admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-02 18:01:13 +00:00
parent f7c871989b
commit 35979371be
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
20 changed files with 3495 additions and 1053 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

306
2012/2xxx/CVE-2012-2735.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2735",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie."
"value": "CVE-2012-2735 cumin: session fixation flaw"
}
]
},
@ -44,43 +21,264 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Session Fixation",
"cweId": "CWE-384"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "MRG for RHEL-5 v. 2",
"version": {
"version_data": [
{
"version_value": "0:7.6.5-0.22.el5",
"version_affected": "!"
},
{
"version_value": "0:4.1.3-1.el5",
"version_affected": "!"
},
{
"version_value": "0:1.23-1.el5",
"version_affected": "!"
},
{
"version_value": "0:0.1.5444-3.el5",
"version_affected": "!"
},
{
"version_value": "0:1.0-4.el5",
"version_affected": "!"
},
{
"version_value": "0:0.12.5-10.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "0:7.6.5-0.22.el6",
"version_affected": "!"
},
{
"version_value": "0:4.1.3-1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.23-1.el6",
"version_affected": "!"
},
{
"version_value": "0:0.1.5444-3.el6",
"version_affected": "!"
},
{
"version_value": "0:0.5.0-10.el6_2",
"version_affected": "!"
},
{
"version_value": "0:0.9-1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.1.4-2.el6",
"version_affected": "!"
},
{
"version_value": "0:0.12.10-7.el6",
"version_affected": "!"
},
{
"version_value": "0:0.2.7-1.el6",
"version_affected": "!"
},
{
"version_value": "0:3.1.2-2.el6",
"version_affected": "!"
},
{
"version_value": "0:0.8.4-2.el6",
"version_affected": "!"
},
{
"version_value": "0:1.4.6-10.el6",
"version_affected": "!"
},
{
"version_value": "0:0.6.0-4.el6",
"version_affected": "!"
},
{
"version_value": "0:1.16-4.el6_0",
"version_affected": "!"
},
{
"version_value": "0:0.9.7-4.el6",
"version_affected": "!"
},
{
"version_value": "0:2.0.23-6.el6_0",
"version_affected": "!"
},
{
"version_value": "0:1.5.0-0.8.beta4.el6",
"version_affected": "!"
},
{
"version_value": "1:1.3.0-2.el6",
"version_affected": "!"
},
{
"version_value": "0:0.4.3-6.el6_0",
"version_affected": "!"
},
{
"version_value": "0:0.6.1-1.el6",
"version_affected": "!"
},
{
"version_value": "0:0.8.7-2.1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.6.1-2.el6_0",
"version_affected": "!"
},
{
"version_value": "0:1.8.16-1.el6",
"version_affected": "!"
},
{
"version_value": "0:3.1.4-4.el6",
"version_affected": "!"
},
{
"version_value": "1:1.2.6-2.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.0-4.el6",
"version_affected": "!"
},
{
"version_value": "0:1.2.11-3.el6",
"version_affected": "!"
},
{
"version_value": "0:1.3.2-3.el6",
"version_affected": "!"
},
{
"version_value": "0:0.7.2-1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0-6.el6",
"version_affected": "!"
},
{
"version_value": "0:0.12.5-10.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "55618",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "RHSA-2012:1278",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "cumin-redhat-session-hijacking(78776)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78776"
},
{
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html",
"refsource": "MISC",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151"
"name": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "50660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50660"
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"url": "http://secunia.com/advisories/50660",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50660"
},
{
"url": "http://www.securityfocus.com/bid/55618",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55618"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1278",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1278"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1281",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1281"
},
{
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151",
"refsource": "MISC",
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-2735",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-2735"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=832151",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=832151"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78776",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78776"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

197
2012/2xxx/CVE-2012-2744.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2744",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before 2.6.34, when the nf_conntrack_ipv6 module is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets."
"value": "CVE-2012-2744 kernel: netfilter: null pointer dereference in nf_ct_frag6_reasm()"
}
]
},
@ -44,58 +21,166 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-279.1.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.0 EUS - Server Only",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-71.40.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.1 EUS - Server Only",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-131.30.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.2 EUS - Server and Compute Node Only",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-220.24.1.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=833402",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=833402"
"url": "http://rhn.redhat.com/errata/RHSA-2012-1064.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1064.html"
},
{
"name": "54367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54367"
"url": "https://access.redhat.com/errata/RHSA-2012:1064",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1064"
},
{
"name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34",
"refsource": "CONFIRM",
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34"
"url": "https://access.redhat.com/errata/RHSA-2012:1129",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1129"
},
{
"name": "1027235",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027235"
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34",
"refsource": "MISC",
"name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9e2dcf72023d1447f09c47d77c99b0c49659e5ce",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9e2dcf72023d1447f09c47d77c99b0c49659e5ce"
"url": "http://secunia.com/advisories/49928",
"refsource": "MISC",
"name": "http://secunia.com/advisories/49928"
},
{
"name": "https://github.com/torvalds/linux/commit/9e2dcf72023d1447f09c47d77c99b0c49659e5ce",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/9e2dcf72023d1447f09c47d77c99b0c49659e5ce"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9e2dcf72023d1447f09c47d77c99b0c49659e5ce",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9e2dcf72023d1447f09c47d77c99b0c49659e5ce"
},
{
"name": "RHSA-2012:1064",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1064.html"
"url": "http://rhn.redhat.com/errata/RHSA-2012-1148.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1148.html"
},
{
"name": "49928",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49928"
"url": "http://www.securityfocus.com/bid/54367",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/54367"
},
{
"name": "RHSA-2012:1148",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1148.html"
"url": "http://www.securitytracker.com/id?1027235",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1027235"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1114",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1114"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1148",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1148"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-2744",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-2744"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=833402",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=833402"
},
{
"url": "https://github.com/torvalds/linux/commit/9e2dcf72023d1447f09c47d77c99b0c49659e5ce",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/9e2dcf72023d1447f09c47d77c99b0c49659e5ce"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
]
}

148
2012/3xxx/CVE-2012-3358.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3358",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file."
"value": "CVE-2012-3358 openjpeg: heap-based buffer overflow when processing JPEG2000 image files"
}
]
},
@ -44,53 +21,118 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:1.3-8.el6_3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "openjpeg-jpeg2000-bo(76850)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76850"
"url": "http://rhn.redhat.com/errata/RHSA-2012-1068.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1068.html"
},
{
"name": "54373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54373"
"url": "http://secunia.com/advisories/49913",
"refsource": "MISC",
"name": "http://secunia.com/advisories/49913"
},
{
"name": "http://code.google.com/p/openjpeg/source/detail?r=1727",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/openjpeg/source/detail?r=1727"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:104",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:104"
},
{
"name": "RHSA-2012:1068",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1068.html"
"url": "https://access.redhat.com/errata/RHSA-2012:1068",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1068"
},
{
"name": "49913",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49913"
"url": "http://code.google.com/p/openjpeg/source/detail?r=1727",
"refsource": "MISC",
"name": "http://code.google.com/p/openjpeg/source/detail?r=1727"
},
{
"name": "MDVSA-2012:104",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:104"
"url": "http://osvdb.org/83741",
"refsource": "MISC",
"name": "http://osvdb.org/83741"
},
{
"name": "[oss-security] 20120711 Openjpeg: heap-buffer overflow when processing JPEG2000 image files",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/11/1"
"url": "http://www.openwall.com/lists/oss-security/2012/07/11/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/07/11/1"
},
{
"name": "83741",
"refsource": "OSVDB",
"url": "http://osvdb.org/83741"
"url": "http://www.securityfocus.com/bid/54373",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/54373"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-3358",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-3358"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=835767",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=835767"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76850",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76850"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

153
2012/3xxx/CVE-2012-3402.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3402",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD plugin in GIMP 2.2.13 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted channels header value in a PSD image file, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2009-3909."
"value": "CVE-2012-3402 gimp (PSD plug-in): Heap-buffer overflow by decoding certain PSD headers"
}
]
},
@ -44,48 +21,108 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "2:2.2.13-2.0.7.el5_8.5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120820 The Gimp PSD plug-in CVE-2012-3402 issue",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/20/6"
},
{
"name": "GLSA-201209-23",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-23.xml"
},
{
"name": "1027411",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027411"
},
{
"name": "RHSA-2012:1181",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html"
},
{
"name": "https://bugzilla.redhat.com/attachment.cgi?id=603059&action=diff",
"url": "http://secunia.com/advisories/50737",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=603059&action=diff"
"name": "http://secunia.com/advisories/50737"
},
{
"name": "50737",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50737"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=838941",
"url": "http://security.gentoo.org/glsa/glsa-201209-23.xml",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=838941"
"name": "http://security.gentoo.org/glsa/glsa-201209-23.xml"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1181.html"
},
{
"url": "http://www.securitytracker.com/id?1027411",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1027411"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1181",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1181"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/08/20/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/08/20/6"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-3402",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-3402"
},
{
"url": "https://bugzilla.redhat.com/attachment.cgi?id=603059&action=diff",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/attachment.cgi?id=603059&action=diff"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=838941",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=838941"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

113
2012/3xxx/CVE-2012-3440.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3440",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file."
"value": "CVE-2012-3440 sudo: insecure temporary file use in RPM %postun script"
}
]
},
@ -44,28 +21,88 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"cweId": "CWE-367"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:1.7.2p1-14.el5_8.2",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=844442",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=844442"
"url": "http://www.securityfocus.com/bid/54868",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/54868"
},
{
"name": "54868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54868"
"url": "https://access.redhat.com/errata/RHSA-2012:1149",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1149"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-3440",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-3440"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=844442",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=844442"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:H/Au:N/C:N/I:C/A:C",
"version": "2.0"
}
]
}

227
2012/3xxx/CVE-2012-3481.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3481",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information."
"value": "CVE-2012-3481 Gimp (GIF plug-in): Heap-based buffer overflow by loading certain GIF images"
}
]
},
@ -44,83 +21,159 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "2:2.2.13-2.0.7.el5_8.5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "2:2.6.9-4.el6_3.3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2012:1038",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00023.html"
},
{
"name": "USN-1559-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1559-1"
},
{
"name": "RHSA-2012:1180",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html"
},
{
"name": "1027411",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027411"
},
{
"name": "RHSA-2012:1181",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=776572",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.html",
"refsource": "MISC",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=776572"
"name": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.html"
},
{
"name": "55101",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55101"
},
{
"name": "MDVSA-2013:082",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:082"
},
{
"name": "openSUSE-SU-2012:1080",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.html"
},
{
"name": "openSUSE-SU-2012:1131",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00043.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=847303",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=847303"
"name": "http://rhn.redhat.com/errata/RHSA-2012-1180.html"
},
{
"name": "MDVSA-2012:142",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:142"
"url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1181.html"
},
{
"name": "50296",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50296"
"url": "http://secunia.com/advisories/50296",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50296"
},
{
"name": "[oss-security] 20120820 The Gimp GIF plug-in CVE-2012-3481 issue",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/20/8"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:142",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:142"
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:082",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:082"
},
{
"url": "http://www.securityfocus.com/bid/55101",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55101"
},
{
"url": "http://www.securitytracker.com/id?1027411",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1027411"
},
{
"url": "http://www.ubuntu.com/usn/USN-1559-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1559-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1180",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1180"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1181",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1181"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00023.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00023.html"
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00043.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00043.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/08/20/8",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/08/20/8"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-3481",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-3481"
},
{
"url": "https://bugzilla.novell.com/show_bug.cgi?id=776572",
"refsource": "MISC",
"name": "https://bugzilla.novell.com/show_bug.cgi?id=776572"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=847303",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=847303"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

149
2012/3xxx/CVE-2012-3510.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3510",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command."
"value": "CVE-2012-3510 kernel: taskstats: use-after-free in xacct_add_tsk()"
}
]
},
@ -44,58 +21,118 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.6.18-308.16.1.el5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/f0ec1aaf54caddd21c259aea8b2ecfbde4ee4fb9",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/f0ec1aaf54caddd21c259aea8b2ecfbde4ee4fb9"
"url": "http://rhn.redhat.com/errata/RHSA-2012-1323.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1323.html"
},
{
"name": "50811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50811"
"url": "http://secunia.com/advisories/50811",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50811"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=849722",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=849722"
"url": "https://access.redhat.com/errata/RHSA-2012:1323",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1323"
},
{
"name": "RHSA-2012:1323",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1323.html"
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19",
"refsource": "MISC",
"name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19"
},
{
"name": "55144",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55144"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f0ec1aaf54caddd21c259aea8b2ecfbde4ee4fb9",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f0ec1aaf54caddd21c259aea8b2ecfbde4ee4fb9"
},
{
"name": "[oss-security] 20120820 Re: CVE Request -- kernel: taskstats: use-after-free in xacct_add_tsk()",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/20/12"
"url": "http://www.openwall.com/lists/oss-security/2012/08/20/12",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/08/20/12"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f0ec1aaf54caddd21c259aea8b2ecfbde4ee4fb9",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f0ec1aaf54caddd21c259aea8b2ecfbde4ee4fb9"
"url": "http://www.securityfocus.com/bid/55144",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55144"
},
{
"name": "1027602",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027602"
"url": "http://www.securitytracker.com/id?1027602",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1027602"
},
{
"name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19",
"refsource": "CONFIRM",
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19"
"url": "https://access.redhat.com/security/cve/CVE-2012-3510",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-3510"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=849722",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=849722"
},
{
"url": "https://github.com/torvalds/linux/commit/f0ec1aaf54caddd21c259aea8b2ecfbde4ee4fb9",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/f0ec1aaf54caddd21c259aea8b2ecfbde4ee4fb9"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:C",
"version": "2.0"
}
]
}

148
2013/2xxx/CVE-2013-2113.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2113",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role."
"value": "CVE-2013-2113 Foreman: app/controllers/users_controller.rb arbitrary admin user creation due to mass assignment"
}
]
},
@ -44,33 +21,122 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "OpenStack 3 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:1.1.10009-3.el6ost",
"version_affected": "!"
},
{
"version_value": "0:1.1.10001-4.el6ost",
"version_affected": "!"
},
{
"version_value": "0:0.0.18-1.el6ost",
"version_affected": "!"
},
{
"version_value": "0:1.3.0-5.el6ost",
"version_affected": "!"
},
{
"version_value": "0:1.10.1-11.el6ost",
"version_affected": "!"
},
{
"version_value": "0:2.8.1-4.el6ost",
"version_affected": "!"
},
{
"version_value": "0:1.2.0-9.el6ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:0995",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0995.html"
"url": "http://projects.theforeman.org/issues/2630",
"refsource": "MISC",
"name": "http://projects.theforeman.org/issues/2630"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=968166",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=968166"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0995.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0995.html"
},
{
"name": "http://projects.theforeman.org/issues/2630",
"refsource": "CONFIRM",
"url": "http://projects.theforeman.org/issues/2630"
"url": "https://access.redhat.com/errata/RHSA-2013:0995",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0995"
},
{
"name": "https://groups.google.com/forum/#!topic/foreman-users/6WpO_3ugiXU",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/foreman-users/6WpO_3ugiXU"
"url": "https://access.redhat.com/security/cve/CVE-2013-2113",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-2113"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=966804",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=966804"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=968166",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=968166"
},
{
"url": "https://groups.google.com/forum/#%21topic/foreman-users/6WpO_3ugiXU",
"refsource": "MISC",
"name": "https://groups.google.com/forum/#%21topic/foreman-users/6WpO_3ugiXU"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
]
}

271
2013/2xxx/CVE-2013-2116.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2116",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169."
"value": "CVE-2013-2116 gnutls: out of bounds read in _gnutls_ciphertext2compressed (GNUTLS-SA-2013-2)"
}
]
},
@ -44,88 +21,180 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:1.4.1-10.el5_9.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.8.5-10.el6_4.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
"version": {
"version_data": [
{
"version_value": "0:6.4-20130709.0.el6_4",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "57260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57260"
},
{
"name": "SUSE-SU-2013:1060",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00019.html"
},
{
"name": "57274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57274"
},
{
"name": "SUSE-SU-2014:0320",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "SUSE-SU-2014:0322",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
},
{
"name": "MDVSA-2013:171",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:171"
},
{
"name": "RHSA-2013:0883",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0883.html"
},
{
"name": "DSA-2697",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2697"
},
{
"name": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6754",
"refsource": "CONFIRM",
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6754"
},
{
"name": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-2",
"refsource": "CONFIRM",
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-2"
},
{
"name": "53911",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53911"
},
{
"name": "https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d",
"refsource": "CONFIRM",
"url": "https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d"
},
{
"name": "USN-1843-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1843-1"
},
{
"name": "1028603",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028603"
},
{
"name": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6753",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
"refsource": "MISC",
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6753"
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"url": "http://secunia.com/advisories/57260",
"refsource": "MISC",
"name": "http://secunia.com/advisories/57260"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00019.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00019.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-0883.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0883.html"
},
{
"url": "http://secunia.com/advisories/53911",
"refsource": "MISC",
"name": "http://secunia.com/advisories/53911"
},
{
"url": "http://secunia.com/advisories/57274",
"refsource": "MISC",
"name": "http://secunia.com/advisories/57274"
},
{
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6753",
"refsource": "MISC",
"name": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6753"
},
{
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6754",
"refsource": "MISC",
"name": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6754"
},
{
"url": "http://www.debian.org/security/2013/dsa-2697",
"refsource": "MISC",
"name": "http://www.debian.org/security/2013/dsa-2697"
},
{
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-2",
"refsource": "MISC",
"name": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-2"
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:171",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:171"
},
{
"url": "http://www.securitytracker.com/id/1028603",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1028603"
},
{
"url": "http://www.ubuntu.com/usn/USN-1843-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1843-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:0883",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0883"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1076",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1076"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-2116",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-2116"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=966754",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=966754"
},
{
"url": "https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d",
"refsource": "MISC",
"name": "https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}

1446
2013/2xxx/CVE-2013-2121.json
View File

File diff suppressed because it is too large Load Diff

168
2013/2xxx/CVE-2013-2132.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2132",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an \"invalid DBRef.\""
"value": "CVE-2013-2132 pymongo: null pointer when decoding invalid DBRef"
}
]
},
@ -44,58 +21,127 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "0:1.6.4-6.el6",
"version_affected": "!"
},
{
"version_value": "0:1.9-11.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:1064",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html"
},
{
"name": "USN-1897-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1897-1"
},
{
"name": "93804",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/93804"
},
{
"name": "https://jira.mongodb.org/browse/PYTHON-532",
"url": "https://access.redhat.com/errata/RHSA-2013:1170",
"refsource": "MISC",
"url": "https://jira.mongodb.org/browse/PYTHON-532"
"name": "https://access.redhat.com/errata/RHSA-2013:1170"
},
{
"name": "https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597",
"refsource": "MISC",
"url": "https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2"
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597"
},
{
"name": "[oss-security] 20130531 Re: CVE-2013-2132 MongoDB: User-triggerable NULL pointer dereference due to utter plebbery",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q2/447"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597"
"name": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html"
},
{
"name": "DSA-2705",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2705"
"url": "http://seclists.org/oss-sec/2013/q2/447",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2013/q2/447"
},
{
"name": "60252",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60252"
"url": "http://ubuntu.com/usn/usn-1897-1",
"refsource": "MISC",
"name": "http://ubuntu.com/usn/usn-1897-1"
},
{
"url": "http://www.debian.org/security/2013/dsa-2705",
"refsource": "MISC",
"name": "http://www.debian.org/security/2013/dsa-2705"
},
{
"url": "http://www.osvdb.org/93804",
"refsource": "MISC",
"name": "http://www.osvdb.org/93804"
},
{
"url": "http://www.securityfocus.com/bid/60252",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/60252"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-2132",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-2132"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=969560",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=969560"
},
{
"url": "https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2",
"refsource": "MISC",
"name": "https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2"
},
{
"url": "https://jira.mongodb.org/browse/PYTHON-532",
"refsource": "MISC",
"name": "https://jira.mongodb.org/browse/PYTHON-532"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}

143
2013/2xxx/CVE-2013-2148.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2148",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor."
"value": "CVE-2013-2148 Kernel: fanotify: info leak in copy_event_to_user"
}
]
},
@ -44,53 +21,113 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "0:3.6.11.5-rt37.55.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-1929-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1929-1"
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"
},
{
"name": "[linux-kernel] 20130603 [patch] fanotify: info leak in copy_event_to_user()",
"refsource": "MLIST",
"url": "http://lkml.org/lkml/2013/6/3/128"
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html"
},
{
"name": "SUSE-SU-2013:1473",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"name": "openSUSE-SU-2013:1971",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
"url": "https://access.redhat.com/errata/RHSA-2013:1264",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1264"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=971258",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=971258"
"url": "http://lkml.org/lkml/2013/6/3/128",
"refsource": "MISC",
"name": "http://lkml.org/lkml/2013/6/3/128"
},
{
"name": "USN-1930-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1930-1"
"url": "http://www.openwall.com/lists/oss-security/2013/06/05/26",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/06/05/26"
},
{
"name": "SUSE-SU-2013:1474",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html"
"url": "http://www.ubuntu.com/usn/USN-1929-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1929-1"
},
{
"name": "[oss-security] 20130605 Re: CVE Request: Linux kernel: fanotify: info leak in copy_event_to_user",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/06/05/26"
"url": "http://www.ubuntu.com/usn/USN-1930-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1930-1"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-2148",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-2148"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=971258",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=971258"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
]
}

118
2013/2xxx/CVE-2013-2151.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2151",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted Windows search path vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 allows local users to gain privileges via a crafted application in an unspecified folder."
"value": "CVE-2013-2151 rhevm: rhev agent service unquoted search path"
}
]
},
@ -44,28 +21,93 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Unquoted Search Path or Element",
"cweId": "CWE-428"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "RHEV Manager version 3.2",
"version": {
"version_data": [
{
"version_value": "0:3.2-8",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "60473",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60473"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0925.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0925.html"
},
{
"name": "RHSA-2013:0925",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0925.html"
"url": "http://www.securityfocus.com/bid/60473",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/60473"
},
{
"name": "enterprise-cve20132151-priv-esc(84868)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84868"
"url": "https://access.redhat.com/errata/RHSA-2013:0925",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0925"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-2151",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-2151"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=971171",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=971171"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84868",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84868"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.2,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

138
2013/2xxx/CVE-2013-2167.json
View File

@ -1,22 +1,47 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2167",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "CVE-2013-2166 CVE-2013-2167 python-keystoneclient: middleware memcache encryption and signing bypass"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Acceptance of Extraneous Untrusted Data With Trusted Data",
"cweId": "CWE-349"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "python-keystoneclient",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "python-keystoneclient",
"product_name": "OpenStack 3 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "< 0.2.6"
"version_value": "1:0.2.3-5.el6ost",
"version_affected": "!"
}
]
}
@ -27,40 +52,42 @@
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "memcache signing bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2167",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2167"
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2167",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0992.html",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2167"
"name": "http://rhn.redhat.com/errata/RHSA-2013-0992.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/06/19/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/06/19/5"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:0992",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0992"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=974271",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=974271"
},
{
"url": "http://www.securityfocus.com/bid/60680",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/60680"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-2167",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-2167"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-2167",
@ -68,34 +95,49 @@
"name": "https://access.redhat.com/security/cve/cve-2013-2167"
},
{
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-2167",
"refsource": "MISC",
"name": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-2167",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-2167"
"name": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-2167"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2167",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2167"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85492",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0992.html",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0992.html"
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85492"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2167",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/06/19/5",
"url": "http://www.openwall.com/lists/oss-security/2013/06/19/5"
},
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2167"
}
]
},
"impact": {
"cvss": [
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/60680",
"url": "http://www.securityfocus.com/bid/60680"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85492",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85492"
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

211
2013/2xxx/CVE-2013-2206.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2206",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic."
"value": "CVE-2013-2206 kernel: sctp: duplicate cookie handling NULL pointer dereference"
}
]
},
@ -44,83 +21,175 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "OpenStack 3 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-358.118.1.openstack.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.6.18-348.16.1.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-358.18.1.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:1166",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1166.html"
"url": "http://www.debian.org/security/2013/dsa-2766",
"refsource": "MISC",
"name": "http://www.debian.org/security/2013/dsa-2766"
},
{
"name": "SUSE-SU-2013:1749",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00023.html"
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"name": "https://github.com/torvalds/linux/commit/f2815633504b442ca0b0605c16bf3d88a3a0fcea",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/f2815633504b442ca0b0605c16bf3d88a3a0fcea"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1166.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1166.html"
},
{
"name": "SUSE-SU-2013:1744",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00020.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1173.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1173.html"
},
{
"name": "SUSE-SU-2013:1750",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00024.html"
"url": "https://access.redhat.com/errata/RHSA-2013:1166",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1166"
},
{
"name": "RHSA-2013:1173",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1173.html"
"url": "https://access.redhat.com/errata/RHSA-2013:1173",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1173"
},
{
"name": "DSA-2766",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2766"
"url": "https://access.redhat.com/errata/RHSA-2013:1195",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1195"
},
{
"name": "openSUSE-SU-2013:1971",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
"url": "http://www.ubuntu.com/usn/USN-1939-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1939-1"
},
{
"name": "SUSE-SU-2013:1748",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00021.html"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f2815633504b442ca0b0605c16bf3d88a3a0fcea",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f2815633504b442ca0b0605c16bf3d88a3a0fcea"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.5"
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00020.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00020.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=976562",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=976562"
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00021.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00021.html"
},
{
"name": "USN-1939-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1939-1"
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00023.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00023.html"
},
{
"name": "[oss-security] 20130620 Re: CVE Request -- Linux kernel: sctp: duplicate cookie handling NULL pointer dereference",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/06/21/1"
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00024.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00024.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f2815633504b442ca0b0605c16bf3d88a3a0fcea",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f2815633504b442ca0b0605c16bf3d88a3a0fcea"
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.5",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/06/21/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/06/21/1"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-2206",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-2206"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=976562",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=976562"
},
{
"url": "https://github.com/torvalds/linux/commit/f2815633504b442ca0b0605c16bf3d88a3a0fcea",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/f2815633504b442ca0b0605c16bf3d88a3a0fcea"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
]
}

135
2013/2xxx/CVE-2013-2231.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2231",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6, Desktop Supplementary 6, Server Supplementary 6, Supplementary AUS 6.4, Supplementary EUS 6.4.z, and Workstation Supplementary 6, when installing on Windows, allows local users to gain privileges via a crafted program in an unspecified folder."
"value": "CVE-2013-2231 qemu: qemu-ga win32 service unquoted search path"
}
]
},
@ -44,28 +21,104 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Unquoted Search Path or Element",
"cweId": "CWE-428"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.355.el6_4.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Supplementary for Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:1.6.5-6.el6_4",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:1101",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1101.html"
},
{
"name": "RHSA-2013:1100",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1100.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=980757",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1100.html",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=980757"
"name": "http://rhn.redhat.com/errata/RHSA-2013-1100.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-1101.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1101.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1100",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1100"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1101",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1101"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-2231",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-2231"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=980757",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=980757"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.2,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

118
2013/2xxx/CVE-2013-2256.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2256",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id."
"value": "CVE-2013-2256 OpenStack: Nova private flavors resource limit circumvention"
}
]
},
@ -44,28 +21,93 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "OpenStack 3 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2013.1.3-3.el6ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:1199",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1199.html"
},
{
"name": "https://bugs.launchpad.net/nova/+bug/1194093",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/nova/+bug/1194093"
"url": "https://access.redhat.com/errata/RHSA-2013:1199",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1199"
},
{
"name": "[oss-security] 20130806 [OSSA 2013-019] Resource limit circumvention in Nova private flavors (CVE-2013-2256)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q3/281"
"url": "http://seclists.org/oss-sec/2013/q3/281",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2013/q3/281"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-2256",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-2256"
},
{
"url": "https://bugs.launchpad.net/nova/+bug/1194093",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/nova/+bug/1194093"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=993340",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=993340"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
"version": "2.0"
}
]
}

199
2013/3xxx/CVE-2013-3301.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-3301",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call."
"value": "CVE-2013-3301 Kernel: tracing: NULL pointer dereference"
}
]
},
@ -44,73 +21,165 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "OpenStack 3 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-358.114.1.openstack.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-358.14.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "0:3.6.11.5-rt37.55.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.8",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.8"
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"
},
{
"name": "USN-1834-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1834-1"
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"name": "https://github.com/torvalds/linux/commit/6a76f8c0ab19f215af2a3442870eeb5f0e81998d",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/6a76f8c0ab19f215af2a3442870eeb5f0e81998d"
"url": "https://access.redhat.com/errata/RHSA-2013:1264",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1264"
},
{
"name": "RHSA-2013:1051",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1051.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1051.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1051.html"
},
{
"name": "SUSE-SU-2013:1473",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"
"url": "https://access.redhat.com/errata/RHSA-2013:1051",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1051"
},
{
"name": "[oss-security] 20130415 CVE request - Linux kernel: tracing NULL pointer dereference",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/04/15/1"
"url": "https://access.redhat.com/errata/RHSA-2013:1080",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1080"
},
{
"name": "USN-1835-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1835-1"
"url": "http://www.ubuntu.com/usn/USN-1834-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1834-1"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6a76f8c0ab19f215af2a3442870eeb5f0e81998d",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6a76f8c0ab19f215af2a3442870eeb5f0e81998d"
"url": "http://www.ubuntu.com/usn/USN-1835-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1835-1"
},
{
"name": "USN-1838-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1838-1"
"url": "http://www.ubuntu.com/usn/USN-1836-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1836-1"
},
{
"name": "openSUSE-SU-2013:1971",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
"url": "http://www.ubuntu.com/usn/USN-1838-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1838-1"
},
{
"name": "USN-1836-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1836-1"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6a76f8c0ab19f215af2a3442870eeb5f0e81998d",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6a76f8c0ab19f215af2a3442870eeb5f0e81998d"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=952197",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=952197"
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.8",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.8"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/04/15/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/04/15/1"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-3301",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-3301"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=952197",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=952197"
},
{
"url": "https://github.com/torvalds/linux/commit/6a76f8c0ab19f215af2a3442870eeb5f0e81998d",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/6a76f8c0ab19f215af2a3442870eeb5f0e81998d"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
]
}

142
2013/4xxx/CVE-2013-4111.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4111",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
"value": "CVE-2013-4111 OpenStack: python-glanceclient failing SSL certificate check"
}
]
},
@ -44,48 +21,113 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Certificate Validation",
"cweId": "CWE-295"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "OpenStack 3 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "1:0.9.0-2.el6ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "54525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54525"
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00019.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00019.html"
},
{
"name": "54313",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54313"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1200.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1200.html"
},
{
"name": "USN-2004-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2004-1"
"url": "http://secunia.com/advisories/54313",
"refsource": "MISC",
"name": "http://secunia.com/advisories/54313"
},
{
"name": "RHSA-2013:1200",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1200.html"
"url": "http://secunia.com/advisories/54525",
"refsource": "MISC",
"name": "http://secunia.com/advisories/54525"
},
{
"name": "https://bugs.launchpad.net/ossa/+bug/1192229",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ossa/+bug/1192229"
"url": "http://www.ubuntu.com/usn/USN-2004-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2004-1"
},
{
"name": "openSUSE-SU-2013:1330",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00019.html"
"url": "https://access.redhat.com/errata/RHSA-2013:1200",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1200"
},
{
"name": "https://github.com/openstack/python-glanceclient/blob/master/doc/source/index.rst",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/python-glanceclient/blob/master/doc/source/index.rst"
"url": "https://access.redhat.com/security/cve/CVE-2013-4111",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-4111"
},
{
"url": "https://bugs.launchpad.net/ossa/+bug/1192229",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/ossa/+bug/1192229"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=989738",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=989738"
},
{
"url": "https://github.com/openstack/python-glanceclient/blob/master/doc/source/index.rst",
"refsource": "MISC",
"name": "https://github.com/openstack/python-glanceclient/blob/master/doc/source/index.rst"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

18
2023/0xxx/CVE-2023-0653.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0653",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}