "38055",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/38055"
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:285",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:285"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2009-2929",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2009/2929"
|
||||
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/5",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2009/11/20/5"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20091015 Re: CVE Request -- PHP 5 - 5.2.11",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://marc.info/?l=oss-security&m=125562113503923&w=2"
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2010-0003.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.redhat.com/support/errata/RHSA-2010-0003.html"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:11199",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11199"
|
||||
"url": "http://www.securityfocus.com/bid/36712",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/36712"
|
||||
},
|
||||
{
|
||||
"name": "http://svn.php.net/viewvc?view=revision&revision=289557",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://svn.php.net/viewvc?view=revision&revision=289557"
|
||||
"url": "http://www.vupen.com/english/advisories/2009/2929",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2009/2929"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/5"
|
||||
"url": "http://www.vupen.com/english/advisories/2009/2930",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2009/2930"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2009-2930",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2009/2930"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2010:0003",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2010:0003"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2010:0040",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2010:0040"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2009-3546",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2009-3546"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=529213",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=529213"
|
||||
},
|
||||
{
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11199",
|
||||
"refsource": "MISC",
|
||||
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11199"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "LOCAL",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 4.4,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2009-3550",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information."
|
||||
"value": "CVE-2009-3550 Wireshark: NULL pointer dereference in the DCERPC over SMB packet disassembly"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,78 +21,165 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "NULL Pointer Dereference",
|
||||
"cweId": "CWE-476"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 3",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.0.11-EL3.6",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 4",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.0.11-1.el4_8.5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.0.11-1.el5_5.5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "36846",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/36846"
|
||||
"url": "http://secunia.com/advisories/37175",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/37175"
|
||||
},
|
||||
{
|
||||
"name": "37477",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/37477"
|
||||
"url": "http://secunia.com/advisories/37409",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/37409"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2009-3061",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2009/3061"
|
||||
"url": "http://www.securityfocus.com/bid/36846",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/36846"
|
||||
},
|
||||
{
|
||||
"name": "http://www.wireshark.org/docs/relnotes/wireshark-1.0.10.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.wireshark.org/docs/relnotes/wireshark-1.0.10.html"
|
||||
"url": "http://www.vupen.com/english/advisories/2009/3061",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2009/3061"
|
||||
},
|
||||
{
|
||||
"name": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html"
|
||||
"url": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html"
|
||||
},
|
||||
{
|
||||
"name": "wireshark-dcerpcnt-dos(54017)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54017"
|
||||
"url": "http://www.wireshark.org/security/wnpa-sec-2009-07.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.wireshark.org/security/wnpa-sec-2009-07.html"
|
||||
},
|
||||
{
|
||||
"name": "37409",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/37409"
|
||||
"url": "http://secunia.com/advisories/37477",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/37477"
|
||||
},
|
||||
{
|
||||
"name": "http://www.wireshark.org/security/wnpa-sec-2009-07.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.wireshark.org/security/wnpa-sec-2009-07.html"
|
||||
"url": "http://www.debian.org/security/2009/dsa-1942",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.debian.org/security/2009/dsa-1942"
|
||||
},
|
||||
{
|
||||
"name": "http://www.wireshark.org/security/wnpa-sec-2009-08.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.wireshark.org/security/wnpa-sec-2009-08.html"
|
||||
"url": "http://www.wireshark.org/docs/relnotes/wireshark-1.0.10.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.wireshark.org/docs/relnotes/wireshark-1.0.10.html"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:6005",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6005"
|
||||
"url": "http://www.wireshark.org/security/wnpa-sec-2009-08.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.wireshark.org/security/wnpa-sec-2009-08.html"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:10103",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10103"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2010:0360",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2010:0360"
|
||||
},
|
||||
{
|
||||
"name": "DSA-1942",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2009/dsa-1942"
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2009-3550",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2009-3550"
|
||||
},
|
||||
{
|
||||
"name": "37175",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/37175"
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=531260",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=531260"
|
||||
},
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54017",
|
||||
"refsource": "MISC",
|
||||
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54017"
|
||||
},
|
||||
{
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10103",
|
||||
"refsource": "MISC",
|
||||
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10103"
|
||||
},
|
||||
{
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6005",
|
||||
"refsource": "MISC",
|
||||
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6005"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "ADJACENT_NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 2.9,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "NONE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2009-3551",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information."
|
||||
"value": "CVE-2009-3551 Wireshark: Off-by-one error in the Samba dissector"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,53 +21,113 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Off-by-one Error",
|
||||
"cweId": "CWE-193"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a",
|
||||
"version_affected": "="
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "36846",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/36846"
|
||||
"url": "http://secunia.com/advisories/37175",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/37175"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:6049",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6049"
|
||||
"url": "http://secunia.com/advisories/37409",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/37409"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2009-3061",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2009/3061"
|
||||
"url": "http://www.securityfocus.com/bid/36846",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/36846"
|
||||
},
|
||||
{
|
||||
"name": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html"
|
||||
"url": "http://www.vupen.com/english/advisories/2009/3061",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2009/3061"
|
||||
},
|
||||
{
|
||||
"name": "wireshark-negprotresponse-dos(54018)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54018"
|
||||
"url": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html"
|
||||
},
|
||||
{
|
||||
"name": "37409",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/37409"
|
||||
"url": "http://www.wireshark.org/security/wnpa-sec-2009-07.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.wireshark.org/security/wnpa-sec-2009-07.html"
|
||||
},
|
||||
{
|
||||
"name": "http://www.wireshark.org/security/wnpa-sec-2009-07.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.wireshark.org/security/wnpa-sec-2009-07.html"
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2009-3551",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2009-3551"
|
||||
},
|
||||
{
|
||||
"name": "37175",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/37175"
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=531265",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=531265"
|
||||
},
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54018",
|
||||
"refsource": "MISC",
|
||||
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54018"
|
||||
},
|
||||
{
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6049",
|
||||
"refsource": "MISC",
|
||||
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6049"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 4.3,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "NONE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2009-3556",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files."
|
||||
"value": "CVE-2009-3556 kernel: qla2xxx NPIV vport management pseudofiles are world writable"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,58 +21,118 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Incorrect Permission Assignment for Critical Resource",
|
||||
"cweId": "CWE-732"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.18-164.11.1.el5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "[oss-security] 20100120 CVE-2009-3556 kernel: qla2xxx NPIV vport management pseudofiles are world writable",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2010/01/20/2"
|
||||
"url": "http://support.avaya.com/css/P8/documents/100073666",
|
||||
"refsource": "MISC",
|
||||
"name": "http://support.avaya.com/css/P8/documents/100073666"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=537177",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=537177"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2010:0046",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2010:0046"
|
||||
},
|
||||
{
|
||||
"name": "http://support.avaya.com/css/P8/documents/100073666",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.avaya.com/css/P8/documents/100073666"
|
||||
"url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:9738",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9738"
|
||||
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
|
||||
},
|
||||
{
|
||||
"name": "kernel-qla2xxx-security-bypass(55809)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55809"
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SA:2010:019",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html"
|
||||
"url": "http://www.openwall.com/lists/oss-security/2010/01/20/2",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2010/01/20/2"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:6744",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6744"
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2009-3556",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2009-3556"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2010:0095",
|
||||
"refsource": "REDHAT",
|
||||
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=537177",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=537177"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2010:0046",
|
||||
"refsource": "REDHAT",
|
||||
"url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55809",
|
||||
"refsource": "MISC",
|
||||
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55809"
|
||||
},
|
||||
{
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6744",
|
||||
"refsource": "MISC",
|
||||
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6744"
|
||||
},
|
||||
{
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9738",
|
||||
"refsource": "MISC",
|
||||
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9738"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "LOW",
|
||||
"accessVector": "LOCAL",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 3.6,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2010-2492",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors."
|
||||
"value": "CVE-2010-2492 kernel: ecryptfs_uid_hash() buffer overflow"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,73 +21,149 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
|
||||
"cweId": "CWE-119"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.18-194.17.1.el5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.32-71.14.1.el6",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "RHSA-2010:0723",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
|
||||
},
|
||||
{
|
||||
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
|
||||
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
|
||||
},
|
||||
{
|
||||
"name": "46397",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/46397"
|
||||
"url": "http://secunia.com/advisories/42890",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/42890"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2010:198",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2011:0007",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2011:0007",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2011:0007"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=611385",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=611385"
|
||||
"url": "http://secunia.com/advisories/46397",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/46397"
|
||||
},
|
||||
{
|
||||
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
|
||||
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a6f80fb7b5986fda663d94079d3bba0937a6b6ff",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a6f80fb7b5986fda663d94079d3bba0937a6b6ff"
|
||||
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
|
||||
},
|
||||
{
|
||||
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:172",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:172"
|
||||
},
|
||||
{
|
||||
"name": "http://support.avaya.com/css/P8/documents/100113326",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.avaya.com/css/P8/documents/100113326"
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a6f80fb7b5986fda663d94079d3bba0937a6b6ff",
|
||||
"refsource": "MISC",
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a6f80fb7b5986fda663d94079d3bba0937a6b6ff"
|
||||
},
|
||||
{
|
||||
"name": "42890",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/42890"
|
||||
"url": "http://support.avaya.com/css/P8/documents/100113326",
|
||||
"refsource": "MISC",
|
||||
"name": "http://support.avaya.com/css/P8/documents/100113326"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2010:172",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:172"
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2010:0723",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2010:0723"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2010-2492",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2010-2492"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=611385",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=611385"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "LOW",
|
||||
"accessVector": "LOCAL",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "COMPLETE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 7.2,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "COMPLETE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "COMPLETE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2010-2544",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter."
|
||||
"value": "CVE-2010-2544 cacti: XSS in utilities.php log file viewer search pattern"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,73 +21,133 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
|
||||
"cweId": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a",
|
||||
"version_affected": "="
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://svn.cacti.net/viewvc/cacti/branches/0.8.7/utilities.php?r1=6025&r2=6024&pathrev=6025",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://svn.cacti.net/viewvc/cacti/branches/0.8.7/utilities.php?r1=6025&r2=6024&pathrev=6025"
|
||||
"url": "http://cacti.net/release_notes_0_8_7g.php",
|
||||
"refsource": "MISC",
|
||||
"name": "http://cacti.net/release_notes_0_8_7g.php"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2010:160",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160"
|
||||
"url": "http://marc.info/?l=oss-security&m=127978954522586&w=2",
|
||||
"refsource": "MISC",
|
||||
"name": "http://marc.info/?l=oss-security&m=127978954522586&w=2"
|
||||
},
|
||||
{
|
||||
"name": "42575",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/42575"
|
||||
"url": "http://marc.info/?l=oss-security&m=128017203704299&w=2",
|
||||
"refsource": "MISC",
|
||||
"name": "http://marc.info/?l=oss-security&m=128017203704299&w=2"
|
||||
},
|
||||
{
|
||||
"name": "41041",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/41041"
|
||||
"url": "http://svn.cacti.net/viewvc?view=rev&revision=6025",
|
||||
"refsource": "MISC",
|
||||
"name": "http://svn.cacti.net/viewvc?view=rev&revision=6025"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20100722 Cacti XSS fixes in 0.8.7g",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://marc.info/?l=oss-security&m=127978954522586&w=2"
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2010:0635",
|
||||
"refsource": "REDHAT",
|
||||
"url": "https://rhn.redhat.com/errata/RHSA-2010-0635.html"
|
||||
"url": "http://secunia.com/advisories/41041",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/41041"
|
||||
},
|
||||
{
|
||||
"name": "http://cacti.net/release_notes_0_8_7g.php",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://cacti.net/release_notes_0_8_7g.php"
|
||||
"url": "http://www.vupen.com/english/advisories/2010/2132",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2010/2132"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20100726 Re: Cacti XSS fixes in 0.8.7g",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://marc.info/?l=oss-security&m=128017203704299&w=2"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2010:0635",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2010:0635"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=459105",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459105"
|
||||
"url": "https://rhn.redhat.com/errata/RHSA-2010-0635.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://rhn.redhat.com/errata/RHSA-2010-0635.html"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2010-2132",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2010/2132"
|
||||
"url": "http://svn.cacti.net/viewvc/cacti/branches/0.8.7/utilities.php?r1=6025&r2=6024&pathrev=6025",
|
||||
"refsource": "MISC",
|
||||
"name": "http://svn.cacti.net/viewvc/cacti/branches/0.8.7/utilities.php?r1=6025&r2=6024&pathrev=6025"
|
||||
},
|
||||
{
|
||||
"name": "http://svn.cacti.net/viewvc?view=rev&revision=6025",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://svn.cacti.net/viewvc?view=rev&revision=6025"
|
||||
"url": "http://www.securityfocus.com/bid/42575",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/42575"
|
||||
},
|
||||
{
|
||||
"name": "cacti-utilities-xss(61226)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61226"
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2010-2544",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2010-2544"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459105",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=459105"
|
||||
},
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61226",
|
||||
"refsource": "MISC",
|
||||
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61226"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 4.3,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2010-2545",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to (2) cdef.php, (3) data_input.php, (4) data_queries.php, (5) data_sources.php, (6) data_templates.php, (7) gprint_presets.php, (8) graph.php, (9) graphs_new.php, (10) graphs.php, (11) graph_templates_inputs.php, (12) graph_templates_items.php, (13) graph_templates.php, (14) graph_view.php, (15) host.php, (16) host_templates.php, (17) lib/functions.php, (18) lib/html_form.php, (19) lib/html_form_template.php, (20) lib/html.php, (21) lib/html_tree.php, (22) lib/rrd.php, (23) rra.php, (24) tree.php, and (25) user_admin.php."
|
||||
"value": "CVE-2010-2545 cacti: XSS via various object names or descriptions"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,83 +21,143 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
|
||||
"cweId": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a",
|
||||
"version_affected": "="
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://svn.cacti.net/viewvc?view=rev&revision=6041",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://svn.cacti.net/viewvc?view=rev&revision=6041"
|
||||
"url": "http://cacti.net/release_notes_0_8_7g.php",
|
||||
"refsource": "MISC",
|
||||
"name": "http://cacti.net/release_notes_0_8_7g.php"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2010:160",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160"
|
||||
"url": "http://marc.info/?l=oss-security&m=127978954522586&w=2",
|
||||
"refsource": "MISC",
|
||||
"name": "http://marc.info/?l=oss-security&m=127978954522586&w=2"
|
||||
},
|
||||
{
|
||||
"name": "42575",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/42575"
|
||||
"url": "http://marc.info/?l=oss-security&m=128017203704299&w=2",
|
||||
"refsource": "MISC",
|
||||
"name": "http://marc.info/?l=oss-security&m=128017203704299&w=2"
|
||||
},
|
||||
{
|
||||
"name": "41041",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/41041"
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20100722 Cacti XSS fixes in 0.8.7g",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://marc.info/?l=oss-security&m=127978954522586&w=2"
|
||||
"url": "http://secunia.com/advisories/41041",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/41041"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2010:0635",
|
||||
"refsource": "REDHAT",
|
||||
"url": "https://rhn.redhat.com/errata/RHSA-2010-0635.html"
|
||||
"url": "http://www.vupen.com/english/advisories/2010/2132",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2010/2132"
|
||||
},
|
||||
{
|
||||
"name": "http://cacti.net/release_notes_0_8_7g.php",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://cacti.net/release_notes_0_8_7g.php"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2010:0635",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2010:0635"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20100726 Re: Cacti XSS fixes in 0.8.7g",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://marc.info/?l=oss-security&m=128017203704299&w=2"
|
||||
"url": "https://rhn.redhat.com/errata/RHSA-2010-0635.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://rhn.redhat.com/errata/RHSA-2010-0635.html"
|
||||
},
|
||||
{
|
||||
"name": "http://svn.cacti.net/viewvc?view=rev&revision=6038",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://svn.cacti.net/viewvc?view=rev&revision=6038"
|
||||
"url": "http://www.securityfocus.com/bid/42575",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/42575"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2010-2132",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2010/2132"
|
||||
"url": "http://svn.cacti.net/viewvc?view=rev&revision=6037",
|
||||
"refsource": "MISC",
|
||||
"name": "http://svn.cacti.net/viewvc?view=rev&revision=6037"
|
||||
},
|
||||
{
|
||||
"name": "http://svn.cacti.net/viewvc?view=rev&revision=6037",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://svn.cacti.net/viewvc?view=rev&revision=6037"
|
||||
"url": "http://svn.cacti.net/viewvc?view=rev&revision=6038",
|
||||
"refsource": "MISC",
|
||||
"name": "http://svn.cacti.net/viewvc?view=rev&revision=6038"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=459229",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459229"
|
||||
"url": "http://svn.cacti.net/viewvc?view=rev&revision=6041",
|
||||
"refsource": "MISC",
|
||||
"name": "http://svn.cacti.net/viewvc?view=rev&revision=6041"
|
||||
},
|
||||
{
|
||||
"name": "http://svn.cacti.net/viewvc?view=rev&revision=6042",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://svn.cacti.net/viewvc?view=rev&revision=6042"
|
||||
"url": "http://svn.cacti.net/viewvc?view=rev&revision=6042",
|
||||
"refsource": "MISC",
|
||||
"name": "http://svn.cacti.net/viewvc?view=rev&revision=6042"
|
||||
},
|
||||
{
|
||||
"name": "cacti-templatesimport-xss(61227)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61227"
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2010-2545",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2010-2545"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459229",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=459229"
|
||||
},
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61227",
|
||||
"refsource": "MISC",
|
||||
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61227"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "LOW",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "SINGLE",
|
||||
"availabilityImpact": "NONE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 4,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2010-2547",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature."
|
||||
"value": "CVE-2010-2547 GnuPG 2: use-after-free when importing certificate with many alternate names"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,103 +21,168 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Use After Free",
|
||||
"cweId": "CWE-416"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.0.10-3.el5_5.1",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "MDVSA-2010:143",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:143"
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2010-1988",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2010/1988"
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SR:2010:020",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html"
|
||||
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html"
|
||||
},
|
||||
{
|
||||
"name": "https://issues.rpath.com/browse/RPL-3229",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://issues.rpath.com/browse/RPL-3229"
|
||||
"url": "http://secunia.com/advisories/38877",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/38877"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2010-1931",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2010/1931"
|
||||
"url": "http://secunia.com/advisories/40718",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/40718"
|
||||
},
|
||||
{
|
||||
"name": "41945",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/41945"
|
||||
"url": "http://secunia.com/advisories/40841",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/40841"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2010-11413",
|
||||
"refsource": "FEDORA",
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044935.html"
|
||||
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462008",
|
||||
"refsource": "MISC",
|
||||
"name": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462008"
|
||||
},
|
||||
{
|
||||
"name": "DSA-2076",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2010/dsa-2076"
|
||||
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076",
|
||||
"refsource": "MISC",
|
||||
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076"
|
||||
},
|
||||
{
|
||||
"name": "1024247",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id?1024247"
|
||||
"url": "http://www.debian.org/security/2010/dsa-2076",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.debian.org/security/2010/dsa-2076"
|
||||
},
|
||||
{
|
||||
"name": "[gnupg-announce] 20100723 [Announce] Security Alert for GnuPG 2.0 - Realloc bug in GPGSM",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html"
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:143",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:143"
|
||||
},
|
||||
{
|
||||
"name": "38877",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/38877"
|
||||
"url": "http://www.securityfocus.com/bid/41945",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/41945"
|
||||
},
|
||||
{
|
||||
"name": "40841",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/40841"
|
||||
"url": "http://www.securitytracker.com/id?1024247",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securitytracker.com/id?1024247"
|
||||
},
|
||||
{
|
||||
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0076"
|
||||
"url": "http://www.vupen.com/english/advisories/2010/1931",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2010/1931"
|
||||
},
|
||||
{
|
||||
"name": "40718",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/40718"
|
||||
"url": "http://www.vupen.com/english/advisories/2010/1950",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2010/1950"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2010-3125",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2010/3125"
|
||||
"url": "http://www.vupen.com/english/advisories/2010/1988",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2010/1988"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2010-1950",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2010/1950"
|
||||
"url": "http://www.vupen.com/english/advisories/2010/2217",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2010/2217"
|
||||
},
|
||||
{
|
||||
"name": "SSA:2010-240-01",
|
||||
"refsource": "SLACKWARE",
|
||||
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462008"
|
||||
"url": "http://www.vupen.com/english/advisories/2010/3125",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2010/3125"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2010-2217",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2010/2217"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2010:0603",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2010:0603"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2010-2547",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2010-2547"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=618156",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=618156"
|
||||
},
|
||||
{
|
||||
"url": "https://issues.rpath.com/browse/RPL-3229",
|
||||
"refsource": "MISC",
|
||||
"name": "https://issues.rpath.com/browse/RPL-3229"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "HIGH",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 5.1,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2011-1167",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value."
|
||||
"value": "CVE-2011-1167 libtiff: heap-based buffer overflow in thunder decoder (ZDI-11-107)"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,203 +21,285 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Heap-based Buffer Overflow",
|
||||
"cweId": "CWE-122"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 4",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:3.6.1-18.el4",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:3.8.2-7.el5_6.7",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:3.9.4-1.el6_0.2",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "ADV-2011-0795",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0795"
|
||||
},
|
||||
{
|
||||
"name": "43974",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/43974"
|
||||
},
|
||||
{
|
||||
"name": "USN-1102-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://ubuntu.com/usn/usn-1102-1"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2011-0845",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0845"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=684939",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=684939"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2011-0860",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0860"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SR:2011:009",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2012-09-19-1",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
|
||||
},
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT5503",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT5503"
|
||||
},
|
||||
{
|
||||
"name": "SSA:2011-098-01",
|
||||
"refsource": "SLACKWARE",
|
||||
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820"
|
||||
},
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT5130",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT5130"
|
||||
},
|
||||
{
|
||||
"name": "43900",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/43900"
|
||||
},
|
||||
{
|
||||
"name": "71256",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://www.osvdb.org/71256"
|
||||
},
|
||||
{
|
||||
"name": "43934",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/43934"
|
||||
},
|
||||
{
|
||||
"name": "46951",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/46951"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2011-3836",
|
||||
"refsource": "FEDORA",
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2011-0905",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0905"
|
||||
},
|
||||
{
|
||||
"name": "DSA-2210",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2011/dsa-2210"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2012-02-01-1",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
|
||||
},
|
||||
{
|
||||
"name": "libtiff-thundercode-decoder-bo(66247)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66247"
|
||||
},
|
||||
{
|
||||
"name": "http://blackberry.com/btsc/KB27244",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://blackberry.com/btsc/KB27244"
|
||||
},
|
||||
{
|
||||
"name": "1025257",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id?1025257"
|
||||
},
|
||||
{
|
||||
"name": "20110321 ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/517101/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2300",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2300"
|
||||
},
|
||||
{
|
||||
"name": "GLSA-201209-02",
|
||||
"refsource": "GENTOO",
|
||||
"url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2011-0930",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0930"
|
||||
},
|
||||
{
|
||||
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-107",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-107"
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
|
||||
},
|
||||
{
|
||||
"name": "44135",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/44135"
|
||||
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2011-0960",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0960"
|
||||
"url": "http://support.apple.com/kb/HT5130",
|
||||
"refsource": "MISC",
|
||||
"name": "http://support.apple.com/kb/HT5130"
|
||||
},
|
||||
{
|
||||
"name": "8165",
|
||||
"refsource": "SREASON",
|
||||
"url": "http://securityreason.com/securityalert/8165"
|
||||
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2011:064",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:064"
|
||||
"url": "http://support.apple.com/kb/HT5281",
|
||||
"refsource": "MISC",
|
||||
"name": "http://support.apple.com/kb/HT5281"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2011-0859",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0859"
|
||||
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
|
||||
},
|
||||
{
|
||||
"name": "44117",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/44117"
|
||||
"url": "http://support.apple.com/kb/HT5503",
|
||||
"refsource": "MISC",
|
||||
"name": "http://support.apple.com/kb/HT5503"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2011:0392",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2011-0392.html"
|
||||
"url": "http://secunia.com/advisories/50726",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/50726"
|
||||
},
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT5281",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT5281"
|
||||
"url": "http://security.gentoo.org/glsa/glsa-201209-02.xml",
|
||||
"refsource": "MISC",
|
||||
"name": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2011-3827",
|
||||
"refsource": "FEDORA",
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html"
|
||||
"url": "http://blackberry.com/btsc/KB27244",
|
||||
"refsource": "MISC",
|
||||
"name": "http://blackberry.com/btsc/KB27244"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2012-05-09-1",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
|
||||
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2300",
|
||||
"refsource": "MISC",
|
||||
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2300"
|
||||
},
|
||||
{
|
||||
"name": "50726",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/50726"
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html"
|
||||
},
|
||||
{
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html"
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/43900",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/43900"
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/43934",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/43934"
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/43974",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/43974"
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/44117",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/44117"
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/44135",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/44135"
|
||||
},
|
||||
{
|
||||
"url": "http://securityreason.com/securityalert/8165",
|
||||
"refsource": "MISC",
|
||||
"name": "http://securityreason.com/securityalert/8165"
|
||||
},
|
||||
{
|
||||
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820",
|
||||
"refsource": "MISC",
|
||||
"name": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820"
|
||||
},
|
||||
{
|
||||
"url": "http://ubuntu.com/usn/usn-1102-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://ubuntu.com/usn/usn-1102-1"
|
||||
},
|
||||
{
|
||||
"url": "http://www.debian.org/security/2011/dsa-2210",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.debian.org/security/2011/dsa-2210"
|
||||
},
|
||||
{
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:064",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:064"
|
||||
},
|
||||
{
|
||||
"url": "http://www.osvdb.org/71256",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.osvdb.org/71256"
|
||||
},
|
||||
{
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2011-0392.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.redhat.com/support/errata/RHSA-2011-0392.html"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/archive/1/517101/100/0/threaded",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/archive/1/517101/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/bid/46951",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/46951"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securitytracker.com/id?1025257",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securitytracker.com/id?1025257"
|
||||
},
|
||||
{
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0795",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2011/0795"
|
||||
},
|
||||
{
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0845",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2011/0845"
|
||||
},
|
||||
{
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0859",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2011/0859"
|
||||
},
|
||||
{
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0860",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2011/0860"
|
||||
},
|
||||
{
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0905",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2011/0905"
|
||||
},
|
||||
{
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0930",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2011/0930"
|
||||
},
|
||||
{
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0960",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2011/0960"
|
||||
},
|
||||
{
|
||||
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-107",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-107"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2011:0392",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2011:0392"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2011-1167",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2011-1167"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=684939",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=684939"
|
||||
},
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66247",
|
||||
"refsource": "MISC",
|
||||
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66247"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 6.8,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2011-1168",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site."
|
||||
"value": "CVE-2011-1168 kdelibs: partially universal XSS in Konqueror error pages"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,103 +21,163 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
|
||||
"cweId": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "6:4.3.4-11.el6_0.2",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "ADV-2011-0990",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0990"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2011:075",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:075"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SR:2011:009",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
|
||||
},
|
||||
{
|
||||
"name": "20110412 Re: [Full-disclosure] Medium severity flaw in Konqueror",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/517433/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "44108",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/44108"
|
||||
},
|
||||
{
|
||||
"name": "47304",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/47304"
|
||||
},
|
||||
{
|
||||
"name": "20110411 Medium severity flaw in Konqueror",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/517432/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "USN-1110-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-1110-1"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2011-0928",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0928"
|
||||
},
|
||||
{
|
||||
"name": "44065",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/44065"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=695398",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=695398"
|
||||
},
|
||||
{
|
||||
"name": "8208",
|
||||
"refsource": "SREASON",
|
||||
"url": "http://securityreason.com/securityalert/8208"
|
||||
},
|
||||
{
|
||||
"name": "konqueror-khtmlparthtmlerror-xss(66697)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66697"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2011-0927",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0927"
|
||||
},
|
||||
{
|
||||
"name": "SSA:2011-101-02",
|
||||
"refsource": "SLACKWARE",
|
||||
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.329727"
|
||||
},
|
||||
{
|
||||
"name": "http://www.kde.org/info/security/advisory-20110411-1.txt",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.kde.org/info/security/advisory-20110411-1.txt"
|
||||
},
|
||||
{
|
||||
"name": "http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc"
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
|
||||
},
|
||||
{
|
||||
"name": "1025322",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1025322"
|
||||
"url": "http://secunia.com/advisories/44108",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/44108"
|
||||
},
|
||||
{
|
||||
"url": "http://www.ubuntu.com/usn/USN-1110-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-1110-1"
|
||||
},
|
||||
{
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0990",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2011/0990"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2011:0464",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2011:0464"
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/44065",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/44065"
|
||||
},
|
||||
{
|
||||
"url": "http://securityreason.com/securityalert/8208",
|
||||
"refsource": "MISC",
|
||||
"name": "http://securityreason.com/securityalert/8208"
|
||||
},
|
||||
{
|
||||
"url": "http://securitytracker.com/id?1025322",
|
||||
"refsource": "MISC",
|
||||
"name": "http://securitytracker.com/id?1025322"
|
||||
},
|
||||
{
|
||||
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.329727",
|
||||
"refsource": "MISC",
|
||||
"name": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.329727"
|
||||
},
|
||||
{
|
||||
"url": "http://www.kde.org/info/security/advisory-20110411-1.txt",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.kde.org/info/security/advisory-20110411-1.txt"
|
||||
},
|
||||
{
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:075",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:075"
|
||||
},
|
||||
{
|
||||
"url": "http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/archive/1/517432/100/0/threaded",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/archive/1/517432/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/archive/1/517433/100/0/threaded",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/archive/1/517433/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/bid/47304",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/47304"
|
||||
},
|
||||
{
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0927",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2011/0927"
|
||||
},
|
||||
{
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0928",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2011/0928"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2011-1168",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2011-1168"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=695398",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=695398"
|
||||
},
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66697",
|
||||
"refsource": "MISC",
|
||||
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66697"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 4.3,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2011-1178",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow."
|
||||
"value": "CVE-2011-1178 Gimp: Integer overflow in the PCX image file plug-in"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,63 +21,139 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Integer Overflow or Wraparound",
|
||||
"cweId": "CWE-190"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 4",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "1:2.0.5-7.0.7.el4.1",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2:2.2.13-2.0.7.el5_6.2",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "GLSA-201209-23",
|
||||
"refsource": "GENTOO",
|
||||
"url": "http://security.gentoo.org/glsa/glsa-201209-23.xml"
|
||||
"url": "http://secunia.com/advisories/50737",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/50737"
|
||||
},
|
||||
{
|
||||
"name": "gimp-pcximage-bo(67787)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67787"
|
||||
"url": "http://security.gentoo.org/glsa/glsa-201209-23.xml",
|
||||
"refsource": "MISC",
|
||||
"name": "http://security.gentoo.org/glsa/glsa-201209-23.xml"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2011:0837",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2011-0837.html"
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2011-0838.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.redhat.com/support/errata/RHSA-2011-0838.html"
|
||||
},
|
||||
{
|
||||
"name": "http://git.gnome.org/browse/gimp/commit/?id=a9671395f6573e90316a9d748588c5435216f6ce",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://git.gnome.org/browse/gimp/commit/?id=a9671395f6573e90316a9d748588c5435216f6ce"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2011:0838",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2011:0838"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2011:0838",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2011-0838.html"
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2011-0837.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.redhat.com/support/errata/RHSA-2011-0837.html"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2011:110",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:110"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2011:0837",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2011:0837"
|
||||
},
|
||||
{
|
||||
"name": "1025586",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1025586"
|
||||
"url": "http://git.gnome.org/browse/gimp/commit/?id=a9671395f6573e90316a9d748588c5435216f6ce",
|
||||
"refsource": "MISC",
|
||||
"name": "http://git.gnome.org/browse/gimp/commit/?id=a9671395f6573e90316a9d748588c5435216f6ce"
|
||||
},
|
||||
{
|
||||
"name": "48057",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/48057"
|
||||
"url": "http://securitytracker.com/id?1025586",
|
||||
"refsource": "MISC",
|
||||
"name": "http://securitytracker.com/id?1025586"
|
||||
},
|
||||
{
|
||||
"name": "50737",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/50737"
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:110",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:110"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=689831",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=689831"
|
||||
"url": "http://www.securityfocus.com/bid/48057",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/48057"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2011-1178",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2011-1178"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=689831",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=689831"
|
||||
},
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67787",
|
||||
"refsource": "MISC",
|
||||
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67787"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 6.8,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2011-1494",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow."
|
||||
"value": "CVE-2011-1494 CVE-2011-1495 kernel: drivers/scsi/mpt2sas: prevent heap overflows"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,73 +21,181 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
|
||||
"cweId": "CWE-119"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.18-238.12.1.el5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.32-131.0.15.el6",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6.0 EUS - Server Only",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.32-71.31.1.el6",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise MRG 2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.33.9-rt31.75.el6rt",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "[linux-kernel] 20110405 [PATCH] drivers/scsi/mpt2sas: prevent heap overflows and unchecked reads",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://lkml.org/lkml/2011/4/5/327"
|
||||
"url": "http://secunia.com/advisories/46397",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/46397"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20110405 CVE request: kernel: two issues in mpt2sas",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://openwall.com/lists/oss-security/2011/04/05/32"
|
||||
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
|
||||
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
|
||||
},
|
||||
{
|
||||
"name": "46397",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/46397"
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=694021",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694021"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2011:1253",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2011:1253"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20110406 Re: CVE request: kernel: two issues in mpt2sas",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://openwall.com/lists/oss-security/2011/04/06/2"
|
||||
"url": "http://downloads.avaya.com/css/P8/documents/100145416",
|
||||
"refsource": "MISC",
|
||||
"name": "http://downloads.avaya.com/css/P8/documents/100145416"
|
||||
},
|
||||
{
|
||||
"name": "https://patchwork.kernel.org/patch/688021/",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://patchwork.kernel.org/patch/688021/"
|
||||
"url": "http://lkml.org/lkml/2011/4/5/327",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lkml.org/lkml/2011/4/5/327"
|
||||
},
|
||||
{
|
||||
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
|
||||
"url": "http://openwall.com/lists/oss-security/2011/04/05/32",
|
||||
"refsource": "MISC",
|
||||
"name": "http://openwall.com/lists/oss-security/2011/04/05/32"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2011:0833",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html"
|
||||
"url": "http://openwall.com/lists/oss-security/2011/04/06/2",
|
||||
"refsource": "MISC",
|
||||
"name": "http://openwall.com/lists/oss-security/2011/04/06/2"
|
||||
},
|
||||
{
|
||||
"name": "http://downloads.avaya.com/css/P8/documents/100145416",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://downloads.avaya.com/css/P8/documents/100145416"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2011-0833.html"
|
||||
},
|
||||
{
|
||||
"name": "47185",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/47185"
|
||||
"url": "http://www.securityfocus.com/bid/47185",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/47185"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SU-2015:0812",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2011:0542",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2011:0542"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2011:0833",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2011:0833"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2011:0883",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2011:0883"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694021",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=694021"
|
||||
},
|
||||
{
|
||||
"url": "https://patchwork.kernel.org/patch/688021/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://patchwork.kernel.org/patch/688021/"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2011-1494",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2011-1494"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "LOW",
|
||||
"accessVector": "LOCAL",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "COMPLETE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 7.2,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "COMPLETE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "COMPLETE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user