admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-12 23:02:06 +00:00
parent 10ef78553f
commit 224736cd14
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
74 changed files with 2628 additions and 4436 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2015/3xxx/CVE-2015-3278.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3278",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,12 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1238326",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238326"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238326",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1238326"
}
]
}

62
2015/3xxx/CVE-2015-3288.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2015-3288 kernel: zero page memory arbitrary modification"
"value": "mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Unchecked Error Condition",
"cweId": "CWE-391"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-327.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -54,11 +53,6 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2015:2152",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2152"
},
{
"url": "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource": "MISC",
@ -79,16 +73,6 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/93591"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-3288",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-3288"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333830",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1333830"
},
{
"url": "https://github.com/torvalds/linux/commit/6b7339f4c31ad69c8e9c0b2859276e22cf72176d",
"refsource": "MISC",
@ -98,37 +82,11 @@
"url": "https://security-tracker.debian.org/tracker/CVE-2015-3288",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2015-3288"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Kirill A. Shutemov (Intel) for reporting this issue."
}
],
"impact": {
"cvss": [
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.2,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333830",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1333830"
}
]
}

139
2015/4xxx/CVE-2015-4037.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-4037",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,77 +27,101 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-2630-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2630-1"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html"
},
{
"name": "SUSE-SU-2015:1152",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html"
},
{
"name": "[oss-security] 20150523 Re: QEMU 2.3.0 tmp vulns CVE request",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/05/23/4"
"url": "http://www.debian.org/security/2015/dsa-3284",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3284"
},
{
"name": "SUSE-SU-2015:1519",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html"
"url": "http://www.debian.org/security/2015/dsa-3285",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3285"
},
{
"name": "FEDORA-2015-9599",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160414.html"
"url": "http://www.ubuntu.com/usn/USN-2630-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2630-1"
},
{
"name": "FEDORA-2015-9601",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160058.html"
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html"
},
{
"name": "[oss-security] 20150516 Re: QEMU 2.3.0 tmp vulns CVE request",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/05/16/5"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160058.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160058.html"
},
{
"name": "DSA-3284",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3284"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160414.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160414.html"
},
{
"name": "1032547",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032547"
"url": "http://www.openwall.com/lists/oss-security/2015/05/13/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/05/13/7"
},
{
"name": "openSUSE-SU-2015:1965",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html"
"url": "http://www.openwall.com/lists/oss-security/2015/05/16/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/05/16/5"
},
{
"name": "74809",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74809"
"url": "http://www.openwall.com/lists/oss-security/2015/05/23/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/05/23/4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1222892",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222892"
"url": "http://www.securityfocus.com/bid/74809",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/74809"
},
{
"name": "[oss-security] 20150513 QEMU 2.3.0 tmp vulns CVE request",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/05/13/7"
"url": "http://www.securitytracker.com/id/1032547",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1032547"
},
{
"name": "DSA-3285",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3285"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222892",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1222892"
}
]
}

145
2015/4xxx/CVE-2015-4167.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-4167",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,82 +27,106 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "DSA-3290",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3290"
"url": "http://www.debian.org/security/2015/dsa-3313",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3313"
},
{
"name": "USN-2631-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2631-1"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1228204",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228204"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html"
},
{
"name": "USN-2632-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2632-1"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html"
},
{
"name": "SUSE-SU-2015:1611",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html"
"url": "http://www.debian.org/security/2015/dsa-3290",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3290"
},
{
"name": "SUSE-SU-2015:1324",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23b133bdc452aa441fcb9b82cbf6dd05cfd342d0",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23b133bdc452aa441fcb9b82cbf6dd05cfd342d0"
},
{
"name": "openSUSE-SU-2015:1382",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1"
},
{
"name": "https://github.com/torvalds/linux/commit/23b133bdc452aa441fcb9b82cbf6dd05cfd342d0",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/23b133bdc452aa441fcb9b82cbf6dd05cfd342d0"
"url": "http://www.openwall.com/lists/oss-security/2015/06/02/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/06/02/6"
},
{
"name": "DSA-3313",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3313"
"url": "http://www.securityfocus.com/bid/74963",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/74963"
},
{
"name": "[oss-security] 20150602 CVE request Linux kernel: fs: udf kernel oops",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/02/6"
"url": "http://www.securitytracker.com/id/1033187",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1033187"
},
{
"name": "74963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74963"
"url": "http://www.ubuntu.com/usn/USN-2631-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2631-1"
},
{
"name": "SUSE-SU-2015:1592",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html"
"url": "http://www.ubuntu.com/usn/USN-2632-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2632-1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23b133bdc452aa441fcb9b82cbf6dd05cfd342d0",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23b133bdc452aa441fcb9b82cbf6dd05cfd342d0"
"url": "https://github.com/torvalds/linux/commit/23b133bdc452aa441fcb9b82cbf6dd05cfd342d0",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/23b133bdc452aa441fcb9b82cbf6dd05cfd342d0"
},
{
"name": "1033187",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033187"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228204",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1228204"
}
]
}

85
2015/4xxx/CVE-2015-4176.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-4176",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150604 Re: Re: CVE request Linux kernel: ns: user namespaces panic",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/04/5"
"url": "http://www.openwall.com/lists/oss-security/2015/06/04/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/06/04/5"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1249442",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249442"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e0c9c0afd2fc958ffa34b697972721d81df8a56f",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e0c9c0afd2fc958ffa34b697972721d81df8a56f"
},
{
"name": "https://github.com/torvalds/linux/commit/e0c9c0afd2fc958ffa34b697972721d81df8a56f",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/e0c9c0afd2fc958ffa34b697972721d81df8a56f"
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.2",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.2"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.2"
"url": "https://github.com/torvalds/linux/commit/e0c9c0afd2fc958ffa34b697972721d81df8a56f",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/e0c9c0afd2fc958ffa34b697972721d81df8a56f"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e0c9c0afd2fc958ffa34b697972721d81df8a56f",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e0c9c0afd2fc958ffa34b697972721d81df8a56f"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249442",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1249442"
}
]
}

97
2015/4xxx/CVE-2015-4177.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-4177",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,42 +27,66 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cd4a40174b71acd021877341684d8bb1dc8ea4ae",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cd4a40174b71acd021877341684d8bb1dc8ea4ae"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cd4a40174b71acd021877341684d8bb1dc8ea4ae",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cd4a40174b71acd021877341684d8bb1dc8ea4ae"
},
{
"name": "[oss-security] 20150529 CVE request Linux kernel: ns: user namespaces panic",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2015/05/29/5"
"url": "http://openwall.com/lists/oss-security/2015/05/29/10",
"refsource": "MISC",
"name": "http://openwall.com/lists/oss-security/2015/05/29/10"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1248486",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248486"
"url": "http://openwall.com/lists/oss-security/2015/05/29/5",
"refsource": "MISC",
"name": "http://openwall.com/lists/oss-security/2015/05/29/5"
},
{
"name": "https://github.com/torvalds/linux/commit/cd4a40174b71acd021877341684d8bb1dc8ea4ae",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/cd4a40174b71acd021877341684d8bb1dc8ea4ae"
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5"
"url": "http://www.openwall.com/lists/oss-security/2015/06/04/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/06/04/5"
},
{
"name": "[oss-security] 20150529 Re: CVE request Linux kernel: ns: user namespaces panic",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2015/05/29/10"
"url": "https://github.com/torvalds/linux/commit/cd4a40174b71acd021877341684d8bb1dc8ea4ae",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/cd4a40174b71acd021877341684d8bb1dc8ea4ae"
},
{
"name": "[oss-security] 20150604 Re: Re: CVE request Linux kernel: ns: user namespaces panic",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/04/5"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248486",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1248486"
}
]
}

97
2015/4xxx/CVE-2015-4178.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-4178",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,42 +27,66 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150529 CVE request Linux kernel: ns: user namespaces panic",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2015/05/29/5"
"url": "http://openwall.com/lists/oss-security/2015/05/29/10",
"refsource": "MISC",
"name": "http://openwall.com/lists/oss-security/2015/05/29/10"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5"
"url": "http://openwall.com/lists/oss-security/2015/05/29/5",
"refsource": "MISC",
"name": "http://openwall.com/lists/oss-security/2015/05/29/5"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1249849",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249849"
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5"
},
{
"name": "[oss-security] 20150529 Re: CVE request Linux kernel: ns: user namespaces panic",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2015/05/29/10"
"url": "http://www.openwall.com/lists/oss-security/2015/06/04/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/06/04/5"
},
{
"name": "[oss-security] 20150604 Re: Re: CVE request Linux kernel: ns: user namespaces panic",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/04/5"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=820f9f147dcce2602eefd9b575bbbd9ea14f0953",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=820f9f147dcce2602eefd9b575bbbd9ea14f0953"
},
{
"name": "https://github.com/torvalds/linux/commit/820f9f147dcce2602eefd9b575bbbd9ea14f0953",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/820f9f147dcce2602eefd9b575bbbd9ea14f0953"
"url": "https://github.com/torvalds/linux/commit/820f9f147dcce2602eefd9b575bbbd9ea14f0953",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/820f9f147dcce2602eefd9b575bbbd9ea14f0953"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=820f9f147dcce2602eefd9b575bbbd9ea14f0953",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=820f9f147dcce2602eefd9b575bbbd9ea14f0953"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249849",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1249849"
}
]
}

77
2015/5xxx/CVE-2015-5156.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow flaw was found in the way the Linux kernel's virtio-net subsystem handled certain fraglists when the GRO (Generic Receive Offload) functionality was enabled in a bridged network configuration. An attacker on the local network could potentially use this flaw to crash the system, or, although unlikely, elevate their privileges on the system."
"value": "The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
"value": "n/a"
}
]
}
@ -32,31 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-642.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-229.20.1.rt56.141.14.el7_1",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-229.20.1.ael7b",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -150,59 +134,14 @@
"name": "http://www.ubuntu.com/usn/USN-2777-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1977",
"url": "https://github.com/torvalds/linux/commit/48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1977"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1978",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1978"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0855",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0855"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5156",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5156"
"name": "https://github.com/torvalds/linux/commit/48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243852",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1243852"
},
{
"url": "https://github.com/torvalds/linux/commit/48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

94
2015/5xxx/CVE-2015-5157.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially (although highly unlikely), escalate their privileges on the system."
"value": "arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Interaction Between Multiple Correctly-Behaving Entities",
"cweId": "CWE-435"
"value": "n/a"
}
]
}
@ -32,42 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-573.26.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-327.10.1.rt56.211.el7_2",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-327.10.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-327.rt56.171.el6rt",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -185,66 +158,11 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/76005"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0185",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0185"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0212",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0212"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0224",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0224"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0715",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0715"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5157",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5157"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1259577",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1259577"
},
{
"url": "https://github.com/torvalds/linux/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0a",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0a"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.2,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}
}

79
2015/5xxx/CVE-2015-5158.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5158",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,27 +27,51 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "76016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76016"
"url": "https://security.gentoo.org/glsa/201510-02",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201510-02"
},
{
"name": "[Qemu-devel] 20150722 [PATCH] scsi: fix buffer overflow in scsi_req_parse_cdb (CVE-2015-5158)",
"refsource": "MLIST",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2015-07/msg04558.html"
"url": "http://www.securityfocus.com/bid/76016",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/76016"
},
{
"name": "GLSA-201510-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201510-02"
"url": "http://www.securitytracker.com/id/1033095",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1033095"
},
{
"name": "1033095",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033095"
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2015-07/msg04558.html",
"refsource": "MISC",
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2015-07/msg04558.html"
}
]
}

91
2015/5xxx/CVE-2015-5166.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5166",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,37 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-15944",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html"
},
{
"name": "FEDORA-2015-14361",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html"
},
{
"name": "FEDORA-2015-15946",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html"
},
{
"name": "76152",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76152"
"url": "http://www.securityfocus.com/bid/76152",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/76152"
},
{
"name": "1033175",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033175"
"url": "http://www.securitytracker.com/id/1033175",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1033175"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-139.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-139.html"
"url": "http://xenbits.xen.org/xsa/advisory-139.html",
"refsource": "MISC",
"name": "http://xenbits.xen.org/xsa/advisory-139.html"
}
]
}

61
2015/5xxx/CVE-2015-5176.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5176",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,12 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1543",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1543.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1543.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1543.html"
}
]
}

85
2015/5xxx/CVE-2015-5177.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5177",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/"
"url": "http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/",
"refsource": "MISC",
"name": "http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/"
},
{
"name": "DSA-3353",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2015/dsa-3353"
"url": "http://www.securityfocus.com/bid/76635",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/76635"
},
{
"name": "1033719",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033719"
"url": "http://www.securitytracker.com/id/1033719",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1033719"
},
{
"name": "76635",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76635"
"url": "https://www.debian.org/security/2015/dsa-3353",
"refsource": "MISC",
"name": "https://www.debian.org/security/2015/dsa-3353"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1251064",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251064"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251064",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1251064"
}
]
}

269
2015/5xxx/CVE-2015-5178.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking)."
"value": "The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
"value": "n/a"
}
]
}
@ -32,222 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.7.17-1.redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:1.0.5-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:5.2.15-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:0.33.16-1.redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-2.Final_redhat_4.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:2.5.10-4.Final_redhat_2.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-4.Final_redhat_4.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-3.Final_redhat_4.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:2.5.10-2.Final_redhat_2.2.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:2.3.8-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:3.2.10-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:7.5.11-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-2.Final_redhat_7.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:4.3.5-4.Final_redhat_3.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:1.0.0-2.SP4_redhat_6.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:1.1.31-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2.7.17-1.redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.5-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:5.2.15-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:0.33.16-1.redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-2.Final_redhat_4.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:2.5.10-4.Final_redhat_2.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-4.Final_redhat_4.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-3.Final_redhat_4.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:2.5.10-2.Final_redhat_2.2.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:2.3.8-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:3.2.10-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:7.5.11-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-2.Final_redhat_7.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:4.3.5-4.Final_redhat_3.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.0-2.SP4_redhat_6.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:1.1.31-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-1.Final_redhat_4.ep6.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2.7.17-1.redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.5-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:5.2.15-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:0.33.16-1.redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-2.Final_redhat_4.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:2.5.10-4.Final_redhat_2.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-4.Final_redhat_4.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-3.Final_redhat_4.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:2.5.10-2.Final_redhat_2.2.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:2.3.8-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:3.2.10-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:7.5.11-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-2.Final_redhat_7.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:4.3.5-4.Final_redhat_3.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.0-2.SP4_redhat_6.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.31-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -290,61 +83,11 @@
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1033859"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1904",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1904"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1905",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1905"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1906",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1906"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1907",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1907"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5178",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5178"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1250552",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1250552"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}
}

79
2015/5xxx/CVE-2015-5186.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5186",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,27 +27,51 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "76840",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76840"
"url": "http://www.openwall.com/lists/oss-security/2015/08/13/9",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/08/13/9"
},
{
"name": "[oss-security] 20150813 Audit: log terminal emulator escape sequences handling CVE-2015-5186",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/13/9"
"url": "http://www.securityfocus.com/bid/76840",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/76840"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1251621",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251621"
"url": "https://people.redhat.com/sgrubb/audit/ChangeLog",
"refsource": "MISC",
"name": "https://people.redhat.com/sgrubb/audit/ChangeLog"
},
{
"name": "https://people.redhat.com/sgrubb/audit/ChangeLog",
"refsource": "CONFIRM",
"url": "https://people.redhat.com/sgrubb/audit/ChangeLog"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251621",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1251621"
}
]
}

61
2015/5xxx/CVE-2015-5187.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5187",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,12 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1252147",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252147"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252147",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1252147"
}
]
}

273
2015/5xxx/CVE-2015-5188.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was discovered that when uploading a file using a multipart/form-data submission to the EAP Web Console, the Console was vulnerable to Cross-Site Request Forgery (CSRF). This meant that an attacker could use the flaw together with a forgery attack to make changes to an authenticated instance."
"value": "Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make arbitrary changes to an instance via vectors involving a file upload using a multipart/form-data submission."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
"value": "n/a"
}
]
}
@ -32,222 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.7.17-1.redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:1.0.5-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:5.2.15-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:0.33.16-1.redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-2.Final_redhat_4.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:2.5.10-4.Final_redhat_2.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-4.Final_redhat_4.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-3.Final_redhat_4.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:2.5.10-2.Final_redhat_2.2.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:2.3.8-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:3.2.10-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:7.5.11-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-2.Final_redhat_7.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:4.3.5-4.Final_redhat_3.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:1.0.0-2.SP4_redhat_6.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:1.1.31-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2.7.17-1.redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.5-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:5.2.15-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:0.33.16-1.redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-2.Final_redhat_4.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:2.5.10-4.Final_redhat_2.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-4.Final_redhat_4.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-3.Final_redhat_4.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:2.5.10-2.Final_redhat_2.2.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:2.3.8-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:3.2.10-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:7.5.11-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-2.Final_redhat_7.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:4.3.5-4.Final_redhat_3.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.0-2.SP4_redhat_6.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:1.1.31-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-1.Final_redhat_4.ep6.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2.7.17-1.redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.5-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:5.2.15-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:0.33.16-1.redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-2.Final_redhat_4.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:2.5.10-4.Final_redhat_2.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-4.Final_redhat_4.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-3.Final_redhat_4.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:2.5.10-2.Final_redhat_2.2.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:2.3.8-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:3.2.10-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:7.5.11-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-2.Final_redhat_7.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:4.3.5-4.Final_redhat_3.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.0-2.SP4_redhat_6.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.31-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -291,64 +84,14 @@
"name": "http://www.securitytracker.com/id/1033859"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1904",
"url": "https://issues.jboss.org/browse/WFCORE-594",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1904"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1905",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1905"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1906",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1906"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1907",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1907"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5188",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5188"
"name": "https://issues.jboss.org/browse/WFCORE-594"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252885",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1252885"
},
{
"url": "https://issues.jboss.org/browse/WFCORE-594",
"refsource": "MISC",
"name": "https://issues.jboss.org/browse/WFCORE-594"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

109
2015/5xxx/CVE-2015-5198.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5198",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,52 +27,76 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-14851",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167469.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170637.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170637.html"
},
{
"name": "76636",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76636"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165546.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165546.html"
},
{
"name": "FEDORA-2015-3ca3f2138b",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170637.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167469.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167469.html"
},
{
"name": "FEDORA-2015-14850",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165546.html"
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00012.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00012.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1253824",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1253824"
"url": "http://lists.x.org/archives/xorg-announce/2015-August/002630.html",
"refsource": "MISC",
"name": "http://lists.x.org/archives/xorg-announce/2015-August/002630.html"
},
{
"name": "USN-2729-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2729-1"
"url": "http://www.debian.org/security/2015/dsa-3355",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3355"
},
{
"name": "openSUSE-SU-2015:1537",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00012.html"
"url": "http://www.securityfocus.com/bid/76636",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/76636"
},
{
"name": "[xorg-announce] 20150831 libvdpau 1.1.1",
"refsource": "MLIST",
"url": "http://lists.x.org/archives/xorg-announce/2015-August/002630.html"
"url": "http://www.ubuntu.com/usn/USN-2729-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2729-1"
},
{
"name": "DSA-3355",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3355"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1253824",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1253824"
}
]
}

21
2015/5xxx/CVE-2015-5216.json
View File

@ -1,12 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5216",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -39,6 +39,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.1.0 before 1.0.1"
}
]
@ -53,19 +54,19 @@
"references": {
"reference_data": [
{
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/8",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/10/27/8",
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/8"
"name": "http://www.openwall.com/lists/oss-security/2015/10/27/8"
},
{
"url": "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1255170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255170"
"name": "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255170",
"refsource": "MISC",
"name": "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16",
"url": "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1255170"
}
]
}

79
2015/5xxx/CVE-2015-5217.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5217",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,27 +27,51 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://pagure.io/ipsilon/826e6339441546f596320f3d73304ab5f7c10de6",
"refsource": "CONFIRM",
"url": "https://pagure.io/ipsilon/826e6339441546f596320f3d73304ab5f7c10de6"
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/8",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/10/27/8"
},
{
"name": "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1",
"refsource": "CONFIRM",
"url": "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1"
"url": "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1",
"refsource": "MISC",
"name": "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1255172",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255172"
"url": "https://pagure.io/ipsilon/826e6339441546f596320f3d73304ab5f7c10de6",
"refsource": "MISC",
"name": "https://pagure.io/ipsilon/826e6339441546f596320f3d73304ab5f7c10de6"
},
{
"name": "[oss-security] 20151027 Multiple CVE info for Ipsilon",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/8"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255172",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1255172"
}
]
}

79
2015/5xxx/CVE-2015-5228.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5228",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,27 +27,51 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150825 CVE-2015-5228 & CVE-2015-5231 in the criu service daemon",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/25/5"
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00030.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00030.html"
},
{
"name": "openSUSE-SU-2015:1593",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00030.html"
"url": "http://www.openwall.com/lists/oss-security/2015/08/25/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/08/25/5"
},
{
"name": "[CRIU] 20150825 Hardening the criu service daemon",
"refsource": "MLIST",
"url": "https://lists.openvz.org/pipermail/criu/2015-August/021847.html"
"url": "https://lists.openvz.org/pipermail/criu/2015-August/021847.html",
"refsource": "MISC",
"name": "https://lists.openvz.org/pipermail/criu/2015-August/021847.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1255782",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255782"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255782",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1255782"
}
]
}

48
2015/5xxx/CVE-2015-5236.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-5236",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-345",
"cweId": "CWE-345"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Unkown"
}
]
@ -30,32 +52,12 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-345"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1256403",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1256403",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1256403"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value."
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1256403"
}
]
}

247
2015/5xxx/CVE-2015-5237.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5237",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,167 +27,191 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/google/protobuf/issues/760",
"refsource": "CONFIRM",
"url": "https://github.com/google/protobuf/issues/760"
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[oss-security] 20150827 CVE-2015-5237: Integer overflow in protobuf serialization (currently minor)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/27/2"
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1256426",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1256426"
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
"url": "http://www.openwall.com/lists/oss-security/2015/08/27/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/08/27/2"
},
{
"refsource": "MLIST",
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
"url": "https://github.com/google/protobuf/issues/760",
"refsource": "MISC",
"name": "https://github.com/google/protobuf/issues/760"
},
{
"refsource": "MLIST",
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
"url": "https://lists.apache.org/thread.html/r00097d0b5b6164ea428554007121d5dc1f88ba2af7b9e977a10572cd%40%3Cdev.hbase.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r00097d0b5b6164ea428554007121d5dc1f88ba2af7b9e977a10572cd%40%3Cdev.hbase.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20200425 [GitHub] [pulsar] guyv opened a new issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.)",
"url": "https://lists.apache.org/thread.html/ra28fed69eef3a71e5fe5daea001d0456b05b102044237330ec5c7c82@%3Ccommits.pulsar.apache.org%3E"
"url": "https://lists.apache.org/thread.html/r00d9ab1fc0f1daf14cd4386564dd84f7889404438d81462c86dfa836%40%3Ccommon-dev.hadoop.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r00d9ab1fc0f1daf14cd4386564dd84f7889404438d81462c86dfa836%40%3Ccommon-dev.hadoop.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20200428 [GitHub] [pulsar] gaoran10 edited a comment on issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.1)",
"url": "https://lists.apache.org/thread.html/r17dc6f394429f6bffb5e4c66555d93c2e9923cbbdc5a93db9a56c1c7@%3Ccommits.pulsar.apache.org%3E"
"url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20200428 [GitHub] [pulsar] gaoran10 commented on issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.1)",
"url": "https://lists.apache.org/thread.html/r42e47994734cd1980ef3e204a40555336e10cc80096927aca2f37d90@%3Ccommits.pulsar.apache.org%3E"
"url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20200428 [GitHub] [pulsar] guyv commented on issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.1)",
"url": "https://lists.apache.org/thread.html/re6d04a214424a97ea59c62190d79316edf311a0a6346524dfef3b940@%3Ccommits.pulsar.apache.org%3E"
"url": "https://lists.apache.org/thread.html/r0ca83171c4898dc92b86fa6f484a7be1dc96206765f4d01dce0f1b28%40%3Ccommon-issues.hadoop.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r0ca83171c4898dc92b86fa6f484a7be1dc96206765f4d01dce0f1b28%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20200428 [GitHub] [pulsar] guyv edited a comment on issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.1)",
"url": "https://lists.apache.org/thread.html/r1263fa5b51e4ec3cb8f09ff40e4747428c71198e9bee93349ec96a3c@%3Ccommits.pulsar.apache.org%3E"
"url": "https://lists.apache.org/thread.html/r1263fa5b51e4ec3cb8f09ff40e4747428c71198e9bee93349ec96a3c%40%3Ccommits.pulsar.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r1263fa5b51e4ec3cb8f09ff40e4747428c71198e9bee93349ec96a3c%40%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20200430 [GitHub] [pulsar] sijie commented on issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.1)",
"url": "https://lists.apache.org/thread.html/r42ef6acfb0d86a2df0c2390702ecbe97d2104a331560f2790d17ca69@%3Ccommits.pulsar.apache.org%3E"
"url": "https://lists.apache.org/thread.html/r14fa8d38d5757254f1a2e112270c996711d514de2e3b01c93d397ab4%40%3Cissues.spark.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r14fa8d38d5757254f1a2e112270c996711d514de2e3b01c93d397ab4%40%3Cissues.spark.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20200506 [GitHub] [pulsar] gaoran10 commented on issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.1)",
"url": "https://lists.apache.org/thread.html/rb71dac1d9dd4e8a8ae3dbc033aeae514eda9be1263c1df3b42a530a2@%3Ccommits.pulsar.apache.org%3E"
"url": "https://lists.apache.org/thread.html/r17dc6f394429f6bffb5e4c66555d93c2e9923cbbdc5a93db9a56c1c7%40%3Ccommits.pulsar.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r17dc6f394429f6bffb5e4c66555d93c2e9923cbbdc5a93db9a56c1c7%40%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20200506 [GitHub] [pulsar] gaoran10 edited a comment on issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.1)",
"url": "https://lists.apache.org/thread.html/r320dc858da88846ba00bb077bcca2cdf75b7dde0f6eb3a3d60dba6a1@%3Ccommits.pulsar.apache.org%3E"
"url": "https://lists.apache.org/thread.html/r1d274d647b3c2060df9be21eade4ce56d3a59998cf19ac72662dd994%40%3Ccommits.pulsar.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r1d274d647b3c2060df9be21eade4ce56d3a59998cf19ac72662dd994%40%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20200506 [GitHub] [pulsar] sijie commented on issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.1)",
"url": "https://lists.apache.org/thread.html/r85c9a764b573c786224688cc906c27e28343e18f5b33387f94cae90f@%3Ccommits.pulsar.apache.org%3E"
"url": "https://lists.apache.org/thread.html/r2ea33ce5591a9cb9ed52750b6ab42ab658f529a7028c3166ba93c7d5%40%3Ccommon-issues.hadoop.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r2ea33ce5591a9cb9ed52750b6ab42ab658f529a7028c3166ba93c7d5%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version",
"url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E"
"url": "https://lists.apache.org/thread.html/r320dc858da88846ba00bb077bcca2cdf75b7dde0f6eb3a3d60dba6a1%40%3Ccommits.pulsar.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r320dc858da88846ba00bb077bcca2cdf75b7dde0f6eb3a3d60dba6a1%40%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version",
"url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E"
"url": "https://lists.apache.org/thread.html/r42e47994734cd1980ef3e204a40555336e10cc80096927aca2f37d90%40%3Ccommits.pulsar.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r42e47994734cd1980ef3e204a40555336e10cc80096927aca2f37d90%40%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20210120 [GitHub] [pulsar] fmiguelez opened a new issue #9250: Protobuf version used in broker and client affected by vulnerability CVE-2015-5237",
"url": "https://lists.apache.org/thread.html/r5e52caf41dc49df55b4ee80758356fe1ff2a88179ff24c685de7c28d@%3Ccommits.pulsar.apache.org%3E"
"url": "https://lists.apache.org/thread.html/r42ef6acfb0d86a2df0c2390702ecbe97d2104a331560f2790d17ca69%40%3Ccommits.pulsar.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r42ef6acfb0d86a2df0c2390702ecbe97d2104a331560f2790d17ca69%40%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20210120 [GitHub] [pulsar] merlimat commented on issue #9250: Protobuf version used in broker and client affected by vulnerability CVE-2015-5237",
"url": "https://lists.apache.org/thread.html/rf7539287c90be979bac94af9aaba34118fbf968864944b4871af48dd@%3Ccommits.pulsar.apache.org%3E"
"url": "https://lists.apache.org/thread.html/r4886108206d4c535db9b20c813fe4723d4fe6a91b9278382af8b9d08%40%3Cissues.spark.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r4886108206d4c535db9b20c813fe4723d4fe6a91b9278382af8b9d08%40%3Cissues.spark.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20210128 [GitHub] [pulsar] codelipenghui closed issue #9250: Protobuf version used in broker and client affected by vulnerability CVE-2015-5237",
"url": "https://lists.apache.org/thread.html/r1d274d647b3c2060df9be21eade4ce56d3a59998cf19ac72662dd994@%3Ccommits.pulsar.apache.org%3E"
"url": "https://lists.apache.org/thread.html/r4ef574a5621b0e670a3ce641e9922543e34f22bf4c9ee9584aa67fcf%40%3Cissues.hbase.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r4ef574a5621b0e670a3ce641e9922543e34f22bf4c9ee9584aa67fcf%40%3Cissues.hbase.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[spark-issues] 20210624 [jira] [Assigned] (SPARK-35877) Spark Protobuf jar has CVE issue CVE-2015-5237",
"url": "https://lists.apache.org/thread.html/rb40dc9d63a5331bce8e80865b7fa3af9dd31e16555affd697b6f3526@%3Cissues.spark.apache.org%3E"
"url": "https://lists.apache.org/thread.html/r5741f4dbdd129dbb9885f5fb170dc1b24a06b9313bedef5e67fded94%40%3Cissues.spark.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r5741f4dbdd129dbb9885f5fb170dc1b24a06b9313bedef5e67fded94%40%3Cissues.spark.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[spark-issues] 20210624 [jira] [Commented] (SPARK-35877) Spark Protobuf jar has CVE issue CVE-2015-5237",
"url": "https://lists.apache.org/thread.html/r4886108206d4c535db9b20c813fe4723d4fe6a91b9278382af8b9d08@%3Cissues.spark.apache.org%3E"
"url": "https://lists.apache.org/thread.html/r5e52caf41dc49df55b4ee80758356fe1ff2a88179ff24c685de7c28d%40%3Ccommits.pulsar.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r5e52caf41dc49df55b4ee80758356fe1ff2a88179ff24c685de7c28d%40%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[spark-issues] 20210624 [jira] [Created] (SPARK-35877) Spark Protobuf jar has CVE issue CVE-2015-5237",
"url": "https://lists.apache.org/thread.html/r5741f4dbdd129dbb9885f5fb170dc1b24a06b9313bedef5e67fded94@%3Cissues.spark.apache.org%3E"
"url": "https://lists.apache.org/thread.html/r764fc66435ee4d185d359c28c0887d3e5866d7292a8d5598d9e7cbc4%40%3Ccommon-issues.hadoop.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r764fc66435ee4d185d359c28c0887d3e5866d7292a8d5598d9e7cbc4%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[spark-issues] 20210720 [jira] [Resolved] (SPARK-35877) Spark Protobuf jar has CVE issue CVE-2015-5237",
"url": "https://lists.apache.org/thread.html/r14fa8d38d5757254f1a2e112270c996711d514de2e3b01c93d397ab4@%3Cissues.spark.apache.org%3E"
"url": "https://lists.apache.org/thread.html/r7fed8dd9bee494094e7011cf3c2ab75bd8754ea314c6734688c42932%40%3Ccommon-issues.hadoop.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r7fed8dd9bee494094e7011cf3c2ab75bd8754ea314c6734688c42932%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[hadoop-common-dev] 20210823 [jira] [Created] (HADOOP-17860) Upgrade third party protobuf-java-2.5.0.jar to address vulnerabilities CVEs #CVE-2015-5237",
"url": "https://lists.apache.org/thread.html/r00d9ab1fc0f1daf14cd4386564dd84f7889404438d81462c86dfa836@%3Ccommon-dev.hadoop.apache.org%3E"
"url": "https://lists.apache.org/thread.html/r85c9a764b573c786224688cc906c27e28343e18f5b33387f94cae90f%40%3Ccommits.pulsar.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r85c9a764b573c786224688cc906c27e28343e18f5b33387f94cae90f%40%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[hadoop-common-issues] 20210823 [jira] [Updated] (HADOOP-17860) Upgrade third party protobuf-java-2.5.0.jar to address vulnerabilities #CVE-2015-5237",
"url": "https://lists.apache.org/thread.html/r764fc66435ee4d185d359c28c0887d3e5866d7292a8d5598d9e7cbc4@%3Ccommon-issues.hadoop.apache.org%3E"
"url": "https://lists.apache.org/thread.html/ra28fed69eef3a71e5fe5daea001d0456b05b102044237330ec5c7c82%40%3Ccommits.pulsar.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/ra28fed69eef3a71e5fe5daea001d0456b05b102044237330ec5c7c82%40%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[hadoop-common-issues] 20210823 [jira] [Created] (HADOOP-17860) Upgrade third party protobuf-java-2.5.0.jar to address vulnerabilities CVEs #CVE-2015-5237",
"url": "https://lists.apache.org/thread.html/r2ea33ce5591a9cb9ed52750b6ab42ab658f529a7028c3166ba93c7d5@%3Ccommon-issues.hadoop.apache.org%3E"
"url": "https://lists.apache.org/thread.html/rb40dc9d63a5331bce8e80865b7fa3af9dd31e16555affd697b6f3526%40%3Cissues.spark.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/rb40dc9d63a5331bce8e80865b7fa3af9dd31e16555affd697b6f3526%40%3Cissues.spark.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[hadoop-common-issues] 20210823 [jira] [Commented] (HADOOP-17860) Upgrade third party protobuf-java-2.5.0.jar to address vulnerabilities #CVE-2015-5237",
"url": "https://lists.apache.org/thread.html/r0ca83171c4898dc92b86fa6f484a7be1dc96206765f4d01dce0f1b28@%3Ccommon-issues.hadoop.apache.org%3E"
"url": "https://lists.apache.org/thread.html/rb71dac1d9dd4e8a8ae3dbc033aeae514eda9be1263c1df3b42a530a2%40%3Ccommits.pulsar.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/rb71dac1d9dd4e8a8ae3dbc033aeae514eda9be1263c1df3b42a530a2%40%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[hbase-issues] 20210828 [jira] [Commented] (HBASE-26234) Protobuf-java-2.5.0.jar Has Several Security Vulnerabilities,CVE-2015-5237,CVE-2019-15544",
"url": "https://lists.apache.org/thread.html/r4ef574a5621b0e670a3ce641e9922543e34f22bf4c9ee9584aa67fcf@%3Cissues.hbase.apache.org%3E"
"url": "https://lists.apache.org/thread.html/rd64381fb8f92d640c1975dc50dcdf1b8512e02a2a7b20292d3565cae%40%3Cissues.hbase.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/rd64381fb8f92d640c1975dc50dcdf1b8512e02a2a7b20292d3565cae%40%3Cissues.hbase.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[hbase-dev] 20210828 [jira] [Created] (HBASE-26234) Protobuf-java-2.5.0.jar Has Several Security Vulnerabilities,CVE-2015-5237,CVE-2019-15544",
"url": "https://lists.apache.org/thread.html/r00097d0b5b6164ea428554007121d5dc1f88ba2af7b9e977a10572cd@%3Cdev.hbase.apache.org%3E"
"url": "https://lists.apache.org/thread.html/re6d04a214424a97ea59c62190d79316edf311a0a6346524dfef3b940%40%3Ccommits.pulsar.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/re6d04a214424a97ea59c62190d79316edf311a0a6346524dfef3b940%40%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[hbase-issues] 20210828 [jira] [Created] (HBASE-26234) Protobuf-java-2.5.0.jar Has Several Security Vulnerabilities,CVE-2015-5237,CVE-2019-15544",
"url": "https://lists.apache.org/thread.html/rd64381fb8f92d640c1975dc50dcdf1b8512e02a2a7b20292d3565cae@%3Cissues.hbase.apache.org%3E"
"url": "https://lists.apache.org/thread.html/rf7539287c90be979bac94af9aaba34118fbf968864944b4871af48dd%40%3Ccommits.pulsar.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/rf7539287c90be979bac94af9aaba34118fbf968864944b4871af48dd%40%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[hadoop-common-issues] 20210902 [jira] [Updated] (HADOOP-17860) Upgrade third party protobuf-java-2.5.0.jar to address vulnerabilities #CVE-2015-5237, CVE-2019-15544",
"url": "https://lists.apache.org/thread.html/r7fed8dd9bee494094e7011cf3c2ab75bd8754ea314c6734688c42932@%3Ccommon-issues.hadoop.apache.org%3E"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1256426",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1256426"
}
]
}

67
2015/5xxx/CVE-2015-5246.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5246",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,17 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://projects.theforeman.org/issues/11471",
"refsource": "CONFIRM",
"url": "http://projects.theforeman.org/issues/11471"
"url": "http://projects.theforeman.org/issues/11471",
"refsource": "MISC",
"name": "http://projects.theforeman.org/issues/11471"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1258700",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1258700"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1258700",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1258700"
}
]
}

97
2016/7xxx/CVE-2016-7423.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7423",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,42 +27,66 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "GLSA-201611-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-11"
"url": "https://security.gentoo.org/glsa/201611-11",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1376776",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376776"
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5"
},
{
"name": "92997",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92997"
"url": "http://www.openwall.com/lists/oss-security/2016/09/16/11",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/09/16/11"
},
{
"name": "[qemu-devel] 20160915 [PULL 03/17] scsi: mptsas: use g_new0 to allocate MPTSASRequest object",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03604.html"
"url": "http://www.openwall.com/lists/oss-security/2016/09/16/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/09/16/5"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5"
"url": "http://www.securityfocus.com/bid/92997",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92997"
},
{
"name": "[oss-security] 20160916 Re: CVE request Qemu: scsi: mptsas: OOB access when freeing MPTSASRequest object",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/16/11"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03604.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03604.html"
},
{
"name": "[oss-security] 20160916 CVE request Qemu: scsi: mptsas: OOB access when freeing MPTSASRequest object",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/16/5"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376776",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1376776"
}
]
}

91
2016/7xxx/CVE-2016-7994.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7994",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,37 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "93453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93453"
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "GLSA-201611-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-11"
"url": "https://security.gentoo.org/glsa/201611-11",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20161007 CVE request Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/07/2"
"url": "http://www.openwall.com/lists/oss-security/2016/10/07/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/10/07/2"
},
{
"name": "openSUSE-SU-2016:3237",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/10/08/3"
},
{
"name": "[qemu-devel] 20160919 Re: [PATCH] virtio-gpu: fix memory leak in virtio_gpu_resource_create_2d",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04083.html"
"url": "http://www.securityfocus.com/bid/93453",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/93453"
},
{
"name": "[oss-security] 20161008 Re: CVE request Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/3"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04083.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04083.html"
}
]
}

91
2016/7xxx/CVE-2016-7995.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7995",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,37 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[qemu-devel] 20160926 Re: [PATCH] usb: ehci: fix memory leak in ehci_process_itd",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg06609.html"
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "openSUSE-SU-2016:3237",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=b16c129daf0fed91febbb88de23dae8271c8898a",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=b16c129daf0fed91febbb88de23dae8271c8898a"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=b16c129daf0fed91febbb88de23dae8271c8898a",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=b16c129daf0fed91febbb88de23dae8271c8898a"
"url": "http://www.openwall.com/lists/oss-security/2016/10/07/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/10/07/3"
},
{
"name": "[oss-security] 20161007 CVE request Qemu: usb: hcd-ehci: memory leak in ehci_process_itd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/07/3"
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/10/08/4"
},
{
"name": "[oss-security] 20161008 Re: CVE request Qemu: usb: hcd-ehci: memory leak in ehci_process_itd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/4"
"url": "http://www.securityfocus.com/bid/93454",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/93454"
},
{
"name": "93454",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93454"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg06609.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg06609.html"
}
]
}

310
2016/8xxx/CVE-2016-8613.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2016-8613 foreman: Stored XSS vulnerability in remote execution plugin"
"value": "A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. The output of the job is stored, making this a stored XSS vulnerability."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"value": "CWE-79",
"cweId": "CWE-79"
}
]
@ -32,272 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "The Foreman Project",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 6.3 for RHEL 7",
"product_name": "foreman",
"version": {
"version_data": [
{
"version_value": "0:2.1.14-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.34-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:201801241201-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.4-1",
"version_affected": "!"
},
{
"version_value": "1:1.15.6.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.4-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5-15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.5.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5.26-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.2.1.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.16-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:4.0.5-4.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.9-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.0-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.2.1-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.4-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.10-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.6.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.0-1.git.0.b5c2768.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.7-2.git.0.3b416c9.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.3.0-23.0.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.3.0.12-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.1.1.4-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:10.0.2.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:9.1.5.3-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.1.0.3-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.14-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.11-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.13-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.7.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.6-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.9.6.4-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.8-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.0.1-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.4.16-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.9-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.0.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.3.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.0.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3.3-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.5-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.12-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.3.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5.58-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.10-1.fm1_15.el7sat",
"version_affected": "!"
"version_affected": "=",
"version_value": "1.5.1"
}
]
}
@ -310,26 +54,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2018:0336",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0336"
},
{
"url": "http://www.securityfocus.com/bid/93859",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/93859"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-8613",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8613"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1387232",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1387232"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8613",
"refsource": "MISC",
@ -347,35 +76,8 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Sanket Jagtap (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",

95
2016/8xxx/CVE-2016-8633.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability due to a lack of input filtering of incoming fragmented datagrams was found in the IP-over-1394 driver [firewire-net] in a fragment handling code in the Linux kernel. The vulnerability exists since firewire supported IPv4, i.e. since version 2.6.31 (year 2009) till version v4.9-rc4. A maliciously formed fragment with a respectively large datagram offset would cause a memcpy() past the datagram buffer, which would cause a system panic or possible arbitrary code execution. The flaw requires [firewire-net] module to be loaded and is remotely exploitable from connected firewire devices, but not over a local network."
"value": "drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write",
"cweId": "CWE-787"
"value": "n/a"
}
]
}
@ -32,42 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-862.rt56.804.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-862.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.47.2.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-693.47.2.rt56.641.el6rt",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -120,16 +93,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:1190"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-8633",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8633"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391490",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1391490"
},
{
"url": "https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/",
"refsource": "MISC",
@ -139,51 +102,11 @@
"url": "https://github.com/torvalds/linux/commit/667121ace9dbafb368618dbabcf07901c962ddac",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/667121ace9dbafb368618dbabcf07901c962ddac"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Eyal Itkin for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391490",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1391490"
}
]
}

310
2016/8xxx/CVE-2016-8634.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2016-8634 foreman: Stored XSS in org/loc wizard"
"value": "A vulnerability was found in foreman 1.14.0. When creating an organization or location in Foreman, if the name contains HTML then the second step of the wizard (/organizations/id/step2) will render the HTML. This occurs in the alertbox on the page. The result is a stored XSS attack if an organization/location with HTML in the name is created, then a user is linked directly to this URL."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"value": "CWE-79",
"cweId": "CWE-79"
}
]
@ -32,272 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "The Foreman Project",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 6.3 for RHEL 7",
"product_name": "foreman",
"version": {
"version_data": [
{
"version_value": "0:2.1.14-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.34-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:201801241201-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.4-1",
"version_affected": "!"
},
{
"version_value": "1:1.15.6.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.4-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5-15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.5.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5.26-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.2.1.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.16-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:4.0.5-4.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.9-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.0-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.2.1-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.4-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.10-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.6.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.0-1.git.0.b5c2768.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.7-2.git.0.3b416c9.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.3.0-23.0.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.3.0.12-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.1.1.4-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:10.0.2.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:9.1.5.3-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.1.0.3-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.14-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.11-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.13-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.7.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.6-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.9.6.4-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.8-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.0.1-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.4.16-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.9-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.0.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.3.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.0.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3.3-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.5-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.12-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.3.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5.58-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.10-1.fm1_15.el7sat",
"version_affected": "!"
"version_affected": "=",
"version_value": "1.14.0"
}
]
}
@ -310,26 +54,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2018:0336",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0336"
},
{
"url": "http://www.securityfocus.com/bid/94206",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94206"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-8634",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8634"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391520",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1391520"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8634",
"refsource": "MISC",
@ -342,35 +71,8 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Sanket Jagtap (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",

116
2016/8xxx/CVE-2016-8635.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8635",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nss",
"version": {
"version_data": [
{
"version_value": "3.21.x"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,55 +15,82 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
[
{
"vectorString": "4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-358"
"value": "CWE-358",
"cweId": "CWE-358"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "nss",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.21.x"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
},
{
"name": "RHSA-2016:2779",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
"url": "http://www.securityfocus.com/bid/94346",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94346"
},
{
"name": "GLSA-201701-46",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-46"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635"
},
{
"name": "94346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94346"
"url": "https://security.gentoo.org/glsa/201701-46",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201701-46"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
}

67
2016/8xxx/CVE-2016-8643.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8643",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moodle 2.x and 3.x",
"version": {
"version_data": [
{
"version_value": "Moodle 2.x and 3.x"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,17 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Moodle 2.x and 3.x",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Moodle 2.x and 3.x"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "94457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94457"
"url": "http://www.securityfocus.com/bid/94457",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94457"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=343276",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=343276"
"url": "https://moodle.org/mod/forum/discuss.php?d=343276",
"refsource": "MISC",
"name": "https://moodle.org/mod/forum/discuss.php?d=343276"
}
]
}

67
2016/8xxx/CVE-2016-8644.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8644",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moodle 2.x and 3.x",
"version": {
"version_data": [
{
"version_value": "Moodle 2.x and 3.x"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,17 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Moodle 2.x and 3.x",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Moodle 2.x and 3.x"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://moodle.org/mod/forum/discuss.php?d=343277",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=343277"
"url": "http://www.securityfocus.com/bid/94458",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94458"
},
{
"name": "94458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94458"
"url": "https://moodle.org/mod/forum/discuss.php?d=343277",
"refsource": "MISC",
"name": "https://moodle.org/mod/forum/discuss.php?d=343277"
}
]
}

82
2016/8xxx/CVE-2016-8645.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the Linux kernel since 3.6-rc1 with 'net.ipv4.tcp_fastopen' set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash."
"value": "The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Reachable Assertion",
"cweId": "CWE-617"
"value": "n/a"
}
]
}
@ -32,31 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.rt56.617.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-693.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-693.2.1.rt56.585.el6rt",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -115,64 +99,14 @@
"name": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-8645",
"url": "https://github.com/torvalds/linux/commit/ac6e780070e30e4c35bd395acfe9191e6268bdd3",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8645"
"name": "https://github.com/torvalds/linux/commit/ac6e780070e30e4c35bd395acfe9191e6268bdd3"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393904",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1393904"
},
{
"url": "https://github.com/torvalds/linux/commit/ac6e780070e30e4c35bd395acfe9191e6268bdd3",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/ac6e780070e30e4c35bd395acfe9191e6268bdd3"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Marco Grassi for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

104
2016/8xxx/CVE-2016-8653.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8653",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fuse",
"version": {
"version_data": [
{
"version_value": "6"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,45 +15,72 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
[
{
"vectorString": "5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502"
"value": "CWE-502",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Fuse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8653",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8653"
"url": "http://www.securityfocus.com/bid/94544",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94544"
},
{
"name": "94544",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94544"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8653",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8653"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
}

99
2016/8xxx/CVE-2016-8655.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system."
"value": "Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Use After Free",
"cweId": "CWE-416"
"value": "n/a"
}
]
}
@ -32,31 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.10.2.rt56.435.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-514.10.2.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-514.rt56.215.el6rt",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -79,16 +63,6 @@
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0387.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0386",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0386"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0387",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0387"
},
{
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c",
"refsource": "MISC",
@ -224,21 +198,6 @@
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3152-2"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0402",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0402"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-8655",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8655"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400019",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1400019"
},
{
"url": "https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c",
"refsource": "MISC",
@ -258,51 +217,11 @@
"url": "https://www.exploit-db.com/exploits/44696/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/44696/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Philip Pettersson for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400019",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1400019"
}
]
}

97
2016/9xxx/CVE-2016-9103.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9103",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,42 +27,66 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[qemu-devel] 20161010 Re: [PATCH 1/2] 9pfs: fix information leak in xattr read",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01790.html"
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "GLSA-201611-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-11"
"url": "https://security.gentoo.org/glsa/201611-11",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20161030 Re: CVE request Qemu: 9pfs: information leakage via xattribute",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/30/7"
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eb687602853b4ae656e9236ee4222609f3a6887d",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eb687602853b4ae656e9236ee4222609f3a6887d"
},
{
"name": "[oss-security] 20161028 CVE request Qemu: 9pfs: information leakage via xattribute",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/28/1"
"url": "http://www.openwall.com/lists/oss-security/2016/10/28/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/10/28/1"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=eb687602853b4ae656e9236ee4222609f3a6887d",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=eb687602853b4ae656e9236ee4222609f3a6887d"
"url": "http://www.openwall.com/lists/oss-security/2016/10/30/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/10/30/7"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
"url": "http://www.securityfocus.com/bid/93955",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/93955"
},
{
"name": "93955",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93955"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01790.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01790.html"
}
]
}

97
2016/9xxx/CVE-2016-9104.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9104",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,42 +27,66 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "93956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93956"
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "GLSA-201611-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-11"
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "openSUSE-SU-2016:3237",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
"url": "https://security.gentoo.org/glsa/201611-11",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20161030 Re: CVE request Qemu: 9pfs: integer overflow leading to OOB access",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/30/8"
"url": "http://www.openwall.com/lists/oss-security/2016/10/28/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/10/28/2"
},
{
"name": "[oss-security] 20161028 CVE request Qemu: 9pfs: integer overflow leading to OOB access",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/28/2"
"url": "http://www.openwall.com/lists/oss-security/2016/10/30/8",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/10/30/8"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
"url": "http://www.securityfocus.com/bid/93956",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/93956"
},
{
"name": "[qemu-devel] 20161013 Re: [PATCH v3 3/3] 9pfs: fix integer overflow issue in xattr read/write",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html"
}
]
}

103
2016/9xxx/CVE-2016-9105.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9105",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,47 +27,71 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "93965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93965"
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[qemu-devel] 20161012 Re: [PATCH] 9pfs: fix memory leak in v9fs_link",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02608.html"
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "GLSA-201611-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-11"
"url": "https://security.gentoo.org/glsa/201611-11",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "openSUSE-SU-2016:3237",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4c1586787ff43c9acd18a56c12d720e3e6be9f7c",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4c1586787ff43c9acd18a56c12d720e3e6be9f7c"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=4c1586787ff43c9acd18a56c12d720e3e6be9f7c",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=4c1586787ff43c9acd18a56c12d720e3e6be9f7c"
"url": "http://www.openwall.com/lists/oss-security/2016/10/28/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/10/28/3"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
"url": "http://www.openwall.com/lists/oss-security/2016/10/30/9",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/10/30/9"
},
{
"name": "[oss-security] 20161028 CVE request Qemu: memory leakage in v9fs_link",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/28/3"
"url": "http://www.securityfocus.com/bid/93965",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/93965"
},
{
"name": "[oss-security] 20161030 Re: CVE request Qemu: memory leakage in v9fs_link",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/30/9"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02608.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02608.html"
}
]
}

54
2016/9xxx/CVE-2016-9573.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap."
"value": "An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read",
"value": "CWE-125",
"cweId": "CWE-125"
}
]
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "The OpenJPEG Project",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "openjpeg",
"version": {
"version_data": [
{
"version_value": "0:1.5.1-16.el7_3",
"version_affected": "!"
"version_affected": "=",
"version_value": "2.1.2"
}
]
}
@ -79,21 +79,6 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/97073"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0838",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0838"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-9573",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-9573"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402711",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1402711"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573",
"refsource": "MISC",
@ -106,35 +91,8 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Liu Bingchang (IIE) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",

67
2016/9xxx/CVE-2016-9584.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9584",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,17 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161215 CVE-2016-9584: heap use-after-free on libical",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/15/5"
"url": "http://www.openwall.com/lists/oss-security/2016/12/15/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/12/15/5"
},
{
"name": "94948",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94948"
"url": "http://www.securityfocus.com/bid/94948",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94948"
}
]
}

71
2016/9xxx/CVE-2016-9585.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2016-12-13T00:00:00",
"ID": "CVE-2016-9585",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EAP-5",
"version": {
"version_data": [
{
"version_value": "EAP-5"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,23 +21,48 @@
"description": [
{
"lang": "eng",
"value": "CWE-502"
"value": "CWE-502",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "EAP-5",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "EAP-5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1404528",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404528"
"url": "http://www.securityfocus.com/bid/94932",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94932"
},
{
"name": "94932",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94932"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404528",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1404528"
}
]
}

92
2016/9xxx/CVE-2016-9605.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9605",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "cobbler",
"version": {
"version_data": [
{
"version_value": "2.6.11-1"
}
]
}
}
]
},
"vendor_name": "The cobbler Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,34 +15,67 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
"value": "CWE-79",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The cobbler Project",
"product": {
"product_data": [
{
"product_name": "cobbler",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.6.11-1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9605",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9605"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9605",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9605"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
]
}

79
2016/9xxx/CVE-2016-9773.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9773",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556."
"value": "Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556."
}
]
},
@ -50,27 +27,51 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/",
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/4",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/"
"name": "http://www.openwall.com/lists/oss-security/2016/12/01/4"
},
{
"name": "[oss-security] 20161202 Re: Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/02/12"
"url": "http://www.openwall.com/lists/oss-security/2016/12/02/11",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/12/02/11"
},
{
"name": "[oss-security] 20161201 imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/4"
"url": "http://www.openwall.com/lists/oss-security/2016/12/02/12",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/12/02/12"
},
{
"name": "[oss-security] 20161202 Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/02/11"
"url": "https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/",
"refsource": "MISC",
"name": "https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/"
}
]
}

85
2016/9xxx/CVE-2016-9845.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9845",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161205 Re: CVE request: Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset_info",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/22"
"url": "https://security.gentoo.org/glsa/201701-49",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "[qemu-devel] 20161101 [PATCH] virtio-gpu: fix information leak in getting capset info dispatch",
"refsource": "MLIST",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html"
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/15",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/12/05/15"
},
{
"name": "GLSA-201701-49",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-49"
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/22",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/12/05/22"
},
{
"name": "94763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94763"
"url": "http://www.securityfocus.com/bid/94763",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94763"
},
{
"name": "[oss-security] 20161205 CVE request: Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset_info",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/15"
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html",
"refsource": "MISC",
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html"
}
]
}

91
2016/9xxx/CVE-2016-9913.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9913",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,37 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "94729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94729"
"url": "https://security.gentoo.org/glsa/201701-49",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "[qemu-devel] 20161116 [PATCH v3 0/4] 9pfs: add cleanup operation in handle/proxy backend",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html"
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4774718e5c194026ba5ee7a28d9be49be3080e42",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4774718e5c194026ba5ee7a28d9be49be3080e42"
},
{
"name": "GLSA-201701-49",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-49"
"url": "http://www.openwall.com/lists/oss-security/2016/12/06/11",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/12/06/11"
},
{
"name": "[oss-security] 20161207 CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/06/11"
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/12/08/7"
},
{
"name": "[oss-security] 20161208 Re: CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/7"
"url": "http://www.securityfocus.com/bid/94729",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94729"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=4774718e5c194026ba5ee7a28d9be49be3080e42",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=4774718e5c194026ba5ee7a28d9be49be3080e42"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html"
}
]
}

97
2016/9xxx/CVE-2016-9914.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9914",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,42 +27,66 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "94729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94729"
"url": "https://security.gentoo.org/glsa/201701-49",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "[qemu-devel] 20161116 [PATCH v3 0/4] 9pfs: add cleanup operation in handle/proxy backend",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html"
"url": "http://www.openwall.com/lists/oss-security/2016/12/06/11",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/12/06/11"
},
{
"name": "GLSA-201701-49",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-49"
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/12/08/7"
},
{
"name": "[oss-security] 20161207 CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/06/11"
"url": "http://www.securityfocus.com/bid/94729",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94729"
},
{
"name": "[oss-security] 20161208 Re: CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/7"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=702dbcc274e2ca43be20ba64c758c0ca57dab91d",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=702dbcc274e2ca43be20ba64c758c0ca57dab91d"
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=702dbcc274e2ca43be20ba64c758c0ca57dab91d",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=702dbcc274e2ca43be20ba64c758c0ca57dab91d"
}
]
}

97
2016/9xxx/CVE-2016-9915.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9915",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,42 +27,66 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "94729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94729"
"url": "https://security.gentoo.org/glsa/201701-49",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "[qemu-devel] 20161116 [PATCH v3 0/4] 9pfs: add cleanup operation in handle/proxy backend",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html"
"url": "http://www.openwall.com/lists/oss-security/2016/12/06/11",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/12/06/11"
},
{
"name": "GLSA-201701-49",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-49"
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/12/08/7"
},
{
"name": "[oss-security] 20161207 CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/06/11"
"url": "http://www.securityfocus.com/bid/94729",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94729"
},
{
"name": "[oss-security] 20161208 Re: CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/7"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=971f406b77a6eb84e0ad27dcc416b663765aee30",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=971f406b77a6eb84e0ad27dcc416b663765aee30"
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=971f406b77a6eb84e0ad27dcc416b663765aee30",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=971f406b77a6eb84e0ad27dcc416b663765aee30"
}
]
}

73
2016/9xxx/CVE-2016-9923.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9923",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,22 +27,46 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161209 Re: CVE request Qemu: char: use after free issue in char backend",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/09/2"
"url": "https://security.gentoo.org/glsa/201701-49",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "GLSA-201701-49",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-49"
"url": "http://www.openwall.com/lists/oss-security/2016/12/09/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/12/09/2"
},
{
"name": "94827",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94827"
"url": "http://www.securityfocus.com/bid/94827",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94827"
}
]
}

41
2017/5xxx/CVE-2017-5885.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An integer overflow flaw was found in gtk-vnc. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library."
"value": "Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Integer Overflow or Wraparound",
"cweId": "CWE-190"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:0.7.0-2.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -79,44 +78,16 @@
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGPQ5MQR6SN4DYTEFACHP2PP5RR26KYK/"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-5885",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-5885"
},
{
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=778050",
"refsource": "MISC",
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=778050"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418952",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1418952"
},
{
"url": "https://git.gnome.org/browse/gtk-vnc/commit/?id=c8583fd3783c5b811590fcb7bae4ce6e7344963e",
"refsource": "MISC",
"name": "https://git.gnome.org/browse/gtk-vnc/commit/?id=c8583fd3783c5b811590fcb7bae4ce6e7344963e"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
}
}

65
2017/5xxx/CVE-2017-5886.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-5886",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,17 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp/",
"url": "http://www.securityfocus.com/bid/96512",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp/"
"name": "http://www.securityfocus.com/bid/96512"
},
{
"name": "96512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96512"
"url": "https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp/",
"refsource": "MISC",
"name": "https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp/"
}
]
}

91
2017/5xxx/CVE-2017-5931.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-5931",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,37 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[qemu-devel] 20170110 [PULL 03/41] virtio-crypto: fix possible integer and heap overflow",
"refsource": "MLIST",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01368.html"
"url": "https://security.gentoo.org/glsa/201702-28",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "96141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96141"
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=a08aaff811fb194950f79711d2afe5a892ae03a4",
"refsource": "MISC",
"name": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=a08aaff811fb194950f79711d2afe5a892ae03a4"
},
{
"name": "GLSA-201702-28",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-28"
"url": "http://www.openwall.com/lists/oss-security/2017/02/08/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/02/08/2"
},
{
"name": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=a08aaff811fb194950f79711d2afe5a892ae03a4",
"refsource": "CONFIRM",
"url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=a08aaff811fb194950f79711d2afe5a892ae03a4"
"url": "http://www.securityfocus.com/bid/96141",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/96141"
},
{
"name": "[oss-security] 20170207 Re: CVE request Qemu: virtio: integer overflow in handling virtio-crypto requests",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/08/2"
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01368.html",
"refsource": "MISC",
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01368.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1420092",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420092"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420092",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1420092"
}
]
}

79
2017/5xxx/CVE-2017-5932.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-5932",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,27 +27,51 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f747edc625815f449048579f6e65869914dd715",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f747edc625815f449048579f6e65869914dd715"
"url": "http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f747edc625815f449048579f6e65869914dd715",
"refsource": "MISC",
"name": "http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f747edc625815f449048579f6e65869914dd715"
},
{
"name": "[bug-bash] 20170120 Bash-4.4 Official Patch 7",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/bug-bash/2017-01/msg00034.html"
"url": "http://www.openwall.com/lists/oss-security/2017/02/08/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/02/08/3"
},
{
"name": "[oss-security] 20170207 Re: CVE Request - Code execution vulnerability in GNU/bash v4.4 autocompletion",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/08/3"
"url": "http://www.securityfocus.com/bid/96136",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/96136"
},
{
"name": "96136",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96136"
"url": "https://lists.gnu.org/archive/html/bug-bash/2017-01/msg00034.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/bug-bash/2017-01/msg00034.html"
}
]
}

79
2017/5xxx/CVE-2017-5937.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-5937",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,27 +27,51 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1420246",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420246"
"url": "http://www.openwall.com/lists/oss-security/2017/02/09/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/02/09/4"
},
{
"name": "96180",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96180"
"url": "http://www.securityfocus.com/bid/96180",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/96180"
},
{
"name": "[oss-security] 20170208 Re: CVE request virglrenderer: null pointer dereference in vrend_clear",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/09/4"
"url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282",
"refsource": "MISC",
"name": "https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282"
},
{
"name": "https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420246",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1420246"
}
]
}

104
2017/7xxx/CVE-2017-7464.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7464",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JBoss",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,45 +15,72 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.7/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H",
"version": "3.0"
}
],
[
{
"vectorString": "4/AV:N/AC:H/Au:N/C:P/I:N/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611"
"value": "CWE-611",
"cweId": "CWE-611"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "JBoss",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7464",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7464"
"url": "http://www.securityfocus.com/bid/98450",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/98450"
},
{
"name": "98450",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98450"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7464",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7464"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H",
"version": "3.0"
}
]
}

104
2017/7xxx/CVE-2017-7465.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7465",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jboss",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,45 +15,72 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "9.0/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
[
{
"vectorString": "5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611"
"value": "CWE-611",
"cweId": "CWE-611"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "jboss",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7465"
"url": "http://www.securityfocus.com/bid/97605",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/97605"
},
{
"name": "97605",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97605"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7465",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7465"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
}

37
2017/7xxx/CVE-2017-7470.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Incorrect Authorization",
"value": "CWE-863",
"cweId": "CWE-863"
}
]
@ -32,27 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 5.6",
"product_name": "spacewalk-backend",
"version": {
"version_data": [
{
"version_value": "0:2.0.3-45.el6sat",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Satellite 5.7",
"version": {
"version_data": [
{
"version_value": "0:2.3.3-49.el6sat",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -75,16 +64,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1259"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-7470",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-7470"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1439622",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1439622"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7470",
"refsource": "MISC",
@ -92,12 +71,6 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Bert Stel (SUSE) for reporting this issue."
}
],
"impact": {
"cvss": [
{

85
2017/7xxx/CVE-2017-7471.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7471",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9c6b899f7a46893ab3b671e341a2234e9c0c060e",
"refsource": "CONFIRM",
"url": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9c6b899f7a46893ab3b671e341a2234e9c0c060e"
"url": "http://www.openwall.com/lists/oss-security/2017/04/19/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/04/19/2"
},
{
"name": "GLSA-201706-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-03"
"url": "http://www.securityfocus.com/bid/97970",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/97970"
},
{
"name": "97970",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97970"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471"
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9c6b899f7a46893ab3b671e341a2234e9c0c060e",
"refsource": "MISC",
"name": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9c6b899f7a46893ab3b671e341a2234e9c0c060e"
},
{
"name": "[oss-security] 20170419 CVE-2017-7471 Qemu: 9p: virtfs allows guest to change filesystem attributes on host",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/04/19/2"
"url": "https://security.gentoo.org/glsa/201706-03",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201706-03"
}
]
}

59
2017/7xxx/CVE-2017-7472.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in the Linux kernel where the keyctl_set_reqkey_keyring() function leaks the thread keyring. This allows an unprivileged local user to exhaust kernel memory and thus cause a DoS."
"value": "The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption",
"cweId": "CWE-400"
"value": "exhaust kernel memory"
}
]
}
@ -32,31 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "Linux kernel before 4.10.13",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.17.1.rt56.636.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-693.17.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-693.17.1.rt56.604.el6rt",
"version_affected": "!"
"version_affected": "=",
"version_value": "Linux kernel before 4.10.13"
}
]
}
@ -109,21 +93,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0181"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-7472",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-7472"
},
{
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1034862",
"refsource": "MISC",
"name": "https://bugzilla.novell.com/show_bug.cgi?id=1034862"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1442086",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1442086"
},
{
"url": "https://github.com/torvalds/linux/commit/c9f838d104fed6f2f61d68164712e3204bf5271b",
"refsource": "MISC",
@ -148,24 +122,11 @@
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.13",
"refsource": "MISC",
"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.13"
}
]
},
"impact": {
"cvss": [
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1442086",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1442086"
}
]
}

79
2017/7xxx/CVE-2017-7475.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7475",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cairo",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,27 +27,51 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "Cairo",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.15.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=100763",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E",
"refsource": "MISC",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=100763"
"name": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"name": "[oss-security] 20170428 CVE-2017-7475 Cairo-1.15.4 Denial-of-Service Attack due to Logical Problem in Program",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2017/q2/151"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475",
"url": "http://seclists.org/oss-sec/2017/q2/151",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475"
"name": "http://seclists.org/oss-sec/2017/q2/151"
},
{
"refsource": "MLIST",
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=100763",
"refsource": "MISC",
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=100763"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475"
}
]
}

85
2017/7xxx/CVE-2017-7476.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7476",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gnulib before 2017-04-26",
"version": {
"version_data": [
{
"version_value": "Gnulib before 2017-04-26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Gnulib before 2017-04-26",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Gnulib before 2017-04-26"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2017-7476",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-7476"
"url": "http://git.savannah.gnu.org/gitweb/?p=gnulib.git%3Ba=commit%3Bh=94e01571507835ff59dd8ce2a0b56a4b566965a4",
"refsource": "MISC",
"name": "http://git.savannah.gnu.org/gitweb/?p=gnulib.git%3Ba=commit%3Bh=94e01571507835ff59dd8ce2a0b56a4b566965a4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1445185",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445185"
"url": "http://www.securityfocus.com/bid/98098",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/98098"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1444774",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444774"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444774",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1444774"
},
{
"name": "http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=94e01571507835ff59dd8ce2a0b56a4b566965a4",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=94e01571507835ff59dd8ce2a0b56a4b566965a4"
"url": "https://security-tracker.debian.org/tracker/CVE-2017-7476",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2017-7476"
},
{
"name": "98098",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98098"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445185",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1445185"
}
]
}

54
2017/7xxx/CVE-2017-7477.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature are both used together. A remote user or process could use this flaw to potentially escalate their privilege on a system."
"value": "Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
"value": "heap overflow"
}
]
}
@ -32,20 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "Linux kernel",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.26.1.rt56.442.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-514.26.1.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "Linux kernel"
}
]
}
@ -78,16 +73,6 @@
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1038500"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-7477",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-7477"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445207",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1445207"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee",
"refsource": "MISC",
@ -97,30 +82,11 @@
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5294b83086cc1c35b4efeca03644cf9d12282e5b",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5294b83086cc1c35b4efeca03644cf9d12282e5b"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Red Hat recommends blacklisting the kernel module to prevent its use. This will prevent accidental version loading by administration and also mitigate the flaw if a kernel with the affected module is booted.\n\nAs the macsec module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\nRaw\n\n # echo \"install macsec /bin/true\" >> /etc/modprobe.d/disable-macsec.conf \n\nIf macsec functionality is in use as a functional part of the system a kernel upgrade is required."
}
],
"impact": {
"cvss": [
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445207",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1445207"
}
]
}

73
2017/7xxx/CVE-2017-7483.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7483",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rxvt",
"version": {
"version_data": [
{
"version_value": "2.7.10"
}
]
}
}
]
},
"vendor_name": "The RXVT Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,22 +27,46 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The RXVT Project",
"product": {
"product_data": [
{
"product_name": "rxvt",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.7.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170501 Integer Overflow in rxvt",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/05/01/15"
"url": "http://www.openwall.com/lists/oss-security/2017/05/01/15",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/05/01/15"
},
{
"name": "[oss-security] 20170501 Re: Integer Overflow in rxvt",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/05/01/18"
"url": "http://www.openwall.com/lists/oss-security/2017/05/01/18",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/05/01/18"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210609 [SECURITY] [DLA 2683-1] rxvt security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00012.html"
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00012.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2021/06/msg00012.html"
}
]
}

103
2017/7xxx/CVE-2017-7487.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7487",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux kernel through 4.11.1",
"version": {
"version_data": [
{
"version_value": "Linux kernel through 4.11.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,47 +27,71 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Linux kernel through 4.11.1",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Linux kernel through 4.11.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "1039237",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039237"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee0d8d8482345ff97a75a7d747efc309f13b0d80",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee0d8d8482345ff97a75a7d747efc309f13b0d80"
},
{
"name": "https://github.com/torvalds/linux/commit/ee0d8d8482345ff97a75a7d747efc309f13b0d80",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/ee0d8d8482345ff97a75a7d747efc309f13b0d80"
"url": "http://www.debian.org/security/2017/dsa-3886",
"refsource": "MISC",
"name": "http://www.debian.org/security/2017/dsa-3886"
},
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
"url": "http://www.securityfocus.com/bid/98439",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/98439"
},
{
"name": "https://patchwork.ozlabs.org/patch/757549/",
"refsource": "CONFIRM",
"url": "https://patchwork.ozlabs.org/patch/757549/"
"url": "http://www.securitytracker.com/id/1039237",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1039237"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee0d8d8482345ff97a75a7d747efc309f13b0d80",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee0d8d8482345ff97a75a7d747efc309f13b0d80"
"url": "https://github.com/torvalds/linux/commit/ee0d8d8482345ff97a75a7d747efc309f13b0d80",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/ee0d8d8482345ff97a75a7d747efc309f13b0d80"
},
{
"name": "98439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98439"
"url": "https://patchwork.ozlabs.org/patch/757549/",
"refsource": "MISC",
"name": "https://patchwork.ozlabs.org/patch/757549/"
},
{
"name": "DSA-3886",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3886"
"url": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1447734",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1447734"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1447734",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1447734"
}
]
}

52
2017/7xxx/CVE-2017-7488.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found where authconfig could configure sssd in a way that treats existing and non-existing logins differently, leaking information on existence of a user. An attacker with physical or network access to the machine could enumerate users via a timing attack."
"value": "Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
"value": "Information exposure"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "authconfig",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "authconfig",
"version": {
"version_data": [
{
"version_value": "0:6.2.8-30.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "6.2.8"
}
]
}
@ -65,49 +64,14 @@
"name": "https://access.redhat.com/errata/RHSA-2017:2285"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-7488",
"url": "https://pagure.io/authconfig/c/0972f61ad4b5657ed89cf953e8f58f6513096224?branch=master",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-7488"
"name": "https://pagure.io/authconfig/c/0972f61ad4b5657ed89cf953e8f58f6513096224?branch=master"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441604",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1441604"
},
{
"url": "https://pagure.io/authconfig/c/0972f61ad4b5657ed89cf953e8f58f6513096224?branch=master",
"refsource": "MISC",
"name": "https://pagure.io/authconfig/c/0972f61ad4b5657ed89cf953e8f58f6513096224?branch=master"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Possible workaround (with side-effects):\nauthconfig --enablesysnetauth --update"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Thorsten Scherf (Red Hat) and Tomas Mraz (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
}

91
2017/7xxx/CVE-2017-7493.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7493",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "qemu",
"version": {
"version_data": [
{
"version_value": "2.7.4"
}
]
}
}
]
},
"vendor_name": "QEMU"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,37 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QEMU",
"product": {
"product_data": [
{
"product_name": "qemu",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.7.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201706-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-03"
"url": "https://security.gentoo.org/glsa/201706-03",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "98574",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98574"
"url": "http://seclists.org/oss-sec/2017/q2/278",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2017/q2/278"
},
{
"name": "[qemu-devel] 20170516 [PULL] 9pfs: local: forbid client access to metadata (CVE-2017-7493)",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html"
"url": "http://www.securityfocus.com/bid/98574",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/98574"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1451709",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451709"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html"
},
{
"name": "[oss-security] 20170517 CVE-2017-7493 Qemu: 9pfs: guest privilege escalation in virtfs mapped-file mode",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2017/q2/278"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451709",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1451709"
}
]
}

169
2017/7xxx/CVE-2017-7494.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7494",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "samba",
"version": {
"version_data": [
{
"version_value": "since 3.5.0"
}
]
}
}
]
},
"vendor_name": "Samba"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,87 +27,111 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Samba",
"product": {
"product_data": [
{
"product_name": "samba",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "since 3.5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "98636",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98636"
},
{
"name": "DSA-3860",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3860"
},
{
"name": "42084",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42084/"
},
{
"name": "RHSA-2017:1270",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1270"
},
{
"name": "https://www.samba.org/samba/security/CVE-2017-7494.html",
"refsource": "CONFIRM",
"url": "https://www.samba.org/samba/security/CVE-2017-7494.html"
},
{
"name": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01",
"url": "https://security.gentoo.org/glsa/201805-07",
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01"
"name": "https://security.gentoo.org/glsa/201805-07"
},
{
"name": "RHSA-2017:1390",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1390"
"url": "http://www.debian.org/security/2017/dsa-3860",
"refsource": "MISC",
"name": "http://www.debian.org/security/2017/dsa-3860"
},
{
"name": "1038552",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038552"
"url": "http://www.securityfocus.com/bid/98636",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/98636"
},
{
"name": "RHSA-2017:1273",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1273"
"url": "http://www.securitytracker.com/id/1038552",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1038552"
},
{
"name": "RHSA-2017:1271",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1271"
"url": "https://access.redhat.com/errata/RHSA-2017:1270",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1270"
},
{
"name": "GLSA-201805-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-07"
"url": "https://access.redhat.com/errata/RHSA-2017:1271",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1271"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us"
"url": "https://access.redhat.com/errata/RHSA-2017:1272",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1272"
},
{
"name": "RHSA-2017:1272",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1272"
"url": "https://access.redhat.com/errata/RHSA-2017:1273",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1273"
},
{
"name": "https://security.netapp.com/advisory/ntap-20170524-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20170524-0001/"
"url": "https://access.redhat.com/errata/RHSA-2017:1390",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1390"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us"
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01",
"refsource": "MISC",
"name": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01"
},
{
"name": "42060",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42060/"
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us"
},
{
"url": "https://security.netapp.com/advisory/ntap-20170524-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20170524-0001/"
},
{
"url": "https://www.exploit-db.com/exploits/42060/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/42060/"
},
{
"url": "https://www.exploit-db.com/exploits/42084/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/42084/"
},
{
"url": "https://www.samba.org/samba/security/CVE-2017-7494.html",
"refsource": "MISC",
"name": "https://www.samba.org/samba/security/CVE-2017-7494.html"
}
]
}

92
2017/7xxx/CVE-2017-7495.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in the Linux kernel where filesystems mounted with data=ordered mode may allow an attacker to read stale data from recently allocated blocks in new files after a system 'reset' by abusing ext4 mechanics of delayed allocation."
"value": "fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Initialization",
"cweId": "CWE-665"
"value": "filesystem mishandling"
}
]
}
@ -32,31 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "Linux kernel before 4.6.2",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.rt56.617.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-693.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-693.2.1.rt56.585.el6rt",
"version_affected": "!"
"version_affected": "=",
"version_value": "Linux kernel before 4.6.2"
}
]
}
@ -74,31 +58,11 @@
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2669",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:1842",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1842"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2077",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824"
},
{
"url": "http://seclists.org/oss-sec/2017/q2/259",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2017/q2/259"
},
{
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.2",
"refsource": "MISC",
@ -115,54 +79,14 @@
"name": "http://www.securityfocus.com/bid/98491"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-7495",
"url": "https://github.com/torvalds/linux/commit/06bd3c36a733ac27962fea7d6f47168841376824",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-7495"
"name": "https://github.com/torvalds/linux/commit/06bd3c36a733ac27962fea7d6f47168841376824"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450261",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1450261"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824"
},
{
"url": "https://github.com/torvalds/linux/commit/06bd3c36a733ac27962fea7d6f47168841376824",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/06bd3c36a733ac27962fea7d6f47168841376824"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Alternative filesystems may be used in place of ext4 in case of sensitive data leak. Alternatively, don't hard reset the system."
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Takeshi Nishimura (NEC) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
}

64
2017/7xxx/CVE-2017-7496.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7496",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "fedora-arm-installer",
"version": {
"version_data": [
{
"version_value": "up to and including 1.99.16"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,18 +21,43 @@
"description": [
{
"lang": "eng",
"value": "CWE-391"
"value": "CWE-391",
"cweId": "CWE-391"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "fedora-arm-installer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "up to and including 1.99.16"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://pagure.io/arm-image-installer/pull-request/10",
"refsource": "CONFIRM",
"url": "https://pagure.io/arm-image-installer/pull-request/10"
"url": "https://pagure.io/arm-image-installer/pull-request/10",
"refsource": "MISC",
"name": "https://pagure.io/arm-image-installer/pull-request/10"
}
]
}

57
2017/7xxx/CVE-2017-7497.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Access Control",
"value": "CWE-284",
"cweId": "CWE-284"
}
]
@ -32,47 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "CloudForms Management Engine 5.7",
"product_name": "CFME",
"version": {
"version_data": [
{
"version_value": "0:5.7.3.2-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.7.2-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:4.1.5-1.el7cf",
"version_affected": "!"
}
]
}
},
{
"product_name": "CloudForms Management Engine 5.8",
"version": {
"version_data": [
{
"version_value": "0:2.3.0.0-1.el7",
"version_affected": "!"
},
{
"version_value": "0:3.1.3-1.el7at",
"version_affected": "!"
},
{
"version_value": "0:5.8.1.5-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.7.2-1.el7cf",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -95,16 +64,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1758"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-7497",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-7497"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450150",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1450150"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7497",
"refsource": "MISC",
@ -112,12 +71,6 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Gellert Kis (Red Hat)."
}
],
"impact": {
"cvss": [
{

51
2017/7xxx/CVE-2017-7502.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library."
"value": "Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"value": "CWE-476",
"cweId": "CWE-476"
}
]
@ -32,27 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "NSS project",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "nss",
"version": {
"version_data": [
{
"version_value": "0:3.28.4-3.el6_9",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.28.4-1.2.el7_3",
"version_affected": "!"
"version_affected": "=",
"version_value": "since 3.24.0"
}
]
}
@ -105,39 +94,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1712"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-7502",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-7502"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446631",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1446631"
},
{
"url": "https://hg.mozilla.org/projects/nss/rev/55ea60effd0d",
"refsource": "MISC",
"name": "https://hg.mozilla.org/projects/nss/rev/55ea60effd0d"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}
}

67
2017/7xxx/CVE-2017-7503.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7503",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JBoss Enterprise Application Platform",
"version": {
"version_data": [
{
"version_value": "7.0.5"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,17 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "JBoss Enterprise Application Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.0.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "98546",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98546"
"url": "http://www.securityfocus.com/bid/98546",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/98546"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1451960",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451960"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451960",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1451960"
}
]
}

70
2017/7xxx/CVE-2017-7504.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7504",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JBoss",
"version": {
"version_data": [
{
"version_value": "4.x"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,23 +21,48 @@
"description": [
{
"lang": "eng",
"value": "CWE-502"
"value": "CWE-502",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "JBoss",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.x"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1451441",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451441"
"url": "http://www.securityfocus.com/bid/98595",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/98595"
},
{
"name": "98595",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98595"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451441",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1451441"
}
]
}

76
2017/7xxx/CVE-2017-7505.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7505",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "foreman",
"version": {
"version_data": [
{
"version_value": "1.5 and higher"
}
]
}
}
]
},
"vendor_name": "Foreman"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,28 +21,53 @@
"description": [
{
"lang": "eng",
"value": "CWE-863"
"value": "CWE-863",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Foreman",
"product": {
"product_data": [
{
"product_name": "foreman",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.5 and higher"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "98607",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98607"
"url": "http://projects.theforeman.org/issues/19612",
"refsource": "MISC",
"name": "http://projects.theforeman.org/issues/19612"
},
{
"name": "http://projects.theforeman.org/issues/19612",
"refsource": "CONFIRM",
"url": "http://projects.theforeman.org/issues/19612"
"url": "http://www.securityfocus.com/bid/98607",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/98607"
},
{
"name": "https://github.com/theforeman/foreman/pull/4545",
"refsource": "CONFIRM",
"url": "https://github.com/theforeman/foreman/pull/4545"
"url": "https://github.com/theforeman/foreman/pull/4545",
"refsource": "MISC",
"name": "https://github.com/theforeman/foreman/pull/4545"
}
]
}