From 224736cd14a36d9fa9bd4f6d217972eabaaa41da Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 12 Feb 2023 23:02:06 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2015/3xxx/CVE-2015-3278.json | 61 +++---- 2015/3xxx/CVE-2015-3288.json | 62 ++----- 2015/4xxx/CVE-2015-4037.json | 139 ++++++++-------- 2015/4xxx/CVE-2015-4167.json | 145 ++++++++-------- 2015/4xxx/CVE-2015-4176.json | 85 +++++----- 2015/4xxx/CVE-2015-4177.json | 97 +++++------ 2015/4xxx/CVE-2015-4178.json | 97 +++++------ 2015/5xxx/CVE-2015-5156.json | 77 +-------- 2015/5xxx/CVE-2015-5157.json | 94 +---------- 2015/5xxx/CVE-2015-5158.json | 79 ++++----- 2015/5xxx/CVE-2015-5166.json | 91 +++++----- 2015/5xxx/CVE-2015-5176.json | 61 +++---- 2015/5xxx/CVE-2015-5177.json | 85 +++++----- 2015/5xxx/CVE-2015-5178.json | 269 +----------------------------- 2015/5xxx/CVE-2015-5186.json | 79 ++++----- 2015/5xxx/CVE-2015-5187.json | 61 +++---- 2015/5xxx/CVE-2015-5188.json | 273 +----------------------------- 2015/5xxx/CVE-2015-5198.json | 109 ++++++------ 2015/5xxx/CVE-2015-5216.json | 21 +-- 2015/5xxx/CVE-2015-5217.json | 79 ++++----- 2015/5xxx/CVE-2015-5228.json | 79 ++++----- 2015/5xxx/CVE-2015-5236.json | 48 +++--- 2015/5xxx/CVE-2015-5237.json | 247 ++++++++++++++-------------- 2015/5xxx/CVE-2015-5246.json | 67 ++++---- 2016/7xxx/CVE-2016-7423.json | 97 +++++------ 2016/7xxx/CVE-2016-7994.json | 91 +++++----- 2016/7xxx/CVE-2016-7995.json | 91 +++++----- 2016/8xxx/CVE-2016-8613.json | 310 +---------------------------------- 2016/8xxx/CVE-2016-8633.json | 95 +---------- 2016/8xxx/CVE-2016-8634.json | 310 +---------------------------------- 2016/8xxx/CVE-2016-8635.json | 116 ++++++------- 2016/8xxx/CVE-2016-8643.json | 67 ++++---- 2016/8xxx/CVE-2016-8644.json | 67 ++++---- 2016/8xxx/CVE-2016-8645.json | 82 +-------- 2016/8xxx/CVE-2016-8653.json | 104 ++++++------ 2016/8xxx/CVE-2016-8655.json | 99 +---------- 2016/9xxx/CVE-2016-9103.json | 97 +++++------ 2016/9xxx/CVE-2016-9104.json | 97 +++++------ 2016/9xxx/CVE-2016-9105.json | 103 ++++++------ 2016/9xxx/CVE-2016-9573.json | 54 +----- 2016/9xxx/CVE-2016-9584.json | 67 ++++---- 2016/9xxx/CVE-2016-9585.json | 71 ++++---- 2016/9xxx/CVE-2016-9605.json | 92 ++++++----- 2016/9xxx/CVE-2016-9773.json | 79 ++++----- 2016/9xxx/CVE-2016-9845.json | 85 +++++----- 2016/9xxx/CVE-2016-9913.json | 91 +++++----- 2016/9xxx/CVE-2016-9914.json | 97 +++++------ 2016/9xxx/CVE-2016-9915.json | 97 +++++------ 2016/9xxx/CVE-2016-9923.json | 73 +++++---- 2017/5xxx/CVE-2017-5885.json | 41 +---- 2017/5xxx/CVE-2017-5886.json | 65 ++++---- 2017/5xxx/CVE-2017-5931.json | 91 +++++----- 2017/5xxx/CVE-2017-5932.json | 79 ++++----- 2017/5xxx/CVE-2017-5937.json | 79 ++++----- 2017/7xxx/CVE-2017-7464.json | 104 ++++++------ 2017/7xxx/CVE-2017-7465.json | 104 ++++++------ 2017/7xxx/CVE-2017-7470.json | 37 +---- 2017/7xxx/CVE-2017-7471.json | 85 +++++----- 2017/7xxx/CVE-2017-7472.json | 59 ++----- 2017/7xxx/CVE-2017-7475.json | 79 ++++----- 2017/7xxx/CVE-2017-7476.json | 85 +++++----- 2017/7xxx/CVE-2017-7477.json | 54 ++---- 2017/7xxx/CVE-2017-7483.json | 73 +++++---- 2017/7xxx/CVE-2017-7487.json | 103 ++++++------ 2017/7xxx/CVE-2017-7488.json | 52 +----- 2017/7xxx/CVE-2017-7493.json | 91 +++++----- 2017/7xxx/CVE-2017-7494.json | 169 +++++++++---------- 2017/7xxx/CVE-2017-7495.json | 92 +---------- 2017/7xxx/CVE-2017-7496.json | 64 ++++---- 2017/7xxx/CVE-2017-7497.json | 57 +------ 2017/7xxx/CVE-2017-7502.json | 51 +----- 2017/7xxx/CVE-2017-7503.json | 67 ++++---- 2017/7xxx/CVE-2017-7504.json | 70 ++++---- 2017/7xxx/CVE-2017-7505.json | 76 ++++----- 74 files changed, 2628 insertions(+), 4436 deletions(-) diff --git a/2015/3xxx/CVE-2015-3278.json b/2015/3xxx/CVE-2015-3278.json index 6afbe89c423..cc50641445c 100644 --- a/2015/3xxx/CVE-2015-3278.json +++ b/2015/3xxx/CVE-2015-3278.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-3278", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,12 +27,36 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1238326", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238326" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238326", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1238326" } ] } diff --git a/2015/3xxx/CVE-2015-3288.json b/2015/3xxx/CVE-2015-3288.json index a42424be7ec..4a9bdcd3709 100644 --- a/2015/3xxx/CVE-2015-3288.json +++ b/2015/3xxx/CVE-2015-3288.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2015-3288 kernel: zero page memory arbitrary modification" + "value": "mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Unchecked Error Condition", - "cweId": "CWE-391" + "value": "n/a" } ] } @@ -32,16 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:3.10.0-327.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -54,11 +53,6 @@ }, "references": { "reference_data": [ - { - "url": "https://access.redhat.com/errata/RHSA-2015:2152", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2015:2152" - }, { "url": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "MISC", @@ -79,16 +73,6 @@ "refsource": "MISC", "name": "http://www.securityfocus.com/bid/93591" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2015-3288", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2015-3288" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333830", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1333830" - }, { "url": "https://github.com/torvalds/linux/commit/6b7339f4c31ad69c8e9c0b2859276e22cf72176d", "refsource": "MISC", @@ -98,37 +82,11 @@ "url": "https://security-tracker.debian.org/tracker/CVE-2015-3288", "refsource": "MISC", "name": "https://security-tracker.debian.org/tracker/CVE-2015-3288" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Kirill A. Shutemov (Intel) for reporting this issue." - } - ], - "impact": { - "cvss": [ + }, { - "accessComplexity": "LOW", - "accessVector": "LOCAL", - "authentication": "NONE", - "availabilityImpact": "COMPLETE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 7.2, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "COMPLETE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "COMPLETE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "version": "2.0" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333830", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1333830" } ] } diff --git a/2015/4xxx/CVE-2015-4037.json b/2015/4xxx/CVE-2015-4037.json index 8aa911299cd..814f693a69e 100644 --- a/2015/4xxx/CVE-2015-4037.json +++ b/2015/4xxx/CVE-2015-4037.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-4037", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,77 +27,101 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "USN-2630-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2630-1" + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html" }, { - "name": "SUSE-SU-2015:1152", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html" }, { - "name": "[oss-security] 20150523 Re: QEMU 2.3.0 tmp vulns CVE request", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2015/05/23/4" + "url": "http://www.debian.org/security/2015/dsa-3284", + "refsource": "MISC", + "name": "http://www.debian.org/security/2015/dsa-3284" }, { - "name": "SUSE-SU-2015:1519", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html" + "url": "http://www.debian.org/security/2015/dsa-3285", + "refsource": "MISC", + "name": "http://www.debian.org/security/2015/dsa-3285" }, { - "name": "FEDORA-2015-9599", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160414.html" + "url": "http://www.ubuntu.com/usn/USN-2630-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2630-1" }, { - "name": "FEDORA-2015-9601", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160058.html" + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html" }, { - "name": "[oss-security] 20150516 Re: QEMU 2.3.0 tmp vulns CVE request", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2015/05/16/5" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160058.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160058.html" }, { - "name": "DSA-3284", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2015/dsa-3284" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160414.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160414.html" }, { - "name": "1032547", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1032547" + "url": "http://www.openwall.com/lists/oss-security/2015/05/13/7", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/05/13/7" }, { - "name": "openSUSE-SU-2015:1965", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html" + "url": "http://www.openwall.com/lists/oss-security/2015/05/16/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/05/16/5" }, { - "name": "74809", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/74809" + "url": "http://www.openwall.com/lists/oss-security/2015/05/23/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/05/23/4" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1222892", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222892" + "url": "http://www.securityfocus.com/bid/74809", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/74809" }, { - "name": "[oss-security] 20150513 QEMU 2.3.0 tmp vulns CVE request", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2015/05/13/7" + "url": "http://www.securitytracker.com/id/1032547", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1032547" }, { - "name": "DSA-3285", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2015/dsa-3285" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222892", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1222892" } ] } diff --git a/2015/4xxx/CVE-2015-4167.json b/2015/4xxx/CVE-2015-4167.json index 26a44e324b8..b724348f0f2 100644 --- a/2015/4xxx/CVE-2015-4167.json +++ b/2015/4xxx/CVE-2015-4167.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-4167", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,82 +27,106 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "DSA-3290", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2015/dsa-3290" + "url": "http://www.debian.org/security/2015/dsa-3313", + "refsource": "MISC", + "name": "http://www.debian.org/security/2015/dsa-3313" }, { - "name": "USN-2631-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2631-1" + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1228204", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228204" + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html" }, { - "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1", - "refsource": "CONFIRM", - "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1" + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html" }, { - "name": "USN-2632-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2632-1" + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html" }, { - "name": "SUSE-SU-2015:1611", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html" + "url": "http://www.debian.org/security/2015/dsa-3290", + "refsource": "MISC", + "name": "http://www.debian.org/security/2015/dsa-3290" }, { - "name": "SUSE-SU-2015:1324", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html" + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23b133bdc452aa441fcb9b82cbf6dd05cfd342d0", + "refsource": "MISC", + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23b133bdc452aa441fcb9b82cbf6dd05cfd342d0" }, { - "name": "openSUSE-SU-2015:1382", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html" + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1", + "refsource": "MISC", + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1" }, { - "name": "https://github.com/torvalds/linux/commit/23b133bdc452aa441fcb9b82cbf6dd05cfd342d0", - "refsource": "CONFIRM", - "url": "https://github.com/torvalds/linux/commit/23b133bdc452aa441fcb9b82cbf6dd05cfd342d0" + "url": "http://www.openwall.com/lists/oss-security/2015/06/02/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/06/02/6" }, { - "name": "DSA-3313", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2015/dsa-3313" + "url": "http://www.securityfocus.com/bid/74963", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/74963" }, { - "name": "[oss-security] 20150602 CVE request Linux kernel: fs: udf kernel oops", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2015/06/02/6" + "url": "http://www.securitytracker.com/id/1033187", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1033187" }, { - "name": "74963", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/74963" + "url": "http://www.ubuntu.com/usn/USN-2631-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2631-1" }, { - "name": "SUSE-SU-2015:1592", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html" + "url": "http://www.ubuntu.com/usn/USN-2632-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2632-1" }, { - "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23b133bdc452aa441fcb9b82cbf6dd05cfd342d0", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23b133bdc452aa441fcb9b82cbf6dd05cfd342d0" + "url": "https://github.com/torvalds/linux/commit/23b133bdc452aa441fcb9b82cbf6dd05cfd342d0", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/23b133bdc452aa441fcb9b82cbf6dd05cfd342d0" }, { - "name": "1033187", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1033187" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228204", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1228204" } ] } diff --git a/2015/4xxx/CVE-2015-4176.json b/2015/4xxx/CVE-2015-4176.json index b60b1850fcf..3f99aae05c1 100644 --- a/2015/4xxx/CVE-2015-4176.json +++ b/2015/4xxx/CVE-2015-4176.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-4176", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,32 +27,56 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20150604 Re: Re: CVE request Linux kernel: ns: user namespaces panic", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2015/06/04/5" + "url": "http://www.openwall.com/lists/oss-security/2015/06/04/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/06/04/5" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1249442", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249442" + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e0c9c0afd2fc958ffa34b697972721d81df8a56f", + "refsource": "MISC", + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e0c9c0afd2fc958ffa34b697972721d81df8a56f" }, { - "name": "https://github.com/torvalds/linux/commit/e0c9c0afd2fc958ffa34b697972721d81df8a56f", - "refsource": "CONFIRM", - "url": "https://github.com/torvalds/linux/commit/e0c9c0afd2fc958ffa34b697972721d81df8a56f" + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.2", + "refsource": "MISC", + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.2" }, { - "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.2", - "refsource": "CONFIRM", - "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.2" + "url": "https://github.com/torvalds/linux/commit/e0c9c0afd2fc958ffa34b697972721d81df8a56f", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/e0c9c0afd2fc958ffa34b697972721d81df8a56f" }, { - "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e0c9c0afd2fc958ffa34b697972721d81df8a56f", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e0c9c0afd2fc958ffa34b697972721d81df8a56f" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249442", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1249442" } ] } diff --git a/2015/4xxx/CVE-2015-4177.json b/2015/4xxx/CVE-2015-4177.json index ed4ab6ad227..7ac31aae148 100644 --- a/2015/4xxx/CVE-2015-4177.json +++ b/2015/4xxx/CVE-2015-4177.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-4177", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,42 +27,66 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cd4a40174b71acd021877341684d8bb1dc8ea4ae", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cd4a40174b71acd021877341684d8bb1dc8ea4ae" + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cd4a40174b71acd021877341684d8bb1dc8ea4ae", + "refsource": "MISC", + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cd4a40174b71acd021877341684d8bb1dc8ea4ae" }, { - "name": "[oss-security] 20150529 CVE request Linux kernel: ns: user namespaces panic", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2015/05/29/5" + "url": "http://openwall.com/lists/oss-security/2015/05/29/10", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/05/29/10" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1248486", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248486" + "url": "http://openwall.com/lists/oss-security/2015/05/29/5", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/05/29/5" }, { - "name": "https://github.com/torvalds/linux/commit/cd4a40174b71acd021877341684d8bb1dc8ea4ae", - "refsource": "CONFIRM", - "url": "https://github.com/torvalds/linux/commit/cd4a40174b71acd021877341684d8bb1dc8ea4ae" + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5", + "refsource": "MISC", + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5" }, { - "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5", - "refsource": "CONFIRM", - "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5" + "url": "http://www.openwall.com/lists/oss-security/2015/06/04/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/06/04/5" }, { - "name": "[oss-security] 20150529 Re: CVE request Linux kernel: ns: user namespaces panic", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2015/05/29/10" + "url": "https://github.com/torvalds/linux/commit/cd4a40174b71acd021877341684d8bb1dc8ea4ae", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/cd4a40174b71acd021877341684d8bb1dc8ea4ae" }, { - "name": "[oss-security] 20150604 Re: Re: CVE request Linux kernel: ns: user namespaces panic", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2015/06/04/5" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248486", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1248486" } ] } diff --git a/2015/4xxx/CVE-2015-4178.json b/2015/4xxx/CVE-2015-4178.json index a1cb4f76bd7..e5f1198e475 100644 --- a/2015/4xxx/CVE-2015-4178.json +++ b/2015/4xxx/CVE-2015-4178.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-4178", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,42 +27,66 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20150529 CVE request Linux kernel: ns: user namespaces panic", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2015/05/29/5" + "url": "http://openwall.com/lists/oss-security/2015/05/29/10", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/05/29/10" }, { - "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5", - "refsource": "CONFIRM", - "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5" + "url": "http://openwall.com/lists/oss-security/2015/05/29/5", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/05/29/5" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1249849", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249849" + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5", + "refsource": "MISC", + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5" }, { - "name": "[oss-security] 20150529 Re: CVE request Linux kernel: ns: user namespaces panic", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2015/05/29/10" + "url": "http://www.openwall.com/lists/oss-security/2015/06/04/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/06/04/5" }, { - "name": "[oss-security] 20150604 Re: Re: CVE request Linux kernel: ns: user namespaces panic", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2015/06/04/5" + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=820f9f147dcce2602eefd9b575bbbd9ea14f0953", + "refsource": "MISC", + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=820f9f147dcce2602eefd9b575bbbd9ea14f0953" }, { - "name": "https://github.com/torvalds/linux/commit/820f9f147dcce2602eefd9b575bbbd9ea14f0953", - "refsource": "CONFIRM", - "url": "https://github.com/torvalds/linux/commit/820f9f147dcce2602eefd9b575bbbd9ea14f0953" + "url": "https://github.com/torvalds/linux/commit/820f9f147dcce2602eefd9b575bbbd9ea14f0953", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/820f9f147dcce2602eefd9b575bbbd9ea14f0953" }, { - "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=820f9f147dcce2602eefd9b575bbbd9ea14f0953", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=820f9f147dcce2602eefd9b575bbbd9ea14f0953" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249849", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1249849" } ] } diff --git a/2015/5xxx/CVE-2015-5156.json b/2015/5xxx/CVE-2015-5156.json index 7f8cbcca1aa..fae488d7cb5 100644 --- a/2015/5xxx/CVE-2015-5156.json +++ b/2015/5xxx/CVE-2015-5156.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A buffer overflow flaw was found in the way the Linux kernel's virtio-net subsystem handled certain fraglists when the GRO (Generic Receive Offload) functionality was enabled in a bridged network configuration. An attacker on the local network could potentially use this flaw to crash the system, or, although unlikely, elevate their privileges on the system." + "value": "The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Heap-based Buffer Overflow", - "cweId": "CWE-122" + "value": "n/a" } ] } @@ -32,31 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 6", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:2.6.32-642.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "0:3.10.0-229.20.1.rt56.141.14.el7_1", - "version_affected": "!" - }, - { - "version_value": "0:3.10.0-229.20.1.ael7b", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -150,59 +134,14 @@ "name": "http://www.ubuntu.com/usn/USN-2777-1" }, { - "url": "https://access.redhat.com/errata/RHSA-2015:1977", + "url": "https://github.com/torvalds/linux/commit/48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39", "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2015:1977" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2015:1978", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2015:1978" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:0855", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:0855" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2015-5156", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2015-5156" + "name": "https://github.com/torvalds/linux/commit/48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243852", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1243852" - }, - { - "url": "https://github.com/torvalds/linux/commit/48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39", - "refsource": "MISC", - "name": "https://github.com/torvalds/linux/commit/48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39" - } - ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "HIGH", - "accessVector": "ADJACENT_NETWORK", - "authentication": "NONE", - "availabilityImpact": "COMPLETE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 6.8, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "COMPLETE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "COMPLETE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C", - "version": "2.0" } ] } diff --git a/2015/5xxx/CVE-2015-5157.json b/2015/5xxx/CVE-2015-5157.json index 4ef31c3f2ad..6dafe15629d 100644 --- a/2015/5xxx/CVE-2015-5157.json +++ b/2015/5xxx/CVE-2015-5157.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially (although highly unlikely), escalate their privileges on the system." + "value": "arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Interaction Between Multiple Correctly-Behaving Entities", - "cweId": "CWE-435" + "value": "n/a" } ] } @@ -32,42 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 6", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:2.6.32-573.26.1.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "0:3.10.0-327.10.1.rt56.211.el7_2", - "version_affected": "!" - }, - { - "version_value": "0:3.10.0-327.10.1.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise MRG 2", - "version": { - "version_data": [ - { - "version_value": "1:3.10.0-327.rt56.171.el6rt", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -185,66 +158,11 @@ "refsource": "MISC", "name": "http://www.securityfocus.com/bid/76005" }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:0185", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:0185" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:0212", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:0212" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:0224", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:0224" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:0715", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:0715" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2015-5157", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2015-5157" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1259577", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1259577" - }, { "url": "https://github.com/torvalds/linux/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0a", "refsource": "MISC", "name": "https://github.com/torvalds/linux/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0a" } ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "HIGH", - "accessVector": "LOCAL", - "authentication": "NONE", - "availabilityImpact": "COMPLETE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 6.2, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "COMPLETE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "COMPLETE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "version": "2.0" - } - ] } } \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5158.json b/2015/5xxx/CVE-2015-5158.json index 713434d805d..dc04d0c85cb 100644 --- a/2015/5xxx/CVE-2015-5158.json +++ b/2015/5xxx/CVE-2015-5158.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5158", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,27 +27,51 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "76016", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/76016" + "url": "https://security.gentoo.org/glsa/201510-02", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201510-02" }, { - "name": "[Qemu-devel] 20150722 [PATCH] scsi: fix buffer overflow in scsi_req_parse_cdb (CVE-2015-5158)", - "refsource": "MLIST", - "url": "https://lists.nongnu.org/archive/html/qemu-devel/2015-07/msg04558.html" + "url": "http://www.securityfocus.com/bid/76016", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/76016" }, { - "name": "GLSA-201510-02", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201510-02" + "url": "http://www.securitytracker.com/id/1033095", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1033095" }, { - "name": "1033095", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1033095" + "url": "https://lists.nongnu.org/archive/html/qemu-devel/2015-07/msg04558.html", + "refsource": "MISC", + "name": "https://lists.nongnu.org/archive/html/qemu-devel/2015-07/msg04558.html" } ] } diff --git a/2015/5xxx/CVE-2015-5166.json b/2015/5xxx/CVE-2015-5166.json index e54bab7bfd4..3723416c674 100644 --- a/2015/5xxx/CVE-2015-5166.json +++ b/2015/5xxx/CVE-2015-5166.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5166", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,37 +27,61 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "FEDORA-2015-15944", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html" }, { - "name": "FEDORA-2015-14361", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html" }, { - "name": "FEDORA-2015-15946", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html" }, { - "name": "76152", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/76152" + "url": "http://www.securityfocus.com/bid/76152", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/76152" }, { - "name": "1033175", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1033175" + "url": "http://www.securitytracker.com/id/1033175", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1033175" }, { - "name": "http://xenbits.xen.org/xsa/advisory-139.html", - "refsource": "CONFIRM", - "url": "http://xenbits.xen.org/xsa/advisory-139.html" + "url": "http://xenbits.xen.org/xsa/advisory-139.html", + "refsource": "MISC", + "name": "http://xenbits.xen.org/xsa/advisory-139.html" } ] } diff --git a/2015/5xxx/CVE-2015-5176.json b/2015/5xxx/CVE-2015-5176.json index cd04a58bd44..33e4ec61072 100644 --- a/2015/5xxx/CVE-2015-5176.json +++ b/2015/5xxx/CVE-2015-5176.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5176", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,12 +27,36 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2015:1543", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2015-1543.html" + "url": "http://rhn.redhat.com/errata/RHSA-2015-1543.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2015-1543.html" } ] } diff --git a/2015/5xxx/CVE-2015-5177.json b/2015/5xxx/CVE-2015-5177.json index a42d8c96b7d..fc0ebe92044 100644 --- a/2015/5xxx/CVE-2015-5177.json +++ b/2015/5xxx/CVE-2015-5177.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5177", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,32 +27,56 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/", - "refsource": "CONFIRM", - "url": "http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/" + "url": "http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/", + "refsource": "MISC", + "name": "http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/" }, { - "name": "DSA-3353", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2015/dsa-3353" + "url": "http://www.securityfocus.com/bid/76635", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/76635" }, { - "name": "1033719", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1033719" + "url": "http://www.securitytracker.com/id/1033719", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1033719" }, { - "name": "76635", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/76635" + "url": "https://www.debian.org/security/2015/dsa-3353", + "refsource": "MISC", + "name": "https://www.debian.org/security/2015/dsa-3353" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1251064", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251064" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251064", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1251064" } ] } diff --git a/2015/5xxx/CVE-2015-5178.json b/2015/5xxx/CVE-2015-5178.json index f012fc4a33d..31459d1d973 100644 --- a/2015/5xxx/CVE-2015-5178.json +++ b/2015/5xxx/CVE-2015-5178.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking)." + "value": "The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation", - "cweId": "CWE-20" + "value": "n/a" } ] } @@ -32,222 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:2.7.17-1.redhat_1.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:1.0.5-1.Final_redhat_1.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:5.2.15-1.Final_redhat_1.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:0.33.16-1.redhat_1.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:7.5.4-2.Final_redhat_4.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:2.5.10-4.Final_redhat_2.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:7.5.4-4.Final_redhat_4.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:7.5.4-3.Final_redhat_4.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:2.5.10-2.Final_redhat_2.2.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:2.3.8-1.Final_redhat_1.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:3.2.10-1.Final_redhat_1.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:7.5.11-1.Final_redhat_1.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:1.1.0-2.Final_redhat_7.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:4.3.5-4.Final_redhat_3.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-2.SP4_redhat_6.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:1.1.31-1.Final_redhat_1.1.ep6.el5", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", - "version": { - "version_data": [ - { - "version_value": "0:2.7.17-1.redhat_1.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:1.0.5-1.Final_redhat_1.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:5.2.15-1.Final_redhat_1.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:0.33.16-1.redhat_1.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:7.5.4-2.Final_redhat_4.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:2.5.10-4.Final_redhat_2.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:7.5.4-4.Final_redhat_4.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:7.5.4-3.Final_redhat_4.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:2.5.10-2.Final_redhat_2.2.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:2.3.8-1.Final_redhat_1.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:3.2.10-1.Final_redhat_1.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:7.5.11-1.Final_redhat_1.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:1.1.0-2.Final_redhat_7.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:4.3.5-4.Final_redhat_3.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-2.SP4_redhat_6.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:1.1.31-1.Final_redhat_1.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:7.5.4-1.Final_redhat_4.ep6.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", - "version": { - "version_data": [ - { - "version_value": "0:2.7.17-1.redhat_1.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.0.5-1.Final_redhat_1.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:5.2.15-1.Final_redhat_1.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.33.16-1.redhat_1.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:7.5.4-2.Final_redhat_4.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.5.10-4.Final_redhat_2.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:7.5.4-4.Final_redhat_4.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:7.5.4-3.Final_redhat_4.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.5.10-2.Final_redhat_2.2.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.3.8-1.Final_redhat_1.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.2.10-1.Final_redhat_1.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:7.5.11-1.Final_redhat_1.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.1.0-2.Final_redhat_7.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:4.3.5-4.Final_redhat_3.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-2.SP4_redhat_6.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.1.31-1.Final_redhat_1.1.ep6.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -290,61 +83,11 @@ "refsource": "MISC", "name": "http://www.securitytracker.com/id/1033859" }, - { - "url": "https://access.redhat.com/errata/RHSA-2015:1904", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2015:1904" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2015:1905", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2015:1905" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2015:1906", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2015:1906" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2015:1907", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2015:1907" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2015-5178", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2015-5178" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1250552", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1250552" } ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "ADJACENT_NETWORK", - "authentication": "NONE", - "availabilityImpact": "NONE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 2.9, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N", - "version": "2.0" - } - ] } } \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5186.json b/2015/5xxx/CVE-2015-5186.json index f62da217274..20cfe0f4ad4 100644 --- a/2015/5xxx/CVE-2015-5186.json +++ b/2015/5xxx/CVE-2015-5186.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5186", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,27 +27,51 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "76840", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/76840" + "url": "http://www.openwall.com/lists/oss-security/2015/08/13/9", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/08/13/9" }, { - "name": "[oss-security] 20150813 Audit: log terminal emulator escape sequences handling CVE-2015-5186", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2015/08/13/9" + "url": "http://www.securityfocus.com/bid/76840", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/76840" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1251621", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251621" + "url": "https://people.redhat.com/sgrubb/audit/ChangeLog", + "refsource": "MISC", + "name": "https://people.redhat.com/sgrubb/audit/ChangeLog" }, { - "name": "https://people.redhat.com/sgrubb/audit/ChangeLog", - "refsource": "CONFIRM", - "url": "https://people.redhat.com/sgrubb/audit/ChangeLog" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251621", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1251621" } ] } diff --git a/2015/5xxx/CVE-2015-5187.json b/2015/5xxx/CVE-2015-5187.json index 73cadec1e5f..055b3df4562 100644 --- a/2015/5xxx/CVE-2015-5187.json +++ b/2015/5xxx/CVE-2015-5187.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5187", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,12 +27,36 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1252147", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252147" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252147", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1252147" } ] } diff --git a/2015/5xxx/CVE-2015-5188.json b/2015/5xxx/CVE-2015-5188.json index 1eee05ea62e..efa8d52ae0f 100644 --- a/2015/5xxx/CVE-2015-5188.json +++ b/2015/5xxx/CVE-2015-5188.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "It was discovered that when uploading a file using a multipart/form-data submission to the EAP Web Console, the Console was vulnerable to Cross-Site Request Forgery (CSRF). This meant that an attacker could use the flaw together with a forgery attack to make changes to an authenticated instance." + "value": "Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make arbitrary changes to an instance via vectors involving a file upload using a multipart/form-data submission." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" + "value": "n/a" } ] } @@ -32,222 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:2.7.17-1.redhat_1.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:1.0.5-1.Final_redhat_1.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:5.2.15-1.Final_redhat_1.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:0.33.16-1.redhat_1.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:7.5.4-2.Final_redhat_4.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:2.5.10-4.Final_redhat_2.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:7.5.4-4.Final_redhat_4.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:7.5.4-3.Final_redhat_4.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:2.5.10-2.Final_redhat_2.2.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:2.3.8-1.Final_redhat_1.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:3.2.10-1.Final_redhat_1.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:7.5.11-1.Final_redhat_1.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:1.1.0-2.Final_redhat_7.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:4.3.5-4.Final_redhat_3.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-2.SP4_redhat_6.1.ep6.el5", - "version_affected": "!" - }, - { - "version_value": "0:1.1.31-1.Final_redhat_1.1.ep6.el5", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", - "version": { - "version_data": [ - { - "version_value": "0:2.7.17-1.redhat_1.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:1.0.5-1.Final_redhat_1.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:5.2.15-1.Final_redhat_1.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:0.33.16-1.redhat_1.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:7.5.4-2.Final_redhat_4.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:2.5.10-4.Final_redhat_2.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:7.5.4-4.Final_redhat_4.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:7.5.4-3.Final_redhat_4.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:2.5.10-2.Final_redhat_2.2.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:2.3.8-1.Final_redhat_1.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:3.2.10-1.Final_redhat_1.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:7.5.11-1.Final_redhat_1.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:1.1.0-2.Final_redhat_7.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:4.3.5-4.Final_redhat_3.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-2.SP4_redhat_6.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:1.1.31-1.Final_redhat_1.1.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:7.5.4-1.Final_redhat_4.ep6.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", - "version": { - "version_data": [ - { - "version_value": "0:2.7.17-1.redhat_1.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.0.5-1.Final_redhat_1.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:5.2.15-1.Final_redhat_1.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.33.16-1.redhat_1.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:7.5.4-2.Final_redhat_4.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.5.10-4.Final_redhat_2.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:7.5.4-4.Final_redhat_4.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:7.5.4-3.Final_redhat_4.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.5.10-2.Final_redhat_2.2.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.3.8-1.Final_redhat_1.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.2.10-1.Final_redhat_1.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:7.5.11-1.Final_redhat_1.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.1.0-2.Final_redhat_7.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:4.3.5-4.Final_redhat_3.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-2.SP4_redhat_6.1.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.1.31-1.Final_redhat_1.1.ep6.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -291,64 +84,14 @@ "name": "http://www.securitytracker.com/id/1033859" }, { - "url": "https://access.redhat.com/errata/RHSA-2015:1904", + "url": "https://issues.jboss.org/browse/WFCORE-594", "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2015:1904" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2015:1905", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2015:1905" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2015:1906", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2015:1906" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2015:1907", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2015:1907" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2015-5188", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2015-5188" + "name": "https://issues.jboss.org/browse/WFCORE-594" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252885", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1252885" - }, - { - "url": "https://issues.jboss.org/browse/WFCORE-594", - "refsource": "MISC", - "name": "https://issues.jboss.org/browse/WFCORE-594" - } - ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "HIGH", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 5.1, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "PARTIAL", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "version": "2.0" } ] } diff --git a/2015/5xxx/CVE-2015-5198.json b/2015/5xxx/CVE-2015-5198.json index 9dbf66512bc..2f8cbabf991 100644 --- a/2015/5xxx/CVE-2015-5198.json +++ b/2015/5xxx/CVE-2015-5198.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5198", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,52 +27,76 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "FEDORA-2015-14851", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167469.html" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170637.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170637.html" }, { - "name": "76636", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/76636" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165546.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165546.html" }, { - "name": "FEDORA-2015-3ca3f2138b", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170637.html" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167469.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167469.html" }, { - "name": "FEDORA-2015-14850", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165546.html" + "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00012.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00012.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1253824", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1253824" + "url": "http://lists.x.org/archives/xorg-announce/2015-August/002630.html", + "refsource": "MISC", + "name": "http://lists.x.org/archives/xorg-announce/2015-August/002630.html" }, { - "name": "USN-2729-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2729-1" + "url": "http://www.debian.org/security/2015/dsa-3355", + "refsource": "MISC", + "name": "http://www.debian.org/security/2015/dsa-3355" }, { - "name": "openSUSE-SU-2015:1537", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00012.html" + "url": "http://www.securityfocus.com/bid/76636", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/76636" }, { - "name": "[xorg-announce] 20150831 libvdpau 1.1.1", - "refsource": "MLIST", - "url": "http://lists.x.org/archives/xorg-announce/2015-August/002630.html" + "url": "http://www.ubuntu.com/usn/USN-2729-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2729-1" }, { - "name": "DSA-3355", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2015/dsa-3355" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1253824", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1253824" } ] } diff --git a/2015/5xxx/CVE-2015-5216.json b/2015/5xxx/CVE-2015-5216.json index 0e9ed29ea58..9df5fc80485 100644 --- a/2015/5xxx/CVE-2015-5216.json +++ b/2015/5xxx/CVE-2015-5216.json @@ -1,12 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5216", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -39,6 +39,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "0.1.0 before 1.0.1" } ] @@ -53,19 +54,19 @@ "references": { "reference_data": [ { + "url": "http://www.openwall.com/lists/oss-security/2015/10/27/8", "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2015/10/27/8", - "url": "http://www.openwall.com/lists/oss-security/2015/10/27/8" + "name": "http://www.openwall.com/lists/oss-security/2015/10/27/8" }, { + "url": "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1255170", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255170" + "name": "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16" }, { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255170", "refsource": "MISC", - "name": "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16", - "url": "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1255170" } ] } diff --git a/2015/5xxx/CVE-2015-5217.json b/2015/5xxx/CVE-2015-5217.json index c2ae8108831..08ab9e596c3 100644 --- a/2015/5xxx/CVE-2015-5217.json +++ b/2015/5xxx/CVE-2015-5217.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5217", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,27 +27,51 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://pagure.io/ipsilon/826e6339441546f596320f3d73304ab5f7c10de6", - "refsource": "CONFIRM", - "url": "https://pagure.io/ipsilon/826e6339441546f596320f3d73304ab5f7c10de6" + "url": "http://www.openwall.com/lists/oss-security/2015/10/27/8", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/10/27/8" }, { - "name": "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1", - "refsource": "CONFIRM", - "url": "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1" + "url": "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1", + "refsource": "MISC", + "name": "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1255172", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255172" + "url": "https://pagure.io/ipsilon/826e6339441546f596320f3d73304ab5f7c10de6", + "refsource": "MISC", + "name": "https://pagure.io/ipsilon/826e6339441546f596320f3d73304ab5f7c10de6" }, { - "name": "[oss-security] 20151027 Multiple CVE info for Ipsilon", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2015/10/27/8" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255172", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1255172" } ] } diff --git a/2015/5xxx/CVE-2015-5228.json b/2015/5xxx/CVE-2015-5228.json index 728d4852fd8..863c4fdb7dc 100644 --- a/2015/5xxx/CVE-2015-5228.json +++ b/2015/5xxx/CVE-2015-5228.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5228", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,27 +27,51 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20150825 CVE-2015-5228 & CVE-2015-5231 in the criu service daemon", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2015/08/25/5" + "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00030.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00030.html" }, { - "name": "openSUSE-SU-2015:1593", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00030.html" + "url": "http://www.openwall.com/lists/oss-security/2015/08/25/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/08/25/5" }, { - "name": "[CRIU] 20150825 Hardening the criu service daemon", - "refsource": "MLIST", - "url": "https://lists.openvz.org/pipermail/criu/2015-August/021847.html" + "url": "https://lists.openvz.org/pipermail/criu/2015-August/021847.html", + "refsource": "MISC", + "name": "https://lists.openvz.org/pipermail/criu/2015-August/021847.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1255782", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255782" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255782", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1255782" } ] } diff --git a/2015/5xxx/CVE-2015-5236.json b/2015/5xxx/CVE-2015-5236.json index efbacfbc32c..a27be0f0de1 100644 --- a/2015/5xxx/CVE-2015-5236.json +++ b/2015/5xxx/CVE-2015-5236.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2015-5236", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was discovered that the IcedTea-Web used codebase attribute of the tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-345", + "cweId": "CWE-345" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,6 +40,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "Unkown" } ] @@ -30,32 +52,12 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-345" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1256403", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1256403", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1256403" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "It was discovered that the IcedTea-Web used codebase attribute of the tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value." + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1256403" } ] } diff --git a/2015/5xxx/CVE-2015-5237.json b/2015/5xxx/CVE-2015-5237.json index f34a3ce8883..c28df4524b0 100644 --- a/2015/5xxx/CVE-2015-5237.json +++ b/2015/5xxx/CVE-2015-5237.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5237", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,167 +27,191 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://github.com/google/protobuf/issues/760", - "refsource": "CONFIRM", - "url": "https://github.com/google/protobuf/issues/760" + "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E" }, { - "name": "[oss-security] 20150827 CVE-2015-5237: Integer overflow in protobuf serialization (currently minor)", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2015/08/27/2" + "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1256426", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1256426" + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "url": "http://www.openwall.com/lists/oss-security/2015/08/27/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/08/27/2" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "url": "https://github.com/google/protobuf/issues/760", + "refsource": "MISC", + "name": "https://github.com/google/protobuf/issues/760" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r00097d0b5b6164ea428554007121d5dc1f88ba2af7b9e977a10572cd%40%3Cdev.hbase.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r00097d0b5b6164ea428554007121d5dc1f88ba2af7b9e977a10572cd%40%3Cdev.hbase.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[pulsar-commits] 20200425 [GitHub] [pulsar] guyv opened a new issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.)", - "url": "https://lists.apache.org/thread.html/ra28fed69eef3a71e5fe5daea001d0456b05b102044237330ec5c7c82@%3Ccommits.pulsar.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r00d9ab1fc0f1daf14cd4386564dd84f7889404438d81462c86dfa836%40%3Ccommon-dev.hadoop.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r00d9ab1fc0f1daf14cd4386564dd84f7889404438d81462c86dfa836%40%3Ccommon-dev.hadoop.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[pulsar-commits] 20200428 [GitHub] [pulsar] gaoran10 edited a comment on issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.1)", - "url": "https://lists.apache.org/thread.html/r17dc6f394429f6bffb5e4c66555d93c2e9923cbbdc5a93db9a56c1c7@%3Ccommits.pulsar.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[pulsar-commits] 20200428 [GitHub] [pulsar] gaoran10 commented on issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.1)", - "url": "https://lists.apache.org/thread.html/r42e47994734cd1980ef3e204a40555336e10cc80096927aca2f37d90@%3Ccommits.pulsar.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[pulsar-commits] 20200428 [GitHub] [pulsar] guyv commented on issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.1)", - "url": "https://lists.apache.org/thread.html/re6d04a214424a97ea59c62190d79316edf311a0a6346524dfef3b940@%3Ccommits.pulsar.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r0ca83171c4898dc92b86fa6f484a7be1dc96206765f4d01dce0f1b28%40%3Ccommon-issues.hadoop.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r0ca83171c4898dc92b86fa6f484a7be1dc96206765f4d01dce0f1b28%40%3Ccommon-issues.hadoop.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[pulsar-commits] 20200428 [GitHub] [pulsar] guyv edited a comment on issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.1)", - "url": "https://lists.apache.org/thread.html/r1263fa5b51e4ec3cb8f09ff40e4747428c71198e9bee93349ec96a3c@%3Ccommits.pulsar.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r1263fa5b51e4ec3cb8f09ff40e4747428c71198e9bee93349ec96a3c%40%3Ccommits.pulsar.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r1263fa5b51e4ec3cb8f09ff40e4747428c71198e9bee93349ec96a3c%40%3Ccommits.pulsar.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[pulsar-commits] 20200430 [GitHub] [pulsar] sijie commented on issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.1)", - "url": "https://lists.apache.org/thread.html/r42ef6acfb0d86a2df0c2390702ecbe97d2104a331560f2790d17ca69@%3Ccommits.pulsar.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r14fa8d38d5757254f1a2e112270c996711d514de2e3b01c93d397ab4%40%3Cissues.spark.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r14fa8d38d5757254f1a2e112270c996711d514de2e3b01c93d397ab4%40%3Cissues.spark.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[pulsar-commits] 20200506 [GitHub] [pulsar] gaoran10 commented on issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.1)", - "url": "https://lists.apache.org/thread.html/rb71dac1d9dd4e8a8ae3dbc033aeae514eda9be1263c1df3b42a530a2@%3Ccommits.pulsar.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r17dc6f394429f6bffb5e4c66555d93c2e9923cbbdc5a93db9a56c1c7%40%3Ccommits.pulsar.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r17dc6f394429f6bffb5e4c66555d93c2e9923cbbdc5a93db9a56c1c7%40%3Ccommits.pulsar.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[pulsar-commits] 20200506 [GitHub] [pulsar] gaoran10 edited a comment on issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.1)", - "url": "https://lists.apache.org/thread.html/r320dc858da88846ba00bb077bcca2cdf75b7dde0f6eb3a3d60dba6a1@%3Ccommits.pulsar.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r1d274d647b3c2060df9be21eade4ce56d3a59998cf19ac72662dd994%40%3Ccommits.pulsar.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r1d274d647b3c2060df9be21eade4ce56d3a59998cf19ac72662dd994%40%3Ccommits.pulsar.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[pulsar-commits] 20200506 [GitHub] [pulsar] sijie commented on issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.1)", - "url": "https://lists.apache.org/thread.html/r85c9a764b573c786224688cc906c27e28343e18f5b33387f94cae90f@%3Ccommits.pulsar.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r2ea33ce5591a9cb9ed52750b6ab42ab658f529a7028c3166ba93c7d5%40%3Ccommon-issues.hadoop.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r2ea33ce5591a9cb9ed52750b6ab42ab658f529a7028c3166ba93c7d5%40%3Ccommon-issues.hadoop.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version", - "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r320dc858da88846ba00bb077bcca2cdf75b7dde0f6eb3a3d60dba6a1%40%3Ccommits.pulsar.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r320dc858da88846ba00bb077bcca2cdf75b7dde0f6eb3a3d60dba6a1%40%3Ccommits.pulsar.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version", - "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r42e47994734cd1980ef3e204a40555336e10cc80096927aca2f37d90%40%3Ccommits.pulsar.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r42e47994734cd1980ef3e204a40555336e10cc80096927aca2f37d90%40%3Ccommits.pulsar.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[pulsar-commits] 20210120 [GitHub] [pulsar] fmiguelez opened a new issue #9250: Protobuf version used in broker and client affected by vulnerability CVE-2015-5237", - "url": "https://lists.apache.org/thread.html/r5e52caf41dc49df55b4ee80758356fe1ff2a88179ff24c685de7c28d@%3Ccommits.pulsar.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r42ef6acfb0d86a2df0c2390702ecbe97d2104a331560f2790d17ca69%40%3Ccommits.pulsar.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r42ef6acfb0d86a2df0c2390702ecbe97d2104a331560f2790d17ca69%40%3Ccommits.pulsar.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[pulsar-commits] 20210120 [GitHub] [pulsar] merlimat commented on issue #9250: Protobuf version used in broker and client affected by vulnerability CVE-2015-5237", - "url": "https://lists.apache.org/thread.html/rf7539287c90be979bac94af9aaba34118fbf968864944b4871af48dd@%3Ccommits.pulsar.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r4886108206d4c535db9b20c813fe4723d4fe6a91b9278382af8b9d08%40%3Cissues.spark.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r4886108206d4c535db9b20c813fe4723d4fe6a91b9278382af8b9d08%40%3Cissues.spark.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[pulsar-commits] 20210128 [GitHub] [pulsar] codelipenghui closed issue #9250: Protobuf version used in broker and client affected by vulnerability CVE-2015-5237", - "url": "https://lists.apache.org/thread.html/r1d274d647b3c2060df9be21eade4ce56d3a59998cf19ac72662dd994@%3Ccommits.pulsar.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r4ef574a5621b0e670a3ce641e9922543e34f22bf4c9ee9584aa67fcf%40%3Cissues.hbase.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r4ef574a5621b0e670a3ce641e9922543e34f22bf4c9ee9584aa67fcf%40%3Cissues.hbase.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[spark-issues] 20210624 [jira] [Assigned] (SPARK-35877) Spark Protobuf jar has CVE issue CVE-2015-5237", - "url": "https://lists.apache.org/thread.html/rb40dc9d63a5331bce8e80865b7fa3af9dd31e16555affd697b6f3526@%3Cissues.spark.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r5741f4dbdd129dbb9885f5fb170dc1b24a06b9313bedef5e67fded94%40%3Cissues.spark.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r5741f4dbdd129dbb9885f5fb170dc1b24a06b9313bedef5e67fded94%40%3Cissues.spark.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[spark-issues] 20210624 [jira] [Commented] (SPARK-35877) Spark Protobuf jar has CVE issue CVE-2015-5237", - "url": "https://lists.apache.org/thread.html/r4886108206d4c535db9b20c813fe4723d4fe6a91b9278382af8b9d08@%3Cissues.spark.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r5e52caf41dc49df55b4ee80758356fe1ff2a88179ff24c685de7c28d%40%3Ccommits.pulsar.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r5e52caf41dc49df55b4ee80758356fe1ff2a88179ff24c685de7c28d%40%3Ccommits.pulsar.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[spark-issues] 20210624 [jira] [Created] (SPARK-35877) Spark Protobuf jar has CVE issue CVE-2015-5237", - "url": "https://lists.apache.org/thread.html/r5741f4dbdd129dbb9885f5fb170dc1b24a06b9313bedef5e67fded94@%3Cissues.spark.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r764fc66435ee4d185d359c28c0887d3e5866d7292a8d5598d9e7cbc4%40%3Ccommon-issues.hadoop.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r764fc66435ee4d185d359c28c0887d3e5866d7292a8d5598d9e7cbc4%40%3Ccommon-issues.hadoop.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[spark-issues] 20210720 [jira] [Resolved] (SPARK-35877) Spark Protobuf jar has CVE issue CVE-2015-5237", - "url": "https://lists.apache.org/thread.html/r14fa8d38d5757254f1a2e112270c996711d514de2e3b01c93d397ab4@%3Cissues.spark.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r7fed8dd9bee494094e7011cf3c2ab75bd8754ea314c6734688c42932%40%3Ccommon-issues.hadoop.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r7fed8dd9bee494094e7011cf3c2ab75bd8754ea314c6734688c42932%40%3Ccommon-issues.hadoop.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hadoop-common-dev] 20210823 [jira] [Created] (HADOOP-17860) Upgrade third party protobuf-java-2.5.0.jar to address vulnerabilities CVEs #CVE-2015-5237", - "url": "https://lists.apache.org/thread.html/r00d9ab1fc0f1daf14cd4386564dd84f7889404438d81462c86dfa836@%3Ccommon-dev.hadoop.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r85c9a764b573c786224688cc906c27e28343e18f5b33387f94cae90f%40%3Ccommits.pulsar.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r85c9a764b573c786224688cc906c27e28343e18f5b33387f94cae90f%40%3Ccommits.pulsar.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hadoop-common-issues] 20210823 [jira] [Updated] (HADOOP-17860) Upgrade third party protobuf-java-2.5.0.jar to address vulnerabilities #CVE-2015-5237", - "url": "https://lists.apache.org/thread.html/r764fc66435ee4d185d359c28c0887d3e5866d7292a8d5598d9e7cbc4@%3Ccommon-issues.hadoop.apache.org%3E" + "url": "https://lists.apache.org/thread.html/ra28fed69eef3a71e5fe5daea001d0456b05b102044237330ec5c7c82%40%3Ccommits.pulsar.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/ra28fed69eef3a71e5fe5daea001d0456b05b102044237330ec5c7c82%40%3Ccommits.pulsar.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hadoop-common-issues] 20210823 [jira] [Created] (HADOOP-17860) Upgrade third party protobuf-java-2.5.0.jar to address vulnerabilities CVEs #CVE-2015-5237", - "url": "https://lists.apache.org/thread.html/r2ea33ce5591a9cb9ed52750b6ab42ab658f529a7028c3166ba93c7d5@%3Ccommon-issues.hadoop.apache.org%3E" + "url": "https://lists.apache.org/thread.html/rb40dc9d63a5331bce8e80865b7fa3af9dd31e16555affd697b6f3526%40%3Cissues.spark.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/rb40dc9d63a5331bce8e80865b7fa3af9dd31e16555affd697b6f3526%40%3Cissues.spark.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hadoop-common-issues] 20210823 [jira] [Commented] (HADOOP-17860) Upgrade third party protobuf-java-2.5.0.jar to address vulnerabilities #CVE-2015-5237", - "url": "https://lists.apache.org/thread.html/r0ca83171c4898dc92b86fa6f484a7be1dc96206765f4d01dce0f1b28@%3Ccommon-issues.hadoop.apache.org%3E" + "url": "https://lists.apache.org/thread.html/rb71dac1d9dd4e8a8ae3dbc033aeae514eda9be1263c1df3b42a530a2%40%3Ccommits.pulsar.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/rb71dac1d9dd4e8a8ae3dbc033aeae514eda9be1263c1df3b42a530a2%40%3Ccommits.pulsar.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hbase-issues] 20210828 [jira] [Commented] (HBASE-26234) Protobuf-java-2.5.0.jar Has Several Security Vulnerabilities,CVE-2015-5237,CVE-2019-15544", - "url": "https://lists.apache.org/thread.html/r4ef574a5621b0e670a3ce641e9922543e34f22bf4c9ee9584aa67fcf@%3Cissues.hbase.apache.org%3E" + "url": "https://lists.apache.org/thread.html/rd64381fb8f92d640c1975dc50dcdf1b8512e02a2a7b20292d3565cae%40%3Cissues.hbase.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/rd64381fb8f92d640c1975dc50dcdf1b8512e02a2a7b20292d3565cae%40%3Cissues.hbase.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hbase-dev] 20210828 [jira] [Created] (HBASE-26234) Protobuf-java-2.5.0.jar Has Several Security Vulnerabilities,CVE-2015-5237,CVE-2019-15544", - "url": "https://lists.apache.org/thread.html/r00097d0b5b6164ea428554007121d5dc1f88ba2af7b9e977a10572cd@%3Cdev.hbase.apache.org%3E" + "url": "https://lists.apache.org/thread.html/re6d04a214424a97ea59c62190d79316edf311a0a6346524dfef3b940%40%3Ccommits.pulsar.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/re6d04a214424a97ea59c62190d79316edf311a0a6346524dfef3b940%40%3Ccommits.pulsar.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hbase-issues] 20210828 [jira] [Created] (HBASE-26234) Protobuf-java-2.5.0.jar Has Several Security Vulnerabilities,CVE-2015-5237,CVE-2019-15544", - "url": "https://lists.apache.org/thread.html/rd64381fb8f92d640c1975dc50dcdf1b8512e02a2a7b20292d3565cae@%3Cissues.hbase.apache.org%3E" + "url": "https://lists.apache.org/thread.html/rf7539287c90be979bac94af9aaba34118fbf968864944b4871af48dd%40%3Ccommits.pulsar.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/rf7539287c90be979bac94af9aaba34118fbf968864944b4871af48dd%40%3Ccommits.pulsar.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hadoop-common-issues] 20210902 [jira] [Updated] (HADOOP-17860) Upgrade third party protobuf-java-2.5.0.jar to address vulnerabilities #CVE-2015-5237, CVE-2019-15544", - "url": "https://lists.apache.org/thread.html/r7fed8dd9bee494094e7011cf3c2ab75bd8754ea314c6734688c42932@%3Ccommon-issues.hadoop.apache.org%3E" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1256426", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1256426" } ] } diff --git a/2015/5xxx/CVE-2015-5246.json b/2015/5xxx/CVE-2015-5246.json index 0c988d365c1..2c47f99fe79 100644 --- a/2015/5xxx/CVE-2015-5246.json +++ b/2015/5xxx/CVE-2015-5246.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5246", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,17 +27,41 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://projects.theforeman.org/issues/11471", - "refsource": "CONFIRM", - "url": "http://projects.theforeman.org/issues/11471" + "url": "http://projects.theforeman.org/issues/11471", + "refsource": "MISC", + "name": "http://projects.theforeman.org/issues/11471" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1258700", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1258700" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1258700", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1258700" } ] } diff --git a/2016/7xxx/CVE-2016-7423.json b/2016/7xxx/CVE-2016-7423.json index 3cea39e3f4a..de792f7ec78 100644 --- a/2016/7xxx/CVE-2016-7423.json +++ b/2016/7xxx/CVE-2016-7423.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-7423", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,42 +27,66 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "GLSA-201611-11", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201611-11" + "url": "https://security.gentoo.org/glsa/201611-11", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201611-11" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1376776", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376776" + "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5", + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5" }, { - "name": "92997", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/92997" + "url": "http://www.openwall.com/lists/oss-security/2016/09/16/11", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/09/16/11" }, { - "name": "[qemu-devel] 20160915 [PULL 03/17] scsi: mptsas: use g_new0 to allocate MPTSASRequest object", - "refsource": "MLIST", - "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03604.html" + "url": "http://www.openwall.com/lists/oss-security/2016/09/16/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/09/16/5" }, { - "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5", - "refsource": "CONFIRM", - "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5" + "url": "http://www.securityfocus.com/bid/92997", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/92997" }, { - "name": "[oss-security] 20160916 Re: CVE request Qemu: scsi: mptsas: OOB access when freeing MPTSASRequest object", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/09/16/11" + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03604.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03604.html" }, { - "name": "[oss-security] 20160916 CVE request Qemu: scsi: mptsas: OOB access when freeing MPTSASRequest object", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/09/16/5" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376776", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1376776" } ] } diff --git a/2016/7xxx/CVE-2016-7994.json b/2016/7xxx/CVE-2016-7994.json index 6762c9cdefa..da2d3b1c899 100644 --- a/2016/7xxx/CVE-2016-7994.json +++ b/2016/7xxx/CVE-2016-7994.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-7994", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,37 +27,61 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "93453", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/93453" + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" }, { - "name": "GLSA-201611-11", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201611-11" + "url": "https://security.gentoo.org/glsa/201611-11", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201611-11" }, { - "name": "[oss-security] 20161007 CVE request Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/10/07/2" + "url": "http://www.openwall.com/lists/oss-security/2016/10/07/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/10/07/2" }, { - "name": "openSUSE-SU-2016:3237", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" + "url": "http://www.openwall.com/lists/oss-security/2016/10/08/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/10/08/3" }, { - "name": "[qemu-devel] 20160919 Re: [PATCH] virtio-gpu: fix memory leak in virtio_gpu_resource_create_2d", - "refsource": "MLIST", - "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04083.html" + "url": "http://www.securityfocus.com/bid/93453", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/93453" }, { - "name": "[oss-security] 20161008 Re: CVE request Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/10/08/3" + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04083.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04083.html" } ] } diff --git a/2016/7xxx/CVE-2016-7995.json b/2016/7xxx/CVE-2016-7995.json index 304d8b6d449..5ddd94bd861 100644 --- a/2016/7xxx/CVE-2016-7995.json +++ b/2016/7xxx/CVE-2016-7995.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-7995", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,37 +27,61 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[qemu-devel] 20160926 Re: [PATCH] usb: ehci: fix memory leak in ehci_process_itd", - "refsource": "MLIST", - "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg06609.html" + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" }, { - "name": "openSUSE-SU-2016:3237", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" + "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=b16c129daf0fed91febbb88de23dae8271c8898a", + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=b16c129daf0fed91febbb88de23dae8271c8898a" }, { - "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=b16c129daf0fed91febbb88de23dae8271c8898a", - "refsource": "CONFIRM", - "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=b16c129daf0fed91febbb88de23dae8271c8898a" + "url": "http://www.openwall.com/lists/oss-security/2016/10/07/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/10/07/3" }, { - "name": "[oss-security] 20161007 CVE request Qemu: usb: hcd-ehci: memory leak in ehci_process_itd", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/10/07/3" + "url": "http://www.openwall.com/lists/oss-security/2016/10/08/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/10/08/4" }, { - "name": "[oss-security] 20161008 Re: CVE request Qemu: usb: hcd-ehci: memory leak in ehci_process_itd", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/10/08/4" + "url": "http://www.securityfocus.com/bid/93454", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/93454" }, { - "name": "93454", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/93454" + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg06609.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg06609.html" } ] } diff --git a/2016/8xxx/CVE-2016-8613.json b/2016/8xxx/CVE-2016-8613.json index 76e3b177dd9..a67a68d10a1 100644 --- a/2016/8xxx/CVE-2016-8613.json +++ b/2016/8xxx/CVE-2016-8613.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2016-8613 foreman: Stored XSS vulnerability in remote execution plugin" + "value": "A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. The output of the job is stored, making this a stored XSS vulnerability." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "value": "CWE-79", "cweId": "CWE-79" } ] @@ -32,272 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "The Foreman Project", "product": { "product_data": [ { - "product_name": "Red Hat Satellite 6.3 for RHEL 7", + "product_name": "foreman", "version": { "version_data": [ { - "version_value": "0:2.1.14-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.15.6.34-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:201801241201-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.4.4-1", - "version_affected": "!" - }, - { - "version_value": "1:1.15.6.8-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.15.6.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.15.6.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.4.5-15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.5.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.4.5.26-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.0.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.5.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.13.4.6-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.1.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.13.4-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.13.4.8-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.16-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.0.5-4.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.0.9-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.6-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.2.1-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.4-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.9-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.10-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.6.9-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.0-1.git.0.b5c2768.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.7-2.git.0.3b416c9.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:6.3.0-23.0.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:6.3.0.12-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.1.1.4-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:10.0.2.2-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:9.1.5.3-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.1.0.3-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.14-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.7.11-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.13-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.7.2-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.6-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.6.4-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.8-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.0.1-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.4.16-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.9-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.11.0.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.3.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.11.0.5-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.8-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.3.3-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.6-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.5-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.6-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.12-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.11.3.5-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.4.5.58-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.2-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.10-1.fm1_15.el7sat", - "version_affected": "!" + "version_affected": "=", + "version_value": "1.5.1" } ] } @@ -310,26 +54,11 @@ }, "references": { "reference_data": [ - { - "url": "https://access.redhat.com/errata/RHSA-2018:0336", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2018:0336" - }, { "url": "http://www.securityfocus.com/bid/93859", "refsource": "MISC", "name": "http://www.securityfocus.com/bid/93859" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-8613", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-8613" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1387232", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1387232" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8613", "refsource": "MISC", @@ -347,35 +76,8 @@ } ] }, - "credits": [ - { - "lang": "en", - "value": "This issue was discovered by Sanket Jagtap (Red Hat)." - } - ], "impact": { "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "NONE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 4.3, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "version": "2.0" - }, { "attackComplexity": "LOW", "attackVector": "NETWORK", diff --git a/2016/8xxx/CVE-2016-8633.json b/2016/8xxx/CVE-2016-8633.json index 93af42e9f8f..51305830022 100644 --- a/2016/8xxx/CVE-2016-8633.json +++ b/2016/8xxx/CVE-2016-8633.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A buffer overflow vulnerability due to a lack of input filtering of incoming fragmented datagrams was found in the IP-over-1394 driver [firewire-net] in a fragment handling code in the Linux kernel. The vulnerability exists since firewire supported IPv4, i.e. since version 2.6.31 (year 2009) till version v4.9-rc4. A maliciously formed fragment with a respectively large datagram offset would cause a memcpy() past the datagram buffer, which would cause a system panic or possible arbitrary code execution. The flaw requires [firewire-net] module to be loaded and is remotely exploitable from connected firewire devices, but not over a local network." + "value": "drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Out-of-bounds Write", - "cweId": "CWE-787" + "value": "n/a" } ] } @@ -32,42 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:3.10.0-862.rt56.804.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.10.0-862.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support", - "version": { - "version_data": [ - { - "version_value": "0:3.10.0-693.47.2.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise MRG 2", - "version": { - "version_data": [ - { - "version_value": "1:3.10.0-693.47.2.rt56.641.el6rt", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -120,16 +93,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2019:1190" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-8633", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-8633" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391490", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1391490" - }, { "url": "https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/", "refsource": "MISC", @@ -139,51 +102,11 @@ "url": "https://github.com/torvalds/linux/commit/667121ace9dbafb368618dbabcf07901c962ddac", "refsource": "MISC", "name": "https://github.com/torvalds/linux/commit/667121ace9dbafb368618dbabcf07901c962ddac" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Eyal Itkin for reporting this issue." - } - ], - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "LOCAL", - "authentication": "NONE", - "availabilityImpact": "COMPLETE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 5.9, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "PARTIAL", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:C", - "version": "2.0" }, { - "attackComplexity": "LOW", - "attackVector": "PHYSICAL", - "availabilityImpact": "HIGH", - "baseScore": 6.8, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391490", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1391490" } ] } diff --git a/2016/8xxx/CVE-2016-8634.json b/2016/8xxx/CVE-2016-8634.json index e8150891078..92786e8fbb9 100644 --- a/2016/8xxx/CVE-2016-8634.json +++ b/2016/8xxx/CVE-2016-8634.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2016-8634 foreman: Stored XSS in org/loc wizard" + "value": "A vulnerability was found in foreman 1.14.0. When creating an organization or location in Foreman, if the name contains HTML then the second step of the wizard (/organizations/id/step2) will render the HTML. This occurs in the alertbox on the page. The result is a stored XSS attack if an organization/location with HTML in the name is created, then a user is linked directly to this URL." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "value": "CWE-79", "cweId": "CWE-79" } ] @@ -32,272 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "The Foreman Project", "product": { "product_data": [ { - "product_name": "Red Hat Satellite 6.3 for RHEL 7", + "product_name": "foreman", "version": { "version_data": [ { - "version_value": "0:2.1.14-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.15.6.34-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:201801241201-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.4.4-1", - "version_affected": "!" - }, - { - "version_value": "1:1.15.6.8-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.15.6.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.15.6.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.4.5-15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.5.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.4.5.26-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.0.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.5.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.13.4.6-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.1.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.13.4-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.13.4.8-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.16-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.0.5-4.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.0.9-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.6-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.2.1-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.4-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.9-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.10-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.6.9-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.0-1.git.0.b5c2768.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.7-2.git.0.3b416c9.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:6.3.0-23.0.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:6.3.0.12-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.1.1.4-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:10.0.2.2-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:9.1.5.3-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.1.0.3-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.14-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.7.11-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.13-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.7.2-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.6-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.6.4-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.8-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.0.1-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.4.16-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.9-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.11.0.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.3.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.11.0.5-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.8-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.3.3-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.6-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.5-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.6-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.12-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.11.3.5-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.4.5.58-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.2-1.fm1_15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.10-1.fm1_15.el7sat", - "version_affected": "!" + "version_affected": "=", + "version_value": "1.14.0" } ] } @@ -310,26 +54,11 @@ }, "references": { "reference_data": [ - { - "url": "https://access.redhat.com/errata/RHSA-2018:0336", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2018:0336" - }, { "url": "http://www.securityfocus.com/bid/94206", "refsource": "MISC", "name": "http://www.securityfocus.com/bid/94206" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-8634", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-8634" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391520", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1391520" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8634", "refsource": "MISC", @@ -342,35 +71,8 @@ } ] }, - "credits": [ - { - "lang": "en", - "value": "This issue was discovered by Sanket Jagtap (Red Hat)." - } - ], "impact": { "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "NETWORK", - "authentication": "SINGLE", - "availabilityImpact": "NONE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 4.9, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "PARTIAL", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", - "version": "2.0" - }, { "attackComplexity": "LOW", "attackVector": "NETWORK", diff --git a/2016/8xxx/CVE-2016-8635.json b/2016/8xxx/CVE-2016-8635.json index e6cb6db994a..9b3ea74687d 100644 --- a/2016/8xxx/CVE-2016-8635.json +++ b/2016/8xxx/CVE-2016-8635.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-8635", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "nss", - "version": { - "version_data": [ - { - "version_value": "3.21.x" - } - ] - } - } - ] - }, - "vendor_name": "Mozilla" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,55 +15,82 @@ } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "version": "3.0" - } - ], - [ - { - "vectorString": "4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N", - "version": "2.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-358" + "value": "CWE-358", + "cweId": "CWE-358" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "nss", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.21.x" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635" + "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-2779.html" }, { - "name": "RHSA-2016:2779", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html" + "url": "http://www.securityfocus.com/bid/94346", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94346" }, { - "name": "GLSA-201701-46", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201701-46" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635" }, { - "name": "94346", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/94346" + "url": "https://security.gentoo.org/glsa/201701-46", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201701-46" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" } ] } diff --git a/2016/8xxx/CVE-2016-8643.json b/2016/8xxx/CVE-2016-8643.json index 479f90e8f6e..c7627f1dd4b 100644 --- a/2016/8xxx/CVE-2016-8643.json +++ b/2016/8xxx/CVE-2016-8643.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-8643", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Moodle 2.x and 3.x", - "version": { - "version_data": [ - { - "version_value": "Moodle 2.x and 3.x" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,17 +27,41 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Moodle 2.x and 3.x", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Moodle 2.x and 3.x" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "94457", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/94457" + "url": "http://www.securityfocus.com/bid/94457", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94457" }, { - "name": "https://moodle.org/mod/forum/discuss.php?d=343276", - "refsource": "CONFIRM", - "url": "https://moodle.org/mod/forum/discuss.php?d=343276" + "url": "https://moodle.org/mod/forum/discuss.php?d=343276", + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=343276" } ] } diff --git a/2016/8xxx/CVE-2016-8644.json b/2016/8xxx/CVE-2016-8644.json index 5d10fd02458..f44b5dfb8d7 100644 --- a/2016/8xxx/CVE-2016-8644.json +++ b/2016/8xxx/CVE-2016-8644.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-8644", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Moodle 2.x and 3.x", - "version": { - "version_data": [ - { - "version_value": "Moodle 2.x and 3.x" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,17 +27,41 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Moodle 2.x and 3.x", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Moodle 2.x and 3.x" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://moodle.org/mod/forum/discuss.php?d=343277", - "refsource": "CONFIRM", - "url": "https://moodle.org/mod/forum/discuss.php?d=343277" + "url": "http://www.securityfocus.com/bid/94458", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94458" }, { - "name": "94458", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/94458" + "url": "https://moodle.org/mod/forum/discuss.php?d=343277", + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=343277" } ] } diff --git a/2016/8xxx/CVE-2016-8645.json b/2016/8xxx/CVE-2016-8645.json index a29aad19d26..f13b9ce063f 100644 --- a/2016/8xxx/CVE-2016-8645.json +++ b/2016/8xxx/CVE-2016-8645.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "It was discovered that the Linux kernel since 3.6-rc1 with 'net.ipv4.tcp_fastopen' set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash." + "value": "The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Reachable Assertion", - "cweId": "CWE-617" + "value": "n/a" } ] } @@ -32,31 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:3.10.0-693.rt56.617.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.10.0-693.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise MRG 2", - "version": { - "version_data": [ - { - "version_value": "1:3.10.0-693.2.1.rt56.585.el6rt", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -115,64 +99,14 @@ "name": "https://access.redhat.com/errata/RHSA-2017:2077" }, { - "url": "https://access.redhat.com/security/cve/CVE-2016-8645", + "url": "https://github.com/torvalds/linux/commit/ac6e780070e30e4c35bd395acfe9191e6268bdd3", "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-8645" + "name": "https://github.com/torvalds/linux/commit/ac6e780070e30e4c35bd395acfe9191e6268bdd3" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393904", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1393904" - }, - { - "url": "https://github.com/torvalds/linux/commit/ac6e780070e30e4c35bd395acfe9191e6268bdd3", - "refsource": "MISC", - "name": "https://github.com/torvalds/linux/commit/ac6e780070e30e4c35bd395acfe9191e6268bdd3" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Marco Grassi for reporting this issue." - } - ], - "impact": { - "cvss": [ - { - "accessComplexity": "LOW", - "accessVector": "LOCAL", - "authentication": "NONE", - "availabilityImpact": "COMPLETE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 4.9, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", - "version": "2.0" - }, - { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 6.2, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" } ] } diff --git a/2016/8xxx/CVE-2016-8653.json b/2016/8xxx/CVE-2016-8653.json index 72f73e3c89f..abb9ba69bcf 100644 --- a/2016/8xxx/CVE-2016-8653.json +++ b/2016/8xxx/CVE-2016-8653.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-8653", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Fuse", - "version": { - "version_data": [ - { - "version_value": "6" - } - ] - } - } - ] - }, - "vendor_name": "Red Hat" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,45 +15,72 @@ } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "version": "3.0" - } - ], - [ - { - "vectorString": "5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P", - "version": "2.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-502" + "value": "CWE-502", + "cweId": "CWE-502" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Fuse", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8653", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8653" + "url": "http://www.securityfocus.com/bid/94544", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94544" }, { - "name": "94544", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/94544" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8653", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8653" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" } ] } diff --git a/2016/8xxx/CVE-2016-8655.json b/2016/8xxx/CVE-2016-8655.json index a9c7e72aa1e..75ca547b4de 100644 --- a/2016/8xxx/CVE-2016-8655.json +++ b/2016/8xxx/CVE-2016-8655.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system." + "value": "Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Use After Free", - "cweId": "CWE-416" + "value": "n/a" } ] } @@ -32,31 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:3.10.0-514.10.2.rt56.435.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.10.0-514.10.2.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise MRG 2", - "version": { - "version_data": [ - { - "version_value": "1:3.10.0-514.rt56.215.el6rt", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -79,16 +63,6 @@ "refsource": "MISC", "name": "http://rhn.redhat.com/errata/RHSA-2017-0387.html" }, - { - "url": "https://access.redhat.com/errata/RHSA-2017:0386", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2017:0386" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2017:0387", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2017:0387" - }, { "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c", "refsource": "MISC", @@ -224,21 +198,6 @@ "refsource": "MISC", "name": "http://www.ubuntu.com/usn/USN-3152-2" }, - { - "url": "https://access.redhat.com/errata/RHSA-2017:0402", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2017:0402" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-8655", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-8655" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400019", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1400019" - }, { "url": "https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c", "refsource": "MISC", @@ -258,51 +217,11 @@ "url": "https://www.exploit-db.com/exploits/44696/", "refsource": "MISC", "name": "https://www.exploit-db.com/exploits/44696/" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Philip Pettersson for reporting this issue." - } - ], - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "LOCAL", - "authentication": "SINGLE", - "availabilityImpact": "COMPLETE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 6.6, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "COMPLETE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "COMPLETE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C", - "version": "2.0" }, { - "attackComplexity": "HIGH", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 7, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400019", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1400019" } ] } diff --git a/2016/9xxx/CVE-2016-9103.json b/2016/9xxx/CVE-2016-9103.json index eef109f0cd7..276332f2d3b 100644 --- a/2016/9xxx/CVE-2016-9103.json +++ b/2016/9xxx/CVE-2016-9103.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-9103", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,42 +27,66 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[qemu-devel] 20161010 Re: [PATCH 1/2] 9pfs: fix information leak in xattr read", - "refsource": "MLIST", - "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01790.html" + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" }, { - "name": "GLSA-201611-11", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201611-11" + "url": "https://security.gentoo.org/glsa/201611-11", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201611-11" }, { - "name": "[oss-security] 20161030 Re: CVE request Qemu: 9pfs: information leakage via xattribute", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/10/30/7" + "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eb687602853b4ae656e9236ee4222609f3a6887d", + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eb687602853b4ae656e9236ee4222609f3a6887d" }, { - "name": "[oss-security] 20161028 CVE request Qemu: 9pfs: information leakage via xattribute", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/10/28/1" + "url": "http://www.openwall.com/lists/oss-security/2016/10/28/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/10/28/1" }, { - "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=eb687602853b4ae656e9236ee4222609f3a6887d", - "refsource": "CONFIRM", - "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=eb687602853b4ae656e9236ee4222609f3a6887d" + "url": "http://www.openwall.com/lists/oss-security/2016/10/30/7", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/10/30/7" }, { - "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" + "url": "http://www.securityfocus.com/bid/93955", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/93955" }, { - "name": "93955", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/93955" + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01790.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01790.html" } ] } diff --git a/2016/9xxx/CVE-2016-9104.json b/2016/9xxx/CVE-2016-9104.json index bc10f344703..01b9a32bd65 100644 --- a/2016/9xxx/CVE-2016-9104.json +++ b/2016/9xxx/CVE-2016-9104.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-9104", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,42 +27,66 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "93956", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/93956" + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" }, { - "name": "GLSA-201611-11", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201611-11" + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" }, { - "name": "openSUSE-SU-2016:3237", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" + "url": "https://security.gentoo.org/glsa/201611-11", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201611-11" }, { - "name": "[oss-security] 20161030 Re: CVE request Qemu: 9pfs: integer overflow leading to OOB access", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/10/30/8" + "url": "http://www.openwall.com/lists/oss-security/2016/10/28/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/10/28/2" }, { - "name": "[oss-security] 20161028 CVE request Qemu: 9pfs: integer overflow leading to OOB access", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/10/28/2" + "url": "http://www.openwall.com/lists/oss-security/2016/10/30/8", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/10/30/8" }, { - "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" + "url": "http://www.securityfocus.com/bid/93956", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/93956" }, { - "name": "[qemu-devel] 20161013 Re: [PATCH v3 3/3] 9pfs: fix integer overflow issue in xattr read/write", - "refsource": "MLIST", - "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html" + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html" } ] } diff --git a/2016/9xxx/CVE-2016-9105.json b/2016/9xxx/CVE-2016-9105.json index 845fe1540ac..e11c921d8d5 100644 --- a/2016/9xxx/CVE-2016-9105.json +++ b/2016/9xxx/CVE-2016-9105.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-9105", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,47 +27,71 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "93965", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/93965" + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" }, { - "name": "[qemu-devel] 20161012 Re: [PATCH] 9pfs: fix memory leak in v9fs_link", - "refsource": "MLIST", - "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02608.html" + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" }, { - "name": "GLSA-201611-11", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201611-11" + "url": "https://security.gentoo.org/glsa/201611-11", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201611-11" }, { - "name": "openSUSE-SU-2016:3237", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" + "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4c1586787ff43c9acd18a56c12d720e3e6be9f7c", + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4c1586787ff43c9acd18a56c12d720e3e6be9f7c" }, { - "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=4c1586787ff43c9acd18a56c12d720e3e6be9f7c", - "refsource": "CONFIRM", - "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=4c1586787ff43c9acd18a56c12d720e3e6be9f7c" + "url": "http://www.openwall.com/lists/oss-security/2016/10/28/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/10/28/3" }, { - "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" + "url": "http://www.openwall.com/lists/oss-security/2016/10/30/9", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/10/30/9" }, { - "name": "[oss-security] 20161028 CVE request Qemu: memory leakage in v9fs_link", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/10/28/3" + "url": "http://www.securityfocus.com/bid/93965", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/93965" }, { - "name": "[oss-security] 20161030 Re: CVE request Qemu: memory leakage in v9fs_link", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/10/30/9" + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02608.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02608.html" } ] } diff --git a/2016/9xxx/CVE-2016-9573.json b/2016/9xxx/CVE-2016-9573.json index 12f5431eb65..8d92f5923ac 100644 --- a/2016/9xxx/CVE-2016-9573.json +++ b/2016/9xxx/CVE-2016-9573.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap." + "value": "An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Out-of-bounds Read", + "value": "CWE-125", "cweId": "CWE-125" } ] @@ -32,16 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "The OpenJPEG Project", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "openjpeg", "version": { "version_data": [ { - "version_value": "0:1.5.1-16.el7_3", - "version_affected": "!" + "version_affected": "=", + "version_value": "2.1.2" } ] } @@ -79,21 +79,6 @@ "refsource": "MISC", "name": "http://www.securityfocus.com/bid/97073" }, - { - "url": "https://access.redhat.com/errata/RHSA-2017:0838", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2017:0838" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-9573", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-9573" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402711", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1402711" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573", "refsource": "MISC", @@ -106,35 +91,8 @@ } ] }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Liu Bingchang (IIE) for reporting this issue." - } - ], "impact": { "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 4.3, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "version": "2.0" - }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", diff --git a/2016/9xxx/CVE-2016-9584.json b/2016/9xxx/CVE-2016-9584.json index 9bdd05b819e..f1239895395 100644 --- a/2016/9xxx/CVE-2016-9584.json +++ b/2016/9xxx/CVE-2016-9584.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-9584", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,17 +27,41 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20161215 CVE-2016-9584: heap use-after-free on libical", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/12/15/5" + "url": "http://www.openwall.com/lists/oss-security/2016/12/15/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/12/15/5" }, { - "name": "94948", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/94948" + "url": "http://www.securityfocus.com/bid/94948", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94948" } ] } diff --git a/2016/9xxx/CVE-2016-9585.json b/2016/9xxx/CVE-2016-9585.json index 9a8f2ad1959..c6efb3c5756 100644 --- a/2016/9xxx/CVE-2016-9585.json +++ b/2016/9xxx/CVE-2016-9585.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "DATE_PUBLIC": "2016-12-13T00:00:00", "ID": "CVE-2016-9585", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "EAP-5", - "version": { - "version_data": [ - { - "version_value": "EAP-5" - } - ] - } - } - ] - }, - "vendor_name": "Red Hat, Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-502" + "value": "CWE-502", + "cweId": "CWE-502" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat, Inc.", + "product": { + "product_data": [ + { + "product_name": "EAP-5", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "EAP-5" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1404528", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404528" + "url": "http://www.securityfocus.com/bid/94932", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94932" }, { - "name": "94932", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/94932" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404528", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1404528" } ] } diff --git a/2016/9xxx/CVE-2016-9605.json b/2016/9xxx/CVE-2016-9605.json index 59dacab194d..477d88ff134 100644 --- a/2016/9xxx/CVE-2016-9605.json +++ b/2016/9xxx/CVE-2016-9605.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-9605", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "cobbler", - "version": { - "version_data": [ - { - "version_value": "2.6.11-1" - } - ] - } - } - ] - }, - "vendor_name": "The cobbler Project" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,34 +15,67 @@ } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "version": "3.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-79" + "value": "CWE-79", + "cweId": "CWE-79" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The cobbler Project", + "product": { + "product_data": [ + { + "product_name": "cobbler", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.6.11-1" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9605", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9605" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9605", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9605" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" } ] } diff --git a/2016/9xxx/CVE-2016-9773.json b/2016/9xxx/CVE-2016-9773.json index 8de8cc25a2c..61502a4ee85 100644 --- a/2016/9xxx/CVE-2016-9773.json +++ b/2016/9xxx/CVE-2016-9773.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-9773", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556." + "value": "Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556." } ] }, @@ -50,27 +27,51 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/", + "url": "http://www.openwall.com/lists/oss-security/2016/12/01/4", "refsource": "MISC", - "url": "https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/" + "name": "http://www.openwall.com/lists/oss-security/2016/12/01/4" }, { - "name": "[oss-security] 20161202 Re: Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556)", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/12/02/12" + "url": "http://www.openwall.com/lists/oss-security/2016/12/02/11", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/12/02/11" }, { - "name": "[oss-security] 20161201 imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556)", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/12/01/4" + "url": "http://www.openwall.com/lists/oss-security/2016/12/02/12", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/12/02/12" }, { - "name": "[oss-security] 20161202 Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556)", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/12/02/11" + "url": "https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/", + "refsource": "MISC", + "name": "https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/" } ] } diff --git a/2016/9xxx/CVE-2016-9845.json b/2016/9xxx/CVE-2016-9845.json index f75410f83ae..129e68fe71b 100644 --- a/2016/9xxx/CVE-2016-9845.json +++ b/2016/9xxx/CVE-2016-9845.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-9845", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,32 +27,56 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20161205 Re: CVE request: Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset_info", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/12/05/22" + "url": "https://security.gentoo.org/glsa/201701-49", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201701-49" }, { - "name": "[qemu-devel] 20161101 [PATCH] virtio-gpu: fix information leak in getting capset info dispatch", - "refsource": "MLIST", - "url": "https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html" + "url": "http://www.openwall.com/lists/oss-security/2016/12/05/15", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/12/05/15" }, { - "name": "GLSA-201701-49", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201701-49" + "url": "http://www.openwall.com/lists/oss-security/2016/12/05/22", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/12/05/22" }, { - "name": "94763", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/94763" + "url": "http://www.securityfocus.com/bid/94763", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94763" }, { - "name": "[oss-security] 20161205 CVE request: Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset_info", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/12/05/15" + "url": "https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html", + "refsource": "MISC", + "name": "https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html" } ] } diff --git a/2016/9xxx/CVE-2016-9913.json b/2016/9xxx/CVE-2016-9913.json index 4bd4c236a51..fac21fd263e 100644 --- a/2016/9xxx/CVE-2016-9913.json +++ b/2016/9xxx/CVE-2016-9913.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-9913", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,37 +27,61 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "94729", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/94729" + "url": "https://security.gentoo.org/glsa/201701-49", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201701-49" }, { - "name": "[qemu-devel] 20161116 [PATCH v3 0/4] 9pfs: add cleanup operation in handle/proxy backend", - "refsource": "MLIST", - "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html" + "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4774718e5c194026ba5ee7a28d9be49be3080e42", + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4774718e5c194026ba5ee7a28d9be49be3080e42" }, { - "name": "GLSA-201701-49", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201701-49" + "url": "http://www.openwall.com/lists/oss-security/2016/12/06/11", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/12/06/11" }, { - "name": "[oss-security] 20161207 CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/12/06/11" + "url": "http://www.openwall.com/lists/oss-security/2016/12/08/7", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/12/08/7" }, { - "name": "[oss-security] 20161208 Re: CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/12/08/7" + "url": "http://www.securityfocus.com/bid/94729", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94729" }, { - "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=4774718e5c194026ba5ee7a28d9be49be3080e42", - "refsource": "CONFIRM", - "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=4774718e5c194026ba5ee7a28d9be49be3080e42" + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html" } ] } diff --git a/2016/9xxx/CVE-2016-9914.json b/2016/9xxx/CVE-2016-9914.json index f8a8e309bc8..cd848afee08 100644 --- a/2016/9xxx/CVE-2016-9914.json +++ b/2016/9xxx/CVE-2016-9914.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-9914", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,42 +27,66 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" }, { - "name": "94729", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/94729" + "url": "https://security.gentoo.org/glsa/201701-49", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201701-49" }, { - "name": "[qemu-devel] 20161116 [PATCH v3 0/4] 9pfs: add cleanup operation in handle/proxy backend", - "refsource": "MLIST", - "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html" + "url": "http://www.openwall.com/lists/oss-security/2016/12/06/11", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/12/06/11" }, { - "name": "GLSA-201701-49", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201701-49" + "url": "http://www.openwall.com/lists/oss-security/2016/12/08/7", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/12/08/7" }, { - "name": "[oss-security] 20161207 CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/12/06/11" + "url": "http://www.securityfocus.com/bid/94729", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94729" }, { - "name": "[oss-security] 20161208 Re: CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/12/08/7" + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html" }, { - "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=702dbcc274e2ca43be20ba64c758c0ca57dab91d", - "refsource": "CONFIRM", - "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=702dbcc274e2ca43be20ba64c758c0ca57dab91d" + "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=702dbcc274e2ca43be20ba64c758c0ca57dab91d", + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=702dbcc274e2ca43be20ba64c758c0ca57dab91d" } ] } diff --git a/2016/9xxx/CVE-2016-9915.json b/2016/9xxx/CVE-2016-9915.json index c07ca1674f1..8ed2d3ca0e1 100644 --- a/2016/9xxx/CVE-2016-9915.json +++ b/2016/9xxx/CVE-2016-9915.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-9915", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,42 +27,66 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" }, { - "name": "94729", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/94729" + "url": "https://security.gentoo.org/glsa/201701-49", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201701-49" }, { - "name": "[qemu-devel] 20161116 [PATCH v3 0/4] 9pfs: add cleanup operation in handle/proxy backend", - "refsource": "MLIST", - "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html" + "url": "http://www.openwall.com/lists/oss-security/2016/12/06/11", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/12/06/11" }, { - "name": "GLSA-201701-49", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201701-49" + "url": "http://www.openwall.com/lists/oss-security/2016/12/08/7", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/12/08/7" }, { - "name": "[oss-security] 20161207 CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/12/06/11" + "url": "http://www.securityfocus.com/bid/94729", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94729" }, { - "name": "[oss-security] 20161208 Re: CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/12/08/7" + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html" }, { - "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=971f406b77a6eb84e0ad27dcc416b663765aee30", - "refsource": "CONFIRM", - "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=971f406b77a6eb84e0ad27dcc416b663765aee30" + "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=971f406b77a6eb84e0ad27dcc416b663765aee30", + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=971f406b77a6eb84e0ad27dcc416b663765aee30" } ] } diff --git a/2016/9xxx/CVE-2016-9923.json b/2016/9xxx/CVE-2016-9923.json index 51bad595170..4012b2af314 100644 --- a/2016/9xxx/CVE-2016-9923.json +++ b/2016/9xxx/CVE-2016-9923.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-9923", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,22 +27,46 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20161209 Re: CVE request Qemu: char: use after free issue in char backend", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/12/09/2" + "url": "https://security.gentoo.org/glsa/201701-49", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201701-49" }, { - "name": "GLSA-201701-49", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201701-49" + "url": "http://www.openwall.com/lists/oss-security/2016/12/09/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/12/09/2" }, { - "name": "94827", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/94827" + "url": "http://www.securityfocus.com/bid/94827", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94827" } ] } diff --git a/2017/5xxx/CVE-2017-5885.json b/2017/5xxx/CVE-2017-5885.json index bc14dacf81b..6e38ecd30e5 100644 --- a/2017/5xxx/CVE-2017-5885.json +++ b/2017/5xxx/CVE-2017-5885.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An integer overflow flaw was found in gtk-vnc. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library." + "value": "Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Integer Overflow or Wraparound", - "cweId": "CWE-190" + "value": "n/a" } ] } @@ -32,16 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:0.7.0-2.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -79,44 +78,16 @@ "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGPQ5MQR6SN4DYTEFACHP2PP5RR26KYK/" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2017-5885", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-5885" - }, { "url": "https://bugzilla.gnome.org/show_bug.cgi?id=778050", "refsource": "MISC", "name": "https://bugzilla.gnome.org/show_bug.cgi?id=778050" }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418952", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1418952" - }, { "url": "https://git.gnome.org/browse/gtk-vnc/commit/?id=c8583fd3783c5b811590fcb7bae4ce6e7344963e", "refsource": "MISC", "name": "https://git.gnome.org/browse/gtk-vnc/commit/?id=c8583fd3783c5b811590fcb7bae4ce6e7344963e" } ] - }, - "impact": { - "cvss": [ - { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 3.1, - "baseSeverity": "LOW", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "version": "3.0" - } - ] } } \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5886.json b/2017/5xxx/CVE-2017-5886.json index 0fa48aa0e87..b9de932f5be 100644 --- a/2017/5xxx/CVE-2017-5886.json +++ b/2017/5xxx/CVE-2017-5886.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-5886", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,17 +27,41 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp/", + "url": "http://www.securityfocus.com/bid/96512", "refsource": "MISC", - "url": "https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp/" + "name": "http://www.securityfocus.com/bid/96512" }, { - "name": "96512", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/96512" + "url": "https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp/", + "refsource": "MISC", + "name": "https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp/" } ] } diff --git a/2017/5xxx/CVE-2017-5931.json b/2017/5xxx/CVE-2017-5931.json index d0dc6336e66..8228718862d 100644 --- a/2017/5xxx/CVE-2017-5931.json +++ b/2017/5xxx/CVE-2017-5931.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-5931", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,37 +27,61 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[qemu-devel] 20170110 [PULL 03/41] virtio-crypto: fix possible integer and heap overflow", - "refsource": "MLIST", - "url": "https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01368.html" + "url": "https://security.gentoo.org/glsa/201702-28", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201702-28" }, { - "name": "96141", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/96141" + "url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=a08aaff811fb194950f79711d2afe5a892ae03a4", + "refsource": "MISC", + "name": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=a08aaff811fb194950f79711d2afe5a892ae03a4" }, { - "name": "GLSA-201702-28", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201702-28" + "url": "http://www.openwall.com/lists/oss-security/2017/02/08/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2017/02/08/2" }, { - "name": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=a08aaff811fb194950f79711d2afe5a892ae03a4", - "refsource": "CONFIRM", - "url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=a08aaff811fb194950f79711d2afe5a892ae03a4" + "url": "http://www.securityfocus.com/bid/96141", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/96141" }, { - "name": "[oss-security] 20170207 Re: CVE request Qemu: virtio: integer overflow in handling virtio-crypto requests", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2017/02/08/2" + "url": "https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01368.html", + "refsource": "MISC", + "name": "https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01368.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1420092", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420092" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420092", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1420092" } ] } diff --git a/2017/5xxx/CVE-2017-5932.json b/2017/5xxx/CVE-2017-5932.json index 2d0210b3496..9190bc9c5ee 100644 --- a/2017/5xxx/CVE-2017-5932.json +++ b/2017/5xxx/CVE-2017-5932.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-5932", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,27 +27,51 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f747edc625815f449048579f6e65869914dd715", - "refsource": "CONFIRM", - "url": "http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f747edc625815f449048579f6e65869914dd715" + "url": "http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f747edc625815f449048579f6e65869914dd715", + "refsource": "MISC", + "name": "http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f747edc625815f449048579f6e65869914dd715" }, { - "name": "[bug-bash] 20170120 Bash-4.4 Official Patch 7", - "refsource": "MLIST", - "url": "https://lists.gnu.org/archive/html/bug-bash/2017-01/msg00034.html" + "url": "http://www.openwall.com/lists/oss-security/2017/02/08/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2017/02/08/3" }, { - "name": "[oss-security] 20170207 Re: CVE Request - Code execution vulnerability in GNU/bash v4.4 autocompletion", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2017/02/08/3" + "url": "http://www.securityfocus.com/bid/96136", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/96136" }, { - "name": "96136", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/96136" + "url": "https://lists.gnu.org/archive/html/bug-bash/2017-01/msg00034.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/bug-bash/2017-01/msg00034.html" } ] } diff --git a/2017/5xxx/CVE-2017-5937.json b/2017/5xxx/CVE-2017-5937.json index 724a9e2f030..5aee4e1c3a3 100644 --- a/2017/5xxx/CVE-2017-5937.json +++ b/2017/5xxx/CVE-2017-5937.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-5937", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,27 +27,51 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1420246", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420246" + "url": "http://www.openwall.com/lists/oss-security/2017/02/09/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2017/02/09/4" }, { - "name": "96180", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/96180" + "url": "http://www.securityfocus.com/bid/96180", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/96180" }, { - "name": "[oss-security] 20170208 Re: CVE request virglrenderer: null pointer dereference in vrend_clear", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2017/02/09/4" + "url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282", + "refsource": "MISC", + "name": "https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282" }, { - "name": "https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282", - "refsource": "CONFIRM", - "url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420246", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1420246" } ] } diff --git a/2017/7xxx/CVE-2017-7464.json b/2017/7xxx/CVE-2017-7464.json index 89504272f32..7ef8e122019 100644 --- a/2017/7xxx/CVE-2017-7464.json +++ b/2017/7xxx/CVE-2017-7464.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-7464", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "JBoss", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "[UNKNOWN]" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,45 +15,72 @@ } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "8.7/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H", - "version": "3.0" - } - ], - [ - { - "vectorString": "4/AV:N/AC:H/Au:N/C:P/I:N/A:P", - "version": "2.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-611" + "value": "CWE-611", + "cweId": "CWE-611" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "JBoss", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7464", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7464" + "url": "http://www.securityfocus.com/bid/98450", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/98450" }, { - "name": "98450", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/98450" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7464", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7464" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H", + "version": "3.0" } ] } diff --git a/2017/7xxx/CVE-2017-7465.json b/2017/7xxx/CVE-2017-7465.json index 034db6459e3..bdd1b958379 100644 --- a/2017/7xxx/CVE-2017-7465.json +++ b/2017/7xxx/CVE-2017-7465.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-7465", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "jboss", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "[UNKNOWN]" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,45 +15,72 @@ } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "9.0/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.0" - } - ], - [ - { - "vectorString": "5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P", - "version": "2.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-611" + "value": "CWE-611", + "cweId": "CWE-611" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "jboss", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7465", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7465" + "url": "http://www.securityfocus.com/bid/97605", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/97605" }, { - "name": "97605", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/97605" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7465", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7465" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" } ] } diff --git a/2017/7xxx/CVE-2017-7470.json b/2017/7xxx/CVE-2017-7470.json index 813b5dea3f0..6a43b6fda8f 100644 --- a/2017/7xxx/CVE-2017-7470.json +++ b/2017/7xxx/CVE-2017-7470.json @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Incorrect Authorization", + "value": "CWE-863", "cweId": "CWE-863" } ] @@ -32,27 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "[UNKNOWN]", "product": { "product_data": [ { - "product_name": "Red Hat Satellite 5.6", + "product_name": "spacewalk-backend", "version": { "version_data": [ { - "version_value": "0:2.0.3-45.el6sat", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Satellite 5.7", - "version": { - "version_data": [ - { - "version_value": "0:2.3.3-49.el6sat", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -75,16 +64,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2017:1259" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2017-7470", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-7470" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1439622", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1439622" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7470", "refsource": "MISC", @@ -92,12 +71,6 @@ } ] }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Bert Stel (SUSE) for reporting this issue." - } - ], "impact": { "cvss": [ { diff --git a/2017/7xxx/CVE-2017-7471.json b/2017/7xxx/CVE-2017-7471.json index 48de9229ad7..fbca669c438 100644 --- a/2017/7xxx/CVE-2017-7471.json +++ b/2017/7xxx/CVE-2017-7471.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-7471", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,32 +27,56 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9c6b899f7a46893ab3b671e341a2234e9c0c060e", - "refsource": "CONFIRM", - "url": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9c6b899f7a46893ab3b671e341a2234e9c0c060e" + "url": "http://www.openwall.com/lists/oss-security/2017/04/19/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2017/04/19/2" }, { - "name": "GLSA-201706-03", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201706-03" + "url": "http://www.securityfocus.com/bid/97970", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/97970" }, { - "name": "97970", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/97970" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471" + "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9c6b899f7a46893ab3b671e341a2234e9c0c060e", + "refsource": "MISC", + "name": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9c6b899f7a46893ab3b671e341a2234e9c0c060e" }, { - "name": "[oss-security] 20170419 CVE-2017-7471 Qemu: 9p: virtfs allows guest to change filesystem attributes on host", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2017/04/19/2" + "url": "https://security.gentoo.org/glsa/201706-03", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201706-03" } ] } diff --git a/2017/7xxx/CVE-2017-7472.json b/2017/7xxx/CVE-2017-7472.json index ff6d82f432a..001de8e43a5 100644 --- a/2017/7xxx/CVE-2017-7472.json +++ b/2017/7xxx/CVE-2017-7472.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in the Linux kernel where the keyctl_set_reqkey_keyring() function leaks the thread keyring. This allows an unprivileged local user to exhaust kernel memory and thus cause a DoS." + "value": "The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Uncontrolled Resource Consumption", - "cweId": "CWE-400" + "value": "exhaust kernel memory" } ] } @@ -32,31 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "Linux kernel before 4.10.13", "version": { "version_data": [ { - "version_value": "0:3.10.0-693.17.1.rt56.636.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.10.0-693.17.1.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise MRG 2", - "version": { - "version_data": [ - { - "version_value": "1:3.10.0-693.17.1.rt56.604.el6rt", - "version_affected": "!" + "version_affected": "=", + "version_value": "Linux kernel before 4.10.13" } ] } @@ -109,21 +93,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2018:0181" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2017-7472", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-7472" - }, { "url": "https://bugzilla.novell.com/show_bug.cgi?id=1034862", "refsource": "MISC", "name": "https://bugzilla.novell.com/show_bug.cgi?id=1034862" }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1442086", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1442086" - }, { "url": "https://github.com/torvalds/linux/commit/c9f838d104fed6f2f61d68164712e3204bf5271b", "refsource": "MISC", @@ -148,24 +122,11 @@ "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.13", "refsource": "MISC", "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.13" - } - ] - }, - "impact": { - "cvss": [ + }, { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 5.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1442086", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1442086" } ] } diff --git a/2017/7xxx/CVE-2017-7475.json b/2017/7xxx/CVE-2017-7475.json index d43260cbf3d..bdb91f4bebf 100644 --- a/2017/7xxx/CVE-2017-7475.json +++ b/2017/7xxx/CVE-2017-7475.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-7475", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Cairo", - "version": { - "version_data": [ - { - "version_value": "1.15.4" - } - ] - } - } - ] - }, - "vendor_name": "Red Hat, Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,27 +27,51 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat, Inc.", + "product": { + "product_data": [ + { + "product_name": "Cairo", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.15.4" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugs.freedesktop.org/show_bug.cgi?id=100763", + "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "refsource": "MISC", - "url": "https://bugs.freedesktop.org/show_bug.cgi?id=100763" + "name": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" }, { - "name": "[oss-security] 20170428 CVE-2017-7475 Cairo-1.15.4 Denial-of-Service Attack due to Logical Problem in Program", - "refsource": "MLIST", - "url": "http://seclists.org/oss-sec/2017/q2/151" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475", + "url": "http://seclists.org/oss-sec/2017/q2/151", "refsource": "MISC", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475" + "name": "http://seclists.org/oss-sec/2017/q2/151" }, { - "refsource": "MLIST", - "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", - "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E" + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=100763", + "refsource": "MISC", + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=100763" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475" } ] } diff --git a/2017/7xxx/CVE-2017-7476.json b/2017/7xxx/CVE-2017-7476.json index 57d06d32760..2fc2f9e0aa7 100644 --- a/2017/7xxx/CVE-2017-7476.json +++ b/2017/7xxx/CVE-2017-7476.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-7476", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Gnulib before 2017-04-26", - "version": { - "version_data": [ - { - "version_value": "Gnulib before 2017-04-26" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,32 +27,56 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Gnulib before 2017-04-26", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Gnulib before 2017-04-26" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://security-tracker.debian.org/tracker/CVE-2017-7476", - "refsource": "CONFIRM", - "url": "https://security-tracker.debian.org/tracker/CVE-2017-7476" + "url": "http://git.savannah.gnu.org/gitweb/?p=gnulib.git%3Ba=commit%3Bh=94e01571507835ff59dd8ce2a0b56a4b566965a4", + "refsource": "MISC", + "name": "http://git.savannah.gnu.org/gitweb/?p=gnulib.git%3Ba=commit%3Bh=94e01571507835ff59dd8ce2a0b56a4b566965a4" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1445185", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445185" + "url": "http://www.securityfocus.com/bid/98098", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/98098" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1444774", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444774" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444774", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1444774" }, { - "name": "http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=94e01571507835ff59dd8ce2a0b56a4b566965a4", - "refsource": "CONFIRM", - "url": "http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=94e01571507835ff59dd8ce2a0b56a4b566965a4" + "url": "https://security-tracker.debian.org/tracker/CVE-2017-7476", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2017-7476" }, { - "name": "98098", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/98098" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445185", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1445185" } ] } diff --git a/2017/7xxx/CVE-2017-7477.json b/2017/7xxx/CVE-2017-7477.json index 161da3ae8bf..bc292d2a85c 100644 --- a/2017/7xxx/CVE-2017-7477.json +++ b/2017/7xxx/CVE-2017-7477.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature are both used together. A remote user or process could use this flaw to potentially escalate their privilege on a system." + "value": "Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Heap-based Buffer Overflow", - "cweId": "CWE-122" + "value": "heap overflow" } ] } @@ -32,20 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "Linux kernel", "version": { "version_data": [ { - "version_value": "0:3.10.0-514.26.1.rt56.442.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.10.0-514.26.1.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "Linux kernel" } ] } @@ -78,16 +73,6 @@ "refsource": "MISC", "name": "http://www.securitytracker.com/id/1038500" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2017-7477", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-7477" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445207", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1445207" - }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee", "refsource": "MISC", @@ -97,30 +82,11 @@ "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5294b83086cc1c35b4efeca03644cf9d12282e5b", "refsource": "MISC", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5294b83086cc1c35b4efeca03644cf9d12282e5b" - } - ] - }, - "work_around": [ - { - "lang": "en", - "value": "Red Hat recommends blacklisting the kernel module to prevent its use. This will prevent accidental version loading by administration and also mitigate the flaw if a kernel with the affected module is booted.\n\nAs the macsec module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\nRaw\n\n # echo \"install macsec /bin/true\" >> /etc/modprobe.d/disable-macsec.conf \n\nIf macsec functionality is in use as a functional part of the system a kernel upgrade is required." - } - ], - "impact": { - "cvss": [ + }, { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445207", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1445207" } ] } diff --git a/2017/7xxx/CVE-2017-7483.json b/2017/7xxx/CVE-2017-7483.json index 96ab52cefde..e29f5cbca9f 100644 --- a/2017/7xxx/CVE-2017-7483.json +++ b/2017/7xxx/CVE-2017-7483.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-7483", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "rxvt", - "version": { - "version_data": [ - { - "version_value": "2.7.10" - } - ] - } - } - ] - }, - "vendor_name": "The RXVT Project" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,22 +27,46 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The RXVT Project", + "product": { + "product_data": [ + { + "product_name": "rxvt", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.7.10" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20170501 Integer Overflow in rxvt", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2017/05/01/15" + "url": "http://www.openwall.com/lists/oss-security/2017/05/01/15", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2017/05/01/15" }, { - "name": "[oss-security] 20170501 Re: Integer Overflow in rxvt", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2017/05/01/18" + "url": "http://www.openwall.com/lists/oss-security/2017/05/01/18", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2017/05/01/18" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20210609 [SECURITY] [DLA 2683-1] rxvt security update", - "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00012.html" + "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00012.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2021/06/msg00012.html" } ] } diff --git a/2017/7xxx/CVE-2017-7487.json b/2017/7xxx/CVE-2017-7487.json index e4b71a90eab..0b531af4978 100644 --- a/2017/7xxx/CVE-2017-7487.json +++ b/2017/7xxx/CVE-2017-7487.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-7487", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Linux kernel through 4.11.1", - "version": { - "version_data": [ - { - "version_value": "Linux kernel through 4.11.1" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,47 +27,71 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Linux kernel through 4.11.1", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Linux kernel through 4.11.1" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "1039237", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1039237" + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee0d8d8482345ff97a75a7d747efc309f13b0d80", + "refsource": "MISC", + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee0d8d8482345ff97a75a7d747efc309f13b0d80" }, { - "name": "https://github.com/torvalds/linux/commit/ee0d8d8482345ff97a75a7d747efc309f13b0d80", - "refsource": "CONFIRM", - "url": "https://github.com/torvalds/linux/commit/ee0d8d8482345ff97a75a7d747efc309f13b0d80" + "url": "http://www.debian.org/security/2017/dsa-3886", + "refsource": "MISC", + "name": "http://www.debian.org/security/2017/dsa-3886" }, { - "name": "https://source.android.com/security/bulletin/2017-09-01", - "refsource": "CONFIRM", - "url": "https://source.android.com/security/bulletin/2017-09-01" + "url": "http://www.securityfocus.com/bid/98439", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/98439" }, { - "name": "https://patchwork.ozlabs.org/patch/757549/", - "refsource": "CONFIRM", - "url": "https://patchwork.ozlabs.org/patch/757549/" + "url": "http://www.securitytracker.com/id/1039237", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1039237" }, { - "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee0d8d8482345ff97a75a7d747efc309f13b0d80", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee0d8d8482345ff97a75a7d747efc309f13b0d80" + "url": "https://github.com/torvalds/linux/commit/ee0d8d8482345ff97a75a7d747efc309f13b0d80", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/ee0d8d8482345ff97a75a7d747efc309f13b0d80" }, { - "name": "98439", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/98439" + "url": "https://patchwork.ozlabs.org/patch/757549/", + "refsource": "MISC", + "name": "https://patchwork.ozlabs.org/patch/757549/" }, { - "name": "DSA-3886", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2017/dsa-3886" + "url": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2017-09-01" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1447734", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1447734" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1447734", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1447734" } ] } diff --git a/2017/7xxx/CVE-2017-7488.json b/2017/7xxx/CVE-2017-7488.json index 867acbb817e..0daa1429692 100644 --- a/2017/7xxx/CVE-2017-7488.json +++ b/2017/7xxx/CVE-2017-7488.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found where authconfig could configure sssd in a way that treats existing and non-existing logins differently, leaking information on existence of a user. An attacker with physical or network access to the machine could enumerate users via a timing attack." + "value": "Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Exposure of Sensitive Information to an Unauthorized Actor", - "cweId": "CWE-200" + "value": "Information exposure" } ] } @@ -32,16 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "authconfig", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "authconfig", "version": { "version_data": [ { - "version_value": "0:6.2.8-30.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "6.2.8" } ] } @@ -65,49 +64,14 @@ "name": "https://access.redhat.com/errata/RHSA-2017:2285" }, { - "url": "https://access.redhat.com/security/cve/CVE-2017-7488", + "url": "https://pagure.io/authconfig/c/0972f61ad4b5657ed89cf953e8f58f6513096224?branch=master", "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-7488" + "name": "https://pagure.io/authconfig/c/0972f61ad4b5657ed89cf953e8f58f6513096224?branch=master" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441604", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1441604" - }, - { - "url": "https://pagure.io/authconfig/c/0972f61ad4b5657ed89cf953e8f58f6513096224?branch=master", - "refsource": "MISC", - "name": "https://pagure.io/authconfig/c/0972f61ad4b5657ed89cf953e8f58f6513096224?branch=master" - } - ] - }, - "work_around": [ - { - "lang": "en", - "value": "Possible workaround (with side-effects):\nauthconfig --enablesysnetauth --update" - } - ], - "credits": [ - { - "lang": "en", - "value": "This issue was discovered by Thorsten Scherf (Red Hat) and Tomas Mraz (Red Hat)." - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 5.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "version": "3.0" } ] } diff --git a/2017/7xxx/CVE-2017-7493.json b/2017/7xxx/CVE-2017-7493.json index 38b1dd011c3..3560f60df1f 100644 --- a/2017/7xxx/CVE-2017-7493.json +++ b/2017/7xxx/CVE-2017-7493.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-7493", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "qemu", - "version": { - "version_data": [ - { - "version_value": "2.7.4" - } - ] - } - } - ] - }, - "vendor_name": "QEMU" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,37 +27,61 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QEMU", + "product": { + "product_data": [ + { + "product_name": "qemu", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.7.4" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" }, { - "name": "GLSA-201706-03", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201706-03" + "url": "https://security.gentoo.org/glsa/201706-03", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201706-03" }, { - "name": "98574", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/98574" + "url": "http://seclists.org/oss-sec/2017/q2/278", + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2017/q2/278" }, { - "name": "[qemu-devel] 20170516 [PULL] 9pfs: local: forbid client access to metadata (CVE-2017-7493)", - "refsource": "MLIST", - "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html" + "url": "http://www.securityfocus.com/bid/98574", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/98574" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1451709", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451709" + "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html" }, { - "name": "[oss-security] 20170517 CVE-2017-7493 Qemu: 9pfs: guest privilege escalation in virtfs mapped-file mode", - "refsource": "MLIST", - "url": "http://seclists.org/oss-sec/2017/q2/278" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451709", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1451709" } ] } diff --git a/2017/7xxx/CVE-2017-7494.json b/2017/7xxx/CVE-2017-7494.json index 6be81ef818a..6ee0eb692b1 100644 --- a/2017/7xxx/CVE-2017-7494.json +++ b/2017/7xxx/CVE-2017-7494.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-7494", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "samba", - "version": { - "version_data": [ - { - "version_value": "since 3.5.0" - } - ] - } - } - ] - }, - "vendor_name": "Samba" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,87 +27,111 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samba", + "product": { + "product_data": [ + { + "product_name": "samba", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "since 3.5.0" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "98636", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/98636" - }, - { - "name": "DSA-3860", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2017/dsa-3860" - }, - { - "name": "42084", - "refsource": "EXPLOIT-DB", - "url": "https://www.exploit-db.com/exploits/42084/" - }, - { - "name": "RHSA-2017:1270", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1270" - }, - { - "name": "https://www.samba.org/samba/security/CVE-2017-7494.html", - "refsource": "CONFIRM", - "url": "https://www.samba.org/samba/security/CVE-2017-7494.html" - }, - { - "name": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01", + "url": "https://security.gentoo.org/glsa/201805-07", "refsource": "MISC", - "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01" + "name": "https://security.gentoo.org/glsa/201805-07" }, { - "name": "RHSA-2017:1390", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1390" + "url": "http://www.debian.org/security/2017/dsa-3860", + "refsource": "MISC", + "name": "http://www.debian.org/security/2017/dsa-3860" }, { - "name": "1038552", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1038552" + "url": "http://www.securityfocus.com/bid/98636", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/98636" }, { - "name": "RHSA-2017:1273", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1273" + "url": "http://www.securitytracker.com/id/1038552", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1038552" }, { - "name": "RHSA-2017:1271", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1271" + "url": "https://access.redhat.com/errata/RHSA-2017:1270", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:1270" }, { - "name": "GLSA-201805-07", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201805-07" + "url": "https://access.redhat.com/errata/RHSA-2017:1271", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:1271" }, { - "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us" + "url": "https://access.redhat.com/errata/RHSA-2017:1272", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:1272" }, { - "name": "RHSA-2017:1272", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1272" + "url": "https://access.redhat.com/errata/RHSA-2017:1273", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:1273" }, { - "name": "https://security.netapp.com/advisory/ntap-20170524-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20170524-0001/" + "url": "https://access.redhat.com/errata/RHSA-2017:1390", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:1390" }, { - "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us" + "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01", + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01" }, { - "name": "42060", - "refsource": "EXPLOIT-DB", - "url": "https://www.exploit-db.com/exploits/42060/" + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us", + "refsource": "MISC", + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us" + }, + { + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us", + "refsource": "MISC", + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20170524-0001/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20170524-0001/" + }, + { + "url": "https://www.exploit-db.com/exploits/42060/", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/42060/" + }, + { + "url": "https://www.exploit-db.com/exploits/42084/", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/42084/" + }, + { + "url": "https://www.samba.org/samba/security/CVE-2017-7494.html", + "refsource": "MISC", + "name": "https://www.samba.org/samba/security/CVE-2017-7494.html" } ] } diff --git a/2017/7xxx/CVE-2017-7495.json b/2017/7xxx/CVE-2017-7495.json index eb91d96ee2e..321bbb5672d 100644 --- a/2017/7xxx/CVE-2017-7495.json +++ b/2017/7xxx/CVE-2017-7495.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in the Linux kernel where filesystems mounted with data=ordered mode may allow an attacker to read stale data from recently allocated blocks in new files after a system 'reset' by abusing ext4 mechanics of delayed allocation." + "value": "fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Initialization", - "cweId": "CWE-665" + "value": "filesystem mishandling" } ] } @@ -32,31 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "Linux kernel before 4.6.2", "version": { "version_data": [ { - "version_value": "0:3.10.0-693.rt56.617.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.10.0-693.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise MRG 2", - "version": { - "version_data": [ - { - "version_value": "1:3.10.0-693.2.1.rt56.585.el6rt", - "version_affected": "!" + "version_affected": "=", + "version_value": "Linux kernel before 4.6.2" } ] } @@ -74,31 +58,11 @@ "refsource": "MISC", "name": "https://source.android.com/security/bulletin/2017-09-01" }, - { - "url": "https://access.redhat.com/errata/RHSA-2017:2669", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2017:2669" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2017:1842", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2017:1842" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2017:2077", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2017:2077" - }, { "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824", "refsource": "MISC", "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824" }, - { - "url": "http://seclists.org/oss-sec/2017/q2/259", - "refsource": "MISC", - "name": "http://seclists.org/oss-sec/2017/q2/259" - }, { "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.2", "refsource": "MISC", @@ -115,54 +79,14 @@ "name": "http://www.securityfocus.com/bid/98491" }, { - "url": "https://access.redhat.com/security/cve/CVE-2017-7495", + "url": "https://github.com/torvalds/linux/commit/06bd3c36a733ac27962fea7d6f47168841376824", "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-7495" + "name": "https://github.com/torvalds/linux/commit/06bd3c36a733ac27962fea7d6f47168841376824" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450261", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1450261" - }, - { - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824", - "refsource": "MISC", - "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824" - }, - { - "url": "https://github.com/torvalds/linux/commit/06bd3c36a733ac27962fea7d6f47168841376824", - "refsource": "MISC", - "name": "https://github.com/torvalds/linux/commit/06bd3c36a733ac27962fea7d6f47168841376824" - } - ] - }, - "work_around": [ - { - "lang": "en", - "value": "Alternative filesystems may be used in place of ext4 in case of sensitive data leak. Alternatively, don't hard reset the system." - } - ], - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Takeshi Nishimura (NEC) for reporting this issue." - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "NONE", - "baseScore": 6.2, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "version": "3.0" } ] } diff --git a/2017/7xxx/CVE-2017-7496.json b/2017/7xxx/CVE-2017-7496.json index efe24c3c5ca..263df1fdbd1 100644 --- a/2017/7xxx/CVE-2017-7496.json +++ b/2017/7xxx/CVE-2017-7496.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-7496", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "fedora-arm-installer", - "version": { - "version_data": [ - { - "version_value": "up to and including 1.99.16" - } - ] - } - } - ] - }, - "vendor_name": "Red Hat, Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,18 +21,43 @@ "description": [ { "lang": "eng", - "value": "CWE-391" + "value": "CWE-391", + "cweId": "CWE-391" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat, Inc.", + "product": { + "product_data": [ + { + "product_name": "fedora-arm-installer", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "up to and including 1.99.16" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://pagure.io/arm-image-installer/pull-request/10", - "refsource": "CONFIRM", - "url": "https://pagure.io/arm-image-installer/pull-request/10" + "url": "https://pagure.io/arm-image-installer/pull-request/10", + "refsource": "MISC", + "name": "https://pagure.io/arm-image-installer/pull-request/10" } ] } diff --git a/2017/7xxx/CVE-2017-7497.json b/2017/7xxx/CVE-2017-7497.json index f69bd659113..a7d691a3c56 100644 --- a/2017/7xxx/CVE-2017-7497.json +++ b/2017/7xxx/CVE-2017-7497.json @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Access Control", + "value": "CWE-284", "cweId": "CWE-284" } ] @@ -32,47 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "[UNKNOWN]", "product": { "product_data": [ { - "product_name": "CloudForms Management Engine 5.7", + "product_name": "CFME", "version": { "version_data": [ { - "version_value": "0:5.7.3.2-1.el7cf", - "version_affected": "!" - }, - { - "version_value": "0:1.7.2-1.el7cf", - "version_affected": "!" - }, - { - "version_value": "0:4.1.5-1.el7cf", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "CloudForms Management Engine 5.8", - "version": { - "version_data": [ - { - "version_value": "0:2.3.0.0-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.1.3-1.el7at", - "version_affected": "!" - }, - { - "version_value": "0:5.8.1.5-1.el7cf", - "version_affected": "!" - }, - { - "version_value": "0:1.7.2-1.el7cf", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -95,16 +64,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2017:1758" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2017-7497", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-7497" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450150", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1450150" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7497", "refsource": "MISC", @@ -112,12 +71,6 @@ } ] }, - "credits": [ - { - "lang": "en", - "value": "This issue was discovered by Gellert Kis (Red Hat)." - } - ], "impact": { "cvss": [ { diff --git a/2017/7xxx/CVE-2017-7502.json b/2017/7xxx/CVE-2017-7502.json index 1b7d471452c..7a944520ad0 100644 --- a/2017/7xxx/CVE-2017-7502.json +++ b/2017/7xxx/CVE-2017-7502.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library." + "value": "Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "NULL Pointer Dereference", + "value": "CWE-476", "cweId": "CWE-476" } ] @@ -32,27 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "NSS project", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 6", + "product_name": "nss", "version": { "version_data": [ { - "version_value": "0:3.28.4-3.el6_9", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "0:3.28.4-1.2.el7_3", - "version_affected": "!" + "version_affected": "=", + "version_value": "since 3.24.0" } ] } @@ -105,39 +94,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2017:1712" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2017-7502", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-7502" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446631", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1446631" - }, { "url": "https://hg.mozilla.org/projects/nss/rev/55ea60effd0d", "refsource": "MISC", "name": "https://hg.mozilla.org/projects/nss/rev/55ea60effd0d" } ] - }, - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" - } - ] } } \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7503.json b/2017/7xxx/CVE-2017-7503.json index 492eee2a9e2..dc534a96f9c 100644 --- a/2017/7xxx/CVE-2017-7503.json +++ b/2017/7xxx/CVE-2017-7503.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-7503", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "JBoss Enterprise Application Platform", - "version": { - "version_data": [ - { - "version_value": "7.0.5" - } - ] - } - } - ] - }, - "vendor_name": "Red Hat, Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,17 +27,41 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat, Inc.", + "product": { + "product_data": [ + { + "product_name": "JBoss Enterprise Application Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.0.5" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "98546", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/98546" + "url": "http://www.securityfocus.com/bid/98546", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/98546" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1451960", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451960" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451960", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1451960" } ] } diff --git a/2017/7xxx/CVE-2017-7504.json b/2017/7xxx/CVE-2017-7504.json index b225fe4bc5f..c1010d5ff31 100644 --- a/2017/7xxx/CVE-2017-7504.json +++ b/2017/7xxx/CVE-2017-7504.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-7504", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "JBoss", - "version": { - "version_data": [ - { - "version_value": "4.x" - } - ] - } - } - ] - }, - "vendor_name": "Red Hat, Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-502" + "value": "CWE-502", + "cweId": "CWE-502" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat, Inc.", + "product": { + "product_data": [ + { + "product_name": "JBoss", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.x" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1451441", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451441" + "url": "http://www.securityfocus.com/bid/98595", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/98595" }, { - "name": "98595", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/98595" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451441", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1451441" } ] } diff --git a/2017/7xxx/CVE-2017-7505.json b/2017/7xxx/CVE-2017-7505.json index 071b1a7b862..c0bfe19d0bb 100644 --- a/2017/7xxx/CVE-2017-7505.json +++ b/2017/7xxx/CVE-2017-7505.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-7505", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "foreman", - "version": { - "version_data": [ - { - "version_value": "1.5 and higher" - } - ] - } - } - ] - }, - "vendor_name": "Foreman" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,28 +21,53 @@ "description": [ { "lang": "eng", - "value": "CWE-863" + "value": "CWE-863", + "cweId": "CWE-863" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Foreman", + "product": { + "product_data": [ + { + "product_name": "foreman", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.5 and higher" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "98607", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/98607" + "url": "http://projects.theforeman.org/issues/19612", + "refsource": "MISC", + "name": "http://projects.theforeman.org/issues/19612" }, { - "name": "http://projects.theforeman.org/issues/19612", - "refsource": "CONFIRM", - "url": "http://projects.theforeman.org/issues/19612" + "url": "http://www.securityfocus.com/bid/98607", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/98607" }, { - "name": "https://github.com/theforeman/foreman/pull/4545", - "refsource": "CONFIRM", - "url": "https://github.com/theforeman/foreman/pull/4545" + "url": "https://github.com/theforeman/foreman/pull/4545", + "refsource": "MISC", + "name": "https://github.com/theforeman/foreman/pull/4545" } ] }