admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-02 21:01:03 +00:00
parent 32d441371f
commit 3a363d3f8c
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
46 changed files with 4820 additions and 2465 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
2015/5xxx/CVE-2015-5305.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5305",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd."
"value": "Kubernetes fails to validate object name types before passing the data to etcd. As the etcd service generates keys based on the object name type this can lead to a directory path traversal."
}
]
},
@ -44,23 +21,78 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Enterprise 3.0",
"version": {
"version_data": [
{
"version_value": "0:3.0.2.0-0.git.20.656dc3e.el7ose",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1273969",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273969"
"url": "https://access.redhat.com/errata/RHSA-2015:1945",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1945"
},
{
"name": "RHSA-2015:1945",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2015:1945"
"url": "https://access.redhat.com/security/cve/CVE-2015-5305",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5305"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273969",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1273969"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
]
}

164
2015/5xxx/CVE-2015-5313.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5313",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name."
"value": "A path-traversal flaw was found in the way the libvirt daemon handled filesystem names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges."
}
]
},
@ -44,48 +21,135 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.0.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Gluster Storage 3.1 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2.0.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.0.0-10.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://security.libvirt.org/2015/0004.html",
"refsource": "CONFIRM",
"url": "http://security.libvirt.org/2015/0004.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2577.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2577.html"
},
{
"name": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=034e47c338b13a95cf02106a3af912c1c5f818d7",
"refsource": "CONFIRM",
"url": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=034e47c338b13a95cf02106a3af912c1c5f818d7"
"url": "https://access.redhat.com/errata/RHSA-2016:2577",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2577"
},
{
"name": "90913",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90913"
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=034e47c338b13a95cf02106a3af912c1c5f818d7",
"refsource": "MISC",
"name": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=034e47c338b13a95cf02106a3af912c1c5f818d7"
},
{
"name": "[libvirt] 20151211 [PATCH] CVE-2015-5313: storage: don't allow '/' in filesystem volume names",
"refsource": "MLIST",
"url": "https://www.redhat.com/archives/libvir-list/2015-December/msg00473.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174404.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174404.html"
},
{
"name": "FEDORA-2015-30b347dff1",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174404.html"
"url": "http://security.libvirt.org/2015/0004.html",
"refsource": "MISC",
"name": "http://security.libvirt.org/2015/0004.html"
},
{
"name": "GLSA-201612-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-10"
"url": "http://www.securityfocus.com/bid/90913",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/90913"
},
{
"name": "RHSA-2016:2577",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2577.html"
"url": "https://access.redhat.com/security/cve/CVE-2015-5313",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5313"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277121",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1277121"
},
{
"url": "https://security.gentoo.org/glsa/201612-10",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201612-10"
},
{
"url": "https://www.redhat.com/archives/libvir-list/2015-December/msg00473.html",
"refsource": "MISC",
"name": "https://www.redhat.com/archives/libvir-list/2015-December/msg00473.html"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:S/C:N/I:C/A:N",
"version": "2.0"
}
]
}

105
2015/5xxx/CVE-2015-5329.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5329",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials."
"value": "A flaw was found in the director (openstack-tripleo-heat-templates) where the RabbitMQ credentials defaulted to guest/guest and supplied values in the configuration were not used. As a result, all deployed overclouds used the same credentials (guest/guest). A remote non-authenticated attacker could use this flaw to access RabbitMQ services in the deployed cloud."
}
]
},
@ -44,18 +21,82 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Use of Hard-coded Credentials",
"cweId": "CWE-798"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform director 7.0 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:0.8.6-94.el7ost",
"version_affected": "!"
},
{
"version_value": "0:0.0.10-22.el7ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:2650",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2015:2650"
"url": "https://access.redhat.com/errata/RHSA-2015:2650",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2650"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5329",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5329"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281777",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281777"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

218
2015/7xxx/CVE-2015-7497.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7497",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors."
"value": "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash."
}
]
},
@ -44,93 +21,180 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.7.6-20.el6_7.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.9.1-6.el7_2.2",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:2550",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
"url": "http://xmlsoft.org/news.html",
"refsource": "MISC",
"name": "http://xmlsoft.org/news.html"
},
{
"name": "openSUSE-SU-2016:0106",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281862",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281862"
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
},
{
"name": "DSA-3430",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3430"
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
},
{
"name": "http://xmlsoft.org/news.html",
"refsource": "CONFIRM",
"url": "http://xmlsoft.org/news.html"
"url": "http://marc.info/?l=bugtraq&m=145382616617563&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=145382616617563&w=2"
},
{
"name": "79508",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79508"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
},
{
"name": "RHSA-2016:1089",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
},
{
"name": "https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"url": "http://www.debian.org/security/2015/dsa-3430",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3430"
},
{
"name": "USN-2834-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2834-1"
"url": "http://www.securitytracker.com/id/1034243",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1034243"
},
{
"name": "1034243",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034243"
"url": "http://www.ubuntu.com/usn/USN-2834-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2834-1"
},
{
"name": "RHSA-2015:2549",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
"url": "https://access.redhat.com/errata/RHSA-2015:2549",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2549"
},
{
"name": "HPSBGN03537",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=145382616617563&w=2"
"url": "https://access.redhat.com/errata/RHSA-2015:2550",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2550"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
"url": "https://access.redhat.com/errata/RHSA-2016:1089",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1089"
},
{
"name": "GLSA-201701-37",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-37"
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
},
{
"name": "openSUSE-SU-2015:2372",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
"url": "https://security.gentoo.org/glsa/201701-37",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201701-37"
},
{
"url": "http://www.securityfocus.com/bid/79508",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/79508"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-7497",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-7497"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281862",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281862"
},
{
"url": "https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9",
"refsource": "MISC",
"name": "https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank the GNOME project for reporting this issue. Upstream acknowledges Kostya Serebryany as the original reporter."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}

218
2015/7xxx/CVE-2015-7498.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7498",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure."
"value": "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash."
}
]
},
@ -44,93 +21,180 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.7.6-20.el6_7.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.9.1-6.el7_2.2",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:2550",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
"url": "http://xmlsoft.org/news.html",
"refsource": "MISC",
"name": "http://xmlsoft.org/news.html"
},
{
"name": "openSUSE-SU-2016:0106",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43"
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
},
{
"name": "DSA-3430",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3430"
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281879",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281879"
"url": "http://marc.info/?l=bugtraq&m=145382616617563&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=145382616617563&w=2"
},
{
"name": "http://xmlsoft.org/news.html",
"refsource": "CONFIRM",
"url": "http://xmlsoft.org/news.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
},
{
"name": "RHSA-2016:1089",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
},
{
"name": "USN-2834-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2834-1"
"url": "http://www.debian.org/security/2015/dsa-3430",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3430"
},
{
"name": "79548",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79548"
"url": "http://www.securitytracker.com/id/1034243",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1034243"
},
{
"name": "1034243",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034243"
"url": "http://www.ubuntu.com/usn/USN-2834-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2834-1"
},
{
"name": "RHSA-2015:2549",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
"url": "https://access.redhat.com/errata/RHSA-2015:2549",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2549"
},
{
"name": "HPSBGN03537",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=145382616617563&w=2"
"url": "https://access.redhat.com/errata/RHSA-2015:2550",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2550"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
"url": "https://access.redhat.com/errata/RHSA-2016:1089",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1089"
},
{
"name": "GLSA-201701-37",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-37"
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
},
{
"name": "openSUSE-SU-2015:2372",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
"url": "https://security.gentoo.org/glsa/201701-37",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201701-37"
},
{
"url": "http://www.securityfocus.com/bid/79548",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/79548"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-7498",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-7498"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281879",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281879"
},
{
"url": "https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43",
"refsource": "MISC",
"name": "https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank the GNOME project for reporting this issue. Upstream acknowledges Kostya Serebryany as the original reporter."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}

272
2015/7xxx/CVE-2015-7499.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7499",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors."
"value": "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information."
}
]
},
@ -44,138 +21,225 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.7.6-20.el6_7.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.9.1-6.el7_2.2",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:2550",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
"url": "http://xmlsoft.org/news.html",
"refsource": "MISC",
"name": "http://xmlsoft.org/news.html"
},
{
"name": "APPLE-SA-2016-03-21-5",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "openSUSE-SU-2016:0106",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
},
{
"name": "https://support.apple.com/HT206167",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206167"
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
},
{
"name": "https://support.apple.com/HT206168",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206168"
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
},
{
"name": "DSA-3430",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3430"
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"name": "APPLE-SA-2016-03-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
},
{
"name": "http://xmlsoft.org/news.html",
"refsource": "CONFIRM",
"url": "http://xmlsoft.org/news.html"
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
},
{
"name": "https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da"
"url": "http://marc.info/?l=bugtraq&m=145382616617563&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=145382616617563&w=2"
},
{
"name": "RHSA-2016:1089",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
},
{
"name": "https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
},
{
"name": "APPLE-SA-2016-03-21-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
"url": "http://www.debian.org/security/2015/dsa-3430",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3430"
},
{
"name": "USN-2834-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2834-1"
"url": "http://www.securitytracker.com/id/1034243",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1034243"
},
{
"name": "1034243",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034243"
"url": "http://www.ubuntu.com/usn/USN-2834-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2834-1"
},
{
"name": "RHSA-2015:2549",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
"url": "https://access.redhat.com/errata/RHSA-2015:2549",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2549"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281925",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281925"
"url": "https://access.redhat.com/errata/RHSA-2015:2550",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2550"
},
{
"name": "HPSBGN03537",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=145382616617563&w=2"
"url": "https://access.redhat.com/errata/RHSA-2016:1089",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1089"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
},
{
"name": "GLSA-201701-37",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-37"
"url": "https://security.gentoo.org/glsa/201701-37",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201701-37"
},
{
"name": "openSUSE-SU-2015:2372",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
"url": "https://support.apple.com/HT206166",
"refsource": "MISC",
"name": "https://support.apple.com/HT206166"
},
{
"name": "APPLE-SA-2016-03-21-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
"url": "https://support.apple.com/HT206167",
"refsource": "MISC",
"name": "https://support.apple.com/HT206167"
},
{
"name": "79509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79509"
"url": "https://support.apple.com/HT206168",
"refsource": "MISC",
"name": "https://support.apple.com/HT206168"
},
{
"name": "https://support.apple.com/HT206169",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206169"
"url": "https://support.apple.com/HT206169",
"refsource": "MISC",
"name": "https://support.apple.com/HT206169"
},
{
"name": "https://support.apple.com/HT206166",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206166"
"url": "http://www.securityfocus.com/bid/79509",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/79509"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-7499",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-7499"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281925",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281925"
},
{
"url": "https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc",
"refsource": "MISC",
"name": "https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc"
},
{
"url": "https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da",
"refsource": "MISC",
"name": "https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank the GNOME project for reporting this issue. Upstream acknowledges Kostya Serebryany as the original reporter."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}

272
2015/7xxx/CVE-2015-7500.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7500",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags."
"value": "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash."
}
]
},
@ -44,138 +21,225 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.7.6-20.el6_7.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.9.1-6.el7_2.2",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:2550",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
"url": "http://xmlsoft.org/news.html",
"refsource": "MISC",
"name": "http://xmlsoft.org/news.html"
},
{
"name": "APPLE-SA-2016-03-21-5",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "openSUSE-SU-2016:0106",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "https://support.apple.com/HT206167",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206167"
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
},
{
"name": "https://support.apple.com/HT206168",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206168"
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
},
{
"name": "DSA-3430",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3430"
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
},
{
"name": "APPLE-SA-2016-03-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"name": "http://xmlsoft.org/news.html",
"refsource": "CONFIRM",
"url": "http://xmlsoft.org/news.html"
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
},
{
"name": "https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f"
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
},
{
"name": "RHSA-2016:1089",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
"url": "http://marc.info/?l=bugtraq&m=145382616617563&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=145382616617563&w=2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
},
{
"name": "APPLE-SA-2016-03-21-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
},
{
"name": "USN-2834-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2834-1"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281943",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281943"
"url": "http://www.debian.org/security/2015/dsa-3430",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3430"
},
{
"name": "1034243",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034243"
"url": "http://www.securitytracker.com/id/1034243",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1034243"
},
{
"name": "RHSA-2015:2549",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
"url": "http://www.ubuntu.com/usn/USN-2834-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2834-1"
},
{
"name": "HPSBGN03537",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=145382616617563&w=2"
"url": "https://access.redhat.com/errata/RHSA-2015:2549",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2549"
},
{
"name": "79562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79562"
"url": "https://access.redhat.com/errata/RHSA-2015:2550",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2550"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
"url": "https://access.redhat.com/errata/RHSA-2016:1089",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1089"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
},
{
"name": "GLSA-201701-37",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-37"
"url": "https://security.gentoo.org/glsa/201701-37",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201701-37"
},
{
"name": "openSUSE-SU-2015:2372",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
"url": "https://support.apple.com/HT206166",
"refsource": "MISC",
"name": "https://support.apple.com/HT206166"
},
{
"name": "APPLE-SA-2016-03-21-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
"url": "https://support.apple.com/HT206167",
"refsource": "MISC",
"name": "https://support.apple.com/HT206167"
},
{
"name": "https://support.apple.com/HT206169",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206169"
"url": "https://support.apple.com/HT206168",
"refsource": "MISC",
"name": "https://support.apple.com/HT206168"
},
{
"name": "https://support.apple.com/HT206166",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206166"
"url": "https://support.apple.com/HT206169",
"refsource": "MISC",
"name": "https://support.apple.com/HT206169"
},
{
"url": "http://www.securityfocus.com/bid/79562",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/79562"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-7500",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-7500"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281943",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281943"
},
{
"url": "https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f",
"refsource": "MISC",
"name": "https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank the GNOME project for reporting this issue. Upstream acknowledges Kostya Serebryany as the original reporter."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}

196
2015/7xxx/CVE-2015-7502.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7502",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files."
"value": "A privilege escalation flaw was discovered in CloudForms, where in certain situations, CloudForms could read encrypted data from the database and then write decrypted data back into the database. If the database was then exported or log files generated, a local attacker might be able to gain access to sensitive information."
}
]
},
@ -44,28 +21,171 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "CloudForms Management Engine 5.4",
"version": {
"version_data": [
{
"version_value": "0:5.4.4.2-1.el6cf",
"version_affected": "!"
}
]
}
},
{
"product_name": "CloudForms Management Engine 5.5",
"version": {
"version_data": [
{
"version_value": "0:5.5.0.13-2.el7cf",
"version_affected": "!"
},
{
"version_value": "0:5.5.0.13-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:9.0r2-10.el7cf",
"version_affected": "!"
},
{
"version_value": "0:3.1.10-3.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-2.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.0.7-6.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.9.8-4.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.8.2-9.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.1.0-2.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.1.0-3.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.6.6.2-3.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.18.2-2.el7cf",
"version_affected": "!"
},
{
"version_value": "0:2.0.13-4.el7cf",
"version_affected": "!"
},
{
"version_value": "0:2.13.4-2.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.0.7-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.6.3-2.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.0.7.1-3.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.3.14-6.el7cf",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:2551",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2015:2551"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2620.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2620.html"
},
{
"name": "RHSA-2015:2620",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2620.html"
"url": "https://access.redhat.com/errata/RHSA-2015:2551",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2551"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1283019",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283019"
"url": "https://access.redhat.com/errata/RHSA-2015:2620",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2620"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-7502",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-7502"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283019",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1283019"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.7,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
]
}

210
2015/7xxx/CVE-2015-7504.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7504",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode."
"value": "A heap-based buffer overflow flaw was discovered in the way QEMU's AMD PC-Net II Ethernet Controller emulation received certain packets in loopback mode. A privileged user (with the CAP_SYS_RAWIO capability) inside a guest could use this flaw to crash the host QEMU process (resulting in denial of service) or, potentially, execute arbitrary code with privileges of the host QEMU process."
}
]
},
@ -44,78 +21,175 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.479.el6_7.3",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.479.el6_7.3",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.479.el6_7.3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:2694",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2694.html"
"url": "https://security.gentoo.org/glsa/201604-03",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "1034268",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034268"
"url": "https://security.gentoo.org/glsa/201602-01",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201602-01"
},
{
"name": "78227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78227"
"url": "http://www.debian.org/security/2016/dsa-3469",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "[oss-security] 20151130 CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in loopback mode",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/11/30/2"
"url": "http://www.debian.org/security/2016/dsa-3470",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3470"
},
{
"name": "[Qemu-devel] 20151130 [PATCH for 2.5 1/2] net: pcnet: add check to validate receive data size(CVE-2015-7504)",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06342.html"
"url": "http://www.debian.org/security/2016/dsa-3471",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-162.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-162.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2694.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2694.html"
},
{
"name": "DSA-3469",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3469"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2695.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2695.html"
},
{
"name": "DSA-3470",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3470"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2696.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2696.html"
},
{
"name": "GLSA-201604-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201604-03"
"url": "https://access.redhat.com/errata/RHSA-2015:2694",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2694"
},
{
"name": "DSA-3471",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3471"
"url": "https://access.redhat.com/errata/RHSA-2015:2695",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2695"
},
{
"name": "GLSA-201602-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201602-01"
"url": "https://access.redhat.com/errata/RHSA-2015:2696",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2696"
},
{
"name": "RHSA-2015:2696",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2696.html"
"url": "http://www.openwall.com/lists/oss-security/2015/11/30/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/11/30/2"
},
{
"name": "RHSA-2015:2695",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2695.html"
"url": "http://www.securityfocus.com/bid/78227",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/78227"
},
{
"url": "http://www.securitytracker.com/id/1034268",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1034268"
},
{
"url": "http://xenbits.xen.org/xsa/advisory-162.html",
"refsource": "MISC",
"name": "http://xenbits.xen.org/xsa/advisory-162.html"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-7504",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-7504"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1261461",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1261461"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06342.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06342.html"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
]
}

151
2015/7xxx/CVE-2015-7518.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7518",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit forms."
"value": "A stored cross-site scripting (XSS) flaw was found in the smart class parameters/variables field. By sending a specially crafted request to Satellite, a remote, authenticated attacker could embed HTML content into the stored data, allowing them to inject malicious content into the web page that is used to view that data."
}
]
},
@ -44,33 +21,125 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 6.1",
"version": {
"version_data": [
{
"version_value": "0:0.9.49.11-1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.7.2.53-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.3.25-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.6.0.20-1.el6",
"version_affected": "!"
},
{
"version_value": "0:2.6.0.20-1.el7sat",
"version_affected": "!"
},
{
"version_value": "1:3.0.24-11.pulp.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.24.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.2.0.83-1.el6_6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.7.21-1.el7sat",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:0174",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:0174"
"url": "http://projects.theforeman.org/issues/12611",
"refsource": "MISC",
"name": "http://projects.theforeman.org/issues/12611"
},
{
"name": "[oss-security] 20151209 CVE-2015-7518: Foreman stored XSS in parameter information popup",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/09/6"
"url": "http://theforeman.org/security.html#2015-7518",
"refsource": "MISC",
"name": "http://theforeman.org/security.html#2015-7518"
},
{
"name": "http://projects.theforeman.org/issues/12611",
"refsource": "CONFIRM",
"url": "http://projects.theforeman.org/issues/12611"
"url": "http://www.openwall.com/lists/oss-security/2015/12/09/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/12/09/6"
},
{
"name": "http://theforeman.org/security.html#2015-7518",
"refsource": "CONFIRM",
"url": "http://theforeman.org/security.html#2015-7518"
"url": "https://access.redhat.com/errata/RHSA-2016:0174",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0174"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-7518",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-7518"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1285728",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1285728"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
]
}

141
2015/7xxx/CVE-2015-7528.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7528",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name."
"value": "It was found that OpenShift's API back end did not verify requests for pod log locations, allowing a pod on a Node to request logs for any other pod on that Node. A remote attacker could use this flaw to view sensitive information via pod logs that they would normally not have access to."
}
]
},
@ -44,38 +21,114 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Enterprise 3.0",
"version": {
"version_data": [
{
"version_value": "0:3.0.2.0-0.git.38.7576bc5.el7ose",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Enterprise 3.1",
"version": {
"version_data": [
{
"version_value": "0:3.1.0.4-1.git.15.5e061c3.el7aos",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/openshift/origin/pull/6113",
"refsource": "CONFIRM",
"url": "https://github.com/openshift/origin/pull/6113"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2615.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2615.html"
},
{
"name": "https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5"
"url": "https://access.redhat.com/errata/RHSA-2015:2544",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2544"
},
{
"name": "RHSA-2015:2615",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2615.html"
"url": "https://access.redhat.com/errata/RHSA-2015:2615",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2615"
},
{
"name": "RHSA-2015:2544",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2015:2544"
"url": "https://access.redhat.com/security/cve/CVE-2015-7528",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-7528"
},
{
"name": "https://github.com/kubernetes/kubernetes/pull/17886",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/pull/17886"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1286745",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1286745"
},
{
"url": "https://github.com/kubernetes/kubernetes/pull/17886",
"refsource": "MISC",
"name": "https://github.com/kubernetes/kubernetes/pull/17886"
},
{
"url": "https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5",
"refsource": "MISC",
"name": "https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5"
},
{
"url": "https://github.com/openshift/origin/pull/6113",
"refsource": "MISC",
"name": "https://github.com/openshift/origin/pull/6113"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
]
}

175
2015/7xxx/CVE-2015-7529.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7529",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date."
"value": "An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the system."
}
]
},
@ -44,53 +21,125 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Insecure Temporary File",
"cweId": "CWE-377"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:3.2-28.el6_7.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.2-35.el7_2.3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-2845-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2845-1"
},
{
"name": "https://github.com/sosreport/sos/issues/696",
"refsource": "CONFIRM",
"url": "https://github.com/sosreport/sos/issues/696"
},
{
"name": "RHSA-2016:0152",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0152.html"
},
{
"name": "RHSA-2016:0188",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0188.html"
},
{
"name": "83162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83162"
},
{
"name": "https://access.redhat.com/errata/RHSA-2016:0188",
"url": "http://www.ubuntu.com/usn/USN-2845-1",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2016:0188"
"name": "http://www.ubuntu.com/usn/USN-2845-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1282542",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282542"
},
{
"name": "https://access.redhat.com/errata/RHSA-2016:0152",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0152.html",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2016:0152"
"name": "http://rhn.redhat.com/errata/RHSA-2016-0152.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-0188.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0188.html"
},
{
"url": "http://www.securityfocus.com/bid/83162",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/83162"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0152",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0152"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0188",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0188"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-7529",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-7529"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282542",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1282542"
},
{
"url": "https://github.com/sosreport/sos/issues/696",
"refsource": "MISC",
"name": "https://github.com/sosreport/sos/issues/696"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Mateusz Guzik (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
]
}

113
2015/7xxx/CVE-2015-7544.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7544",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment."
"value": "It was found that redhat-support-plugin-rhev passed a user-specified path and file name directly to the command line in the log viewer component. This could allow users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment."
}
]
},
@ -44,23 +21,89 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "RHEV Manager version 3.6",
"version": {
"version_data": [
{
"version_value": "0:3.6.0-12.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:0426",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2016-0426.html"
"url": "https://access.redhat.com/errata/RHSA-2016:0426",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0426"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1269588",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269588"
"url": "https://access.redhat.com/security/cve/CVE-2015-7544",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-7544"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269588",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1269588"
},
{
"url": "https://rhn.redhat.com/errata/RHSA-2016-0426.html",
"refsource": "MISC",
"name": "https://rhn.redhat.com/errata/RHSA-2016-0426.html"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Alexander Wels (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
]
}

904
2015/7xxx/CVE-2015-7547.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7547",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module."
"value": "A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module."
}
]
},
@ -44,388 +21,555 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.12-1.166.el6_7.7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.12-1.47.el6_2.17",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.4 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.12-1.107.el6_4.9",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.12-1.132.el6_5.7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.6 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.12-1.149.el6_6.11",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.17-106.el7_2.4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.1 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.17-79.ael7b_1.4",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
"version": {
"version_data": [
{
"version_value": "0:6.7-20160104.2.el6ev",
"version_affected": "!"
},
{
"version_value": "0:7.2-20160105.2.el6ev",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-7",
"version": {
"version_data": [
{
"version_value": "0:7.2-20160105.2.el7ev",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "1035020",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035020"
},
{
"name": "HPSBGN03582",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=146161017210491&w=2"
},
{
"name": "SUSE-SU-2016:0471",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html"
},
{
"name": "RHSA-2016:0175",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0175.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672"
},
{
"name": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/",
"refsource": "CONFIRM",
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=18665",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18665"
},
{
"name": "HPSBGN03551",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=145857691004892&w=2"
},
{
"name": "RHSA-2016:0225",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0225.html"
},
{
"name": "FEDORA-2016-0f9e9a34ce",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161"
},
{
"name": "DSA-3481",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3481"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "openSUSE-SU-2016:0510",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html"
},
{
"name": "USN-2900-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2900-1"
},
{
"name": "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
},
{
"name": "RHSA-2016:0277",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0277.html"
},
{
"name": "openSUSE-SU-2016:0511",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html"
},
{
"name": "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html",
"url": "https://security.gentoo.org/glsa/201602-02",
"refsource": "MISC",
"url": "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
"name": "https://security.gentoo.org/glsa/201602-02"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20160217-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20160217-0002/"
},
{
"name": "SUSE-SU-2016:0470",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"
},
{
"name": "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/",
"refsource": "CONFIRM",
"url": "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/"
},
{
"name": "https://support.lenovo.com/us/en/product_security/len_5450",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/len_5450"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-08",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-08"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0002.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0002.html"
},
{
"name": "HPSBGN03549",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=145672440608228&w=2"
},
{
"name": "83265",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83265"
},
{
"name": "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow",
"refsource": "CONFIRM",
"url": "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name": "GLSA-201602-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201602-02"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937"
},
{
"name": "HPSBGN03547",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=145596041017029&w=2"
},
{
"name": "SUSE-SU-2016:0472",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html"
},
{
"name": "40339",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40339/"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa114",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa114"
},
{
"name": "[libc-alpha] 20160216 [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow",
"refsource": "MLIST",
"url": "https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html"
},
{
"name": "SUSE-SU-2016:0473",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"name": "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html"
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1293532",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293532"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479"
},
{
"name": "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html",
"refsource": "CONFIRM",
"url": "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html"
},
{
"name": "RHSA-2016:0176",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0176.html"
},
{
"name": "FEDORA-2016-0480defc94",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html"
},
{
"name": "openSUSE-SU-2016:0512",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404"
},
{
"name": "DSA-3480",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3480"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01"
},
{
"name": "39454",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39454/"
},
{
"name": "http://support.citrix.com/article/CTX206991",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX206991"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en"
},
{
"name": "VU#457759",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/457759"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958"
},
{
"name": "https://access.redhat.com/articles/2161461",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/articles/2161461"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10150",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10150"
},
{
"name": "HPSBGN03442",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=145690841819314&w=2"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516"
},
{
"refsource": "FULLDISC",
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"url": "http://seclists.org/fulldisclosure/2019/Sep/7"
},
{
"refsource": "BUGTRAQ",
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"url": "https://seclists.org/bugtraq/2019/Sep/7"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html",
"url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
},
{
"refsource": "FULLDISC",
"name": "20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices",
"url": "http://seclists.org/fulldisclosure/2021/Sep/0"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html",
"url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html"
"name": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html"
},
{
"url": "http://seclists.org/fulldisclosure/2021/Sep/0",
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17"
},
{
"refsource": "FULLDISC",
"name": "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series",
"url": "http://seclists.org/fulldisclosure/2022/Jun/36"
"name": "http://seclists.org/fulldisclosure/2021/Sep/0"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html",
"url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-0176.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0176.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0176",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0176"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10150",
"refsource": "MISC",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10150"
},
{
"url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
},
{
"url": "http://seclists.org/fulldisclosure/2019/Sep/7",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2019/Sep/7"
},
{
"url": "https://seclists.org/bugtraq/2019/Sep/7",
"refsource": "MISC",
"name": "https://seclists.org/bugtraq/2019/Sep/7"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html"
},
{
"url": "http://www.debian.org/security/2016/dsa-3480",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3480"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958"
},
{
"url": "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow",
"refsource": "MISC",
"name": "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html"
},
{
"url": "http://marc.info/?l=bugtraq&m=145596041017029&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=145596041017029&w=2"
},
{
"url": "http://marc.info/?l=bugtraq&m=145672440608228&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=145672440608228&w=2"
},
{
"url": "http://marc.info/?l=bugtraq&m=145690841819314&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=145690841819314&w=2"
},
{
"url": "http://marc.info/?l=bugtraq&m=145857691004892&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=145857691004892&w=2"
},
{
"url": "http://marc.info/?l=bugtraq&m=146161017210491&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=146161017210491&w=2"
},
{
"url": "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html"
},
{
"url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-0175.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0175.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-0225.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0225.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-0277.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0277.html"
},
{
"url": "http://seclists.org/fulldisclosure/2022/Jun/36",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2022/Jun/36"
},
{
"url": "http://support.citrix.com/article/CTX206991",
"refsource": "MISC",
"name": "http://support.citrix.com/article/CTX206991"
},
{
"url": "http://ubuntu.com/usn/usn-2900-1",
"refsource": "MISC",
"name": "http://ubuntu.com/usn/usn-2900-1"
},
{
"url": "http://www.debian.org/security/2016/dsa-3481",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3481"
},
{
"url": "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow",
"refsource": "MISC",
"name": "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
},
{
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en",
"refsource": "MISC",
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en"
},
{
"url": "http://www.securityfocus.com/bid/83265",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/83265"
},
{
"url": "http://www.securitytracker.com/id/1035020",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1035020"
},
{
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0002.html",
"refsource": "MISC",
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0002.html"
},
{
"url": "https://access.redhat.com/articles/2161461",
"refsource": "MISC",
"name": "https://access.redhat.com/articles/2161461"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0175",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0175"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0225",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0225"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0277",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0277"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-7547",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-7547"
},
{
"url": "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/",
"refsource": "MISC",
"name": "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/"
},
{
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/",
"refsource": "MISC",
"name": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa114",
"refsource": "MISC",
"name": "https://bto.bluecoat.com/security-advisory/sa114"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293532",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1293532"
},
{
"url": "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html",
"refsource": "MISC",
"name": "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
},
{
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes",
"refsource": "MISC",
"name": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01",
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01"
},
{
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161",
"refsource": "MISC",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161"
},
{
"url": "https://security.netapp.com/advisory/ntap-20160217-0002/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20160217-0002/"
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18665",
"refsource": "MISC",
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=18665"
},
{
"url": "https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html",
"refsource": "MISC",
"name": "https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html"
},
{
"url": "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html",
"refsource": "MISC",
"name": "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html"
},
{
"url": "https://support.lenovo.com/us/en/product_security/len_5450",
"refsource": "MISC",
"name": "https://support.lenovo.com/us/en/product_security/len_5450"
},
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17",
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17"
},
{
"url": "https://www.exploit-db.com/exploits/39454/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/39454/"
},
{
"url": "https://www.exploit-db.com/exploits/40339/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/40339/"
},
{
"url": "https://www.kb.cert.org/vuls/id/457759",
"refsource": "MISC",
"name": "https://www.kb.cert.org/vuls/id/457759"
},
{
"url": "https://www.tenable.com/security/research/tra-2017-08",
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2017-08"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

101
2015/7xxx/CVE-2015-7553.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7553",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets."
"value": "A race-condition flaw was discovered in the kernel's netlink module creation, which can trigger a kernel panic in netlink_release->module_put for local users creating netlink sockets. The flaw is specific to Red Hat Enterprise Linux and does not affect upstream kernels. The nfnetlink_log module must be loaded before the flaw can occur."
}
]
},
@ -44,18 +21,78 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
"cweId": "CWE-362"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-327.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1288934",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288934"
"url": "https://access.redhat.com/errata/RHSA-2015:2152",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2152"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-7553",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-7553"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288934",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1288934"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
]
}

176
2017/7xxx/CVE-2017-7549.json
View File

@ -1,41 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-08-14T00:00:00",
"ID": "CVE-2017-7549",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "instack-undercloud",
"version": {
"version_data": [
{
"version_value": "Pike, 12: v7.2.0, Ocata, 11: v6.1.0, Newton, 10: v5.3.0"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files."
"value": "A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files."
}
]
},
@ -45,48 +21,146 @@
"description": [
{
"lang": "eng",
"value": "CWE-377"
"value": "Insecure Temporary File",
"cweId": "CWE-377"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform director 7.0 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2.1.2-41.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"version": {
"version_data": [
{
"version_value": "0:5.3.0-3.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 11.0 (Ocata)",
"version": {
"version_data": [
{
"version_value": "0:6.1.0-3.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty) director",
"version": {
"version_data": [
{
"version_value": "0:2.2.7-10.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka) director",
"version": {
"version_data": [
{
"version_value": "0:4.0.0-17.el7ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2726",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2726"
"url": "http://www.securityfocus.com/bid/100407",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/100407"
},
{
"name": "100407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100407"
"url": "https://access.redhat.com/errata/RHSA-2017:2557",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2557"
},
{
"name": "RHSA-2017:2649",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2649"
"url": "https://access.redhat.com/errata/RHSA-2017:2649",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2649"
},
{
"name": "RHSA-2017:2687",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2687"
"url": "https://access.redhat.com/errata/RHSA-2017:2687",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2687"
},
{
"name": "RHSA-2017:2557",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2557"
"url": "https://access.redhat.com/errata/RHSA-2017:2693",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2693"
},
{
"name": "RHSA-2017:2693",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2693"
"url": "https://access.redhat.com/errata/RHSA-2017:2726",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2726"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1477403",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477403"
"url": "https://access.redhat.com/security/cve/CVE-2017-7549",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-7549"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477403",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1477403"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Matthew Booth (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.0"
}
]
}

108
2017/7xxx/CVE-2017-7550.json
View File

@ -1,41 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-07-21T00:00:00",
"ID": "CVE-2017-7550",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ansible",
"version": {
"version_data": [
{
"version_value": "2.3.x before 2.3.3, 2.4.x before 2.4.1"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the \"params\" argument, and noting this in the module documentation."
"value": "A flaw was found in the way Ansible passed certain parameters to the jenkins_plugin module. A remote attacker could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the \"params\" argument, and noting this in the module documentation."
}
]
},
@ -45,28 +21,82 @@
"description": [
{
"lang": "eng",
"value": "CWE-532"
"value": "Insertion of Sensitive Information into Log File",
"cweId": "CWE-532"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7 Extras",
"version": {
"version_data": [
{
"version_value": "0:2.4.0.0-5.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1473645",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473645"
"url": "https://access.redhat.com/errata/RHSA-2017:2966",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2966"
},
{
"name": "https://github.com/ansible/ansible/issues/30874",
"refsource": "CONFIRM",
"url": "https://github.com/ansible/ansible/issues/30874"
"url": "https://access.redhat.com/security/cve/CVE-2017-7550",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-7550"
},
{
"name": "RHSA-2017:2966",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2966"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473645",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1473645"
},
{
"url": "https://github.com/ansible/ansible/issues/30874",
"refsource": "MISC",
"name": "https://github.com/ansible/ansible/issues/30874"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Stefano Mazzucco (Kirontech) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
}

101
2017/7xxx/CVE-2017-7551.json
View File

@ -1,41 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-07-31T00:00:00",
"ID": "CVE-2017-7551",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "389-ds-base",
"version": {
"version_data": [
{
"version_value": "before 1.3.5.19 and 1.3.6.7"
}
]
}
}
]
},
"vendor_name": "389 Directory Server"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts."
"value": "A flaw was found in the way 389-ds-base handled authentication attempts against locked accounts. A remote attacker could potentially use this flaw to continue password brute-forcing attacks against LDAP accounts, thereby bypassing the protection offered by the directory server's password lockout policy."
}
]
},
@ -45,23 +21,76 @@
"description": [
{
"lang": "eng",
"value": "CWE-209"
"value": "Generation of Error Message Containing Sensitive Information",
"cweId": "CWE-209"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.3.6.1-19.el7_4",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2569",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2569"
"url": "https://access.redhat.com/errata/RHSA-2017:2569",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2569"
},
{
"name": "https://pagure.io/389-ds-base/issue/49336",
"refsource": "CONFIRM",
"url": "https://pagure.io/389-ds-base/issue/49336"
"url": "https://access.redhat.com/security/cve/CVE-2017-7551",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-7551"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477669",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1477669"
},
{
"url": "https://pagure.io/389-ds-base/issue/49336",
"refsource": "MISC",
"name": "https://pagure.io/389-ds-base/issue/49336"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
}

171
2017/7xxx/CVE-2017-7553.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7553",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints."
"value": "The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources and access restricted endpoints."
}
]
},
@ -44,28 +21,146 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Mobile Application Platform 4.5",
"version": {
"version_data": [
{
"version_value": "0:1.0.0-5.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10-4.el7map",
"version_affected": "!"
},
{
"version_value": "0:4.0.8-8.el7map",
"version_affected": "!"
},
{
"version_value": "0:2.0.3-3.el7map",
"version_affected": "!"
},
{
"version_value": "0:2.33-2.el7map",
"version_affected": "!"
},
{
"version_value": "0:2.05-20.el7map",
"version_affected": "!"
},
{
"version_value": "0:6.0.1-7.el7map",
"version_affected": "!"
},
{
"version_value": "0:1.9.7-3.el7map",
"version_affected": "!"
},
{
"version_value": "0:0.6.10-1.el7map",
"version_affected": "!"
},
{
"version_value": "0:2.11-13.20080912svn311.el7map",
"version_affected": "!"
},
{
"version_value": "0:0.5.6-9.el7map",
"version_affected": "!"
},
{
"version_value": "0:2.8.21-2.el7map",
"version_affected": "!"
},
{
"version_value": "0:4.5.0-11.el7",
"version_affected": "!"
},
{
"version_value": "0:3.3.1-7.el7map",
"version_affected": "!"
},
{
"version_value": "0:1.56-2.el7",
"version_affected": "!"
},
{
"version_value": "0:2.64-14.el7map",
"version_affected": "!"
},
{
"version_value": "0:3.1.3-3.el7map",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2674",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2674"
"url": "https://access.redhat.com/errata/RHSA-2017:2674",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2674"
},
{
"name": "RHSA-2017:2675",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2675"
"url": "https://access.redhat.com/errata/RHSA-2017:2675",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2675"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1478792",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1478792"
"url": "https://access.redhat.com/security/cve/CVE-2017-7553",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-7553"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1478792",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1478792"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Tomas Rzepka for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
]
}

171
2017/7xxx/CVE-2017-7558.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7558",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "4.7-rc1 through 4.13"
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,74 +15,138 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.1/CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
"value": "Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.5.2.rt56.626.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-693.5.2.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-693.5.2.rt56.592.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[linux-netdev] 20170823 [PATCH net] sctp: Avoid out-of-bounds reads from address storage",
"refsource": "MLIST",
"url": "https://marc.info/?l=linux-netdev&m=150348777122761&w=2"
"url": "https://access.redhat.com/errata/RHSA-2017:2918",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2918"
},
{
"name": "RHSA-2017:2918",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2918"
"url": "https://access.redhat.com/errata/RHSA-2017:2930",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2930"
},
{
"name": "RHSA-2017:2931",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2931"
"url": "https://access.redhat.com/errata/RHSA-2017:2931",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2931"
},
{
"name": "100466",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100466"
"url": "http://seclists.org/oss-sec/2017/q3/338",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2017/q3/338"
},
{
"name": "[oss-security] 20170823 CVE-2017-7558: Linux kernel: sctp: out-of-bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info()",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2017/q3/338"
"url": "http://www.securityfocus.com/bid/100466",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/100466"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7558",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7558"
"url": "http://www.securitytracker.com/id/1039221",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1039221"
},
{
"name": "1039221",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039221"
"url": "https://access.redhat.com/security/cve/CVE-2017-7558",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-7558"
},
{
"name": "DSA-3981",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3981"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480266",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1480266"
},
{
"name": "RHSA-2017:2930",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2930"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7558",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7558"
},
{
"url": "https://marc.info/?l=linux-netdev&m=150348777122761&w=2",
"refsource": "MISC",
"name": "https://marc.info/?l=linux-netdev&m=150348777122761&w=2"
},
{
"url": "https://www.debian.org/security/2017/dsa-3981",
"refsource": "MISC",
"name": "https://www.debian.org/security/2017/dsa-3981"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Stefano Brivio (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
}

146
2018/10xxx/CVE-2018-10839.json
View File

@ -1,101 +1,127 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10839",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Qemu-kvm",
"version": {
"version_data": [
{
"version_value": "<= 3.0.0"
}
]
}
}
]
},
"vendor_name": "The QEMU Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS."
"value": "An integer overflow issue was found in the NE200 NIC emulation. It could occur while receiving packets from the network, if the size value was greater than INT_MAX. Such overflow would lead to stack buffer overflow issue. A user inside guest could use this flaw to crash the QEMU process, resulting in DoS scenario."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121"
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.506.el6_10.5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10839",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10839"
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "DSA-4338",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4338"
"url": "https://usn.ubuntu.com/3826-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "USN-3826-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3826-1/"
"url": "https://access.redhat.com/errata/RHSA-2019:2892",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:2892"
},
{
"name": "[oss-security] 20181008 Qemu: integer overflow issues",
"refsource": "MLIST",
"url": "https://www.openwall.com/lists/oss-security/2018/10/08/1"
"url": "https://access.redhat.com/security/cve/CVE-2018-10839",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10839"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581013",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1581013"
},
{
"name": "[qemu-devel] 20180926 [PULL 21/25] ne2000: fix possible out of bound access in ne2000_receive",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10839",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10839"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:2892",
"url": "https://access.redhat.com/errata/RHSA-2019:2892"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.html"
},
{
"url": "https://www.debian.org/security/2018/dsa-4338",
"refsource": "MISC",
"name": "https://www.debian.org/security/2018/dsa-4338"
},
{
"url": "https://www.openwall.com/lists/oss-security/2018/10/08/1",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2018/10/08/1"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Arash Tohidi and Daniel Shapira (Twistlock) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
]
}

134
2018/10xxx/CVE-2018-10840.json
View File

@ -1,96 +1,116 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10840",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "heap-based buffer overflow in fs/ext4/xattr.c",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "kernel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image."
"value": "The Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.2/CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:4.14.0-115.5.1.el7a",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-3752-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-2/"
"url": "https://usn.ubuntu.com/3752-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3752-1/"
},
{
"name": "USN-3752-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-3/"
"url": "https://usn.ubuntu.com/3752-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3752-2/"
},
{
"name": "RHSA-2019:0162",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0162"
"url": "https://usn.ubuntu.com/3752-3/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3752-3/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10840",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10840"
"url": "http://www.securityfocus.com/bid/104858",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/104858"
},
{
"name": "104858",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104858"
"url": "https://access.redhat.com/errata/RHSA-2019:0162",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:0162"
},
{
"name": "USN-3752-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-1/"
"url": "https://access.redhat.com/security/cve/CVE-2018-10840",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10840"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1582346",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1582346"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10840",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10840"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
]
}

156
2018/10xxx/CVE-2018-10846.json
View File

@ -1,116 +1,136 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10846",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gnutls",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of \"Just in Time\" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets."
"value": "A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of \"Just in Time\" Prime+probe and Lucky-13 attacks to recover plain text in a cross-VM attack scenario."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-385"
"value": "Covert Timing Channel",
"cweId": "CWE-385"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.3.29-8.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://eprint.iacr.org/2018/747",
"url": "http://www.securityfocus.com/bid/105138",
"refsource": "MISC",
"url": "https://eprint.iacr.org/2018/747"
"name": "http://www.securityfocus.com/bid/105138"
},
{
"name": "https://gitlab.com/gnutls/gnutls/merge_requests/657",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gnutls/gnutls/merge_requests/657"
"url": "https://access.redhat.com/errata/RHSA-2018:3050",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3050"
},
{
"name": "RHSA-2018:3505",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
"url": "https://access.redhat.com/errata/RHSA-2018:3505",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "105138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105138"
"url": "https://eprint.iacr.org/2018/747",
"refsource": "MISC",
"name": "https://eprint.iacr.org/2018/747"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846"
"url": "https://gitlab.com/gnutls/gnutls/merge_requests/657",
"refsource": "MISC",
"name": "https://gitlab.com/gnutls/gnutls/merge_requests/657"
},
{
"name": "RHSA-2018:3050",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3050"
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html"
},
{
"name": "[debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/"
},
{
"refsource": "UBUNTU",
"name": "USN-3999-1",
"url": "https://usn.ubuntu.com/3999-1/"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-f90fb78f70",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/"
"url": "https://usn.ubuntu.com/3999-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3999-1/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-d14280a6e8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/"
"url": "https://access.redhat.com/security/cve/CVE-2018-10846",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10846"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1582574",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1582574"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
]
}

118
2018/10xxx/CVE-2018-10864.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10864",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redhat-certification:",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,39 +15,92 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
"value": "Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Certification for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:5.16-20180809.el7",
"version_affected": "!"
},
{
"version_value": "0:5.16-20180809.1.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10864",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10864"
"url": "https://access.redhat.com/errata/RHSA-2018:2373",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2373"
},
{
"name": "RHSA-2018:2373",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2373"
"url": "https://access.redhat.com/security/cve/CVE-2018-10864",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10864"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593627",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1593627"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10864",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10864"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Riccardo Schirone (Red Hat Product Security)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
}

120
2018/10xxx/CVE-2018-10872.json
View File

@ -1,86 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10872",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in DoS. This CVE-2018-10872 was assigned due to regression of CVE-2018-8897 in Red Hat Enterprise Linux 6.10 GA kernel. No other versions are affected by this CVE."
"value": "A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in DoS. This CVE-2018-10872 was assigned due to regression of CVE-2018-8897 in Red Hat Enterprise Linux 6.10 GA kernel; no other versions are affected by this CVE."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250"
"value": "Execution with Unnecessary Privileges",
"cweId": "CWE-250"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-754.2.1.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2164",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2164"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "MISC",
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10872",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10872"
"url": "https://access.redhat.com/errata/RHSA-2018:2164",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2164"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-10872",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10872"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596094",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1596094"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10872",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10872"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
]
}

259
2018/10xxx/CVE-2018-10874.json
View File

@ -1,121 +1,236 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10874",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ansible",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result."
"value": "CVE-2018-10874 ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution"
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426"
"value": "Untrusted Search Path",
"cweId": "CWE-426"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Ansible Engine 2.4 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2.4.6.0-1.el7ae",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Ansible Engine 2.5 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2.5.6-1.el7ae",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Ansible Engine 2.6 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2.6.1-1.el7ae",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Ansible Engine 2 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2.6.1-1.el7ae",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"version": {
"version_data": [
{
"version_value": "0:2.4.6.0-1.el7ae",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 12.0 (Pike)",
"version": {
"version_data": [
{
"version_value": "0:2.4.6.0-1.el7ae",
"version_affected": "!"
},
{
"version_value": "0:1.0.1-4.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 13.0 (Queens)",
"version": {
"version_data": [
{
"version_value": "0:2.4.6.0-1.el7ae",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.0.22-1.el7ev",
"version_affected": "!"
},
{
"version_value": "0:4.2-5.0.el7",
"version_affected": "!"
},
{
"version_value": "0:4.2-20180724.0",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2166",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2166"
"url": "http://www.securitytracker.com/id/1041396",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1041396"
},
{
"name": "RHSA-2018:2152",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2152"
"url": "https://access.redhat.com/errata/RHBA-2018:3788",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874"
"url": "https://access.redhat.com/errata/RHSA-2018:2150",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2150"
},
{
"name": "RHSA-2018:2150",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2150"
"url": "https://access.redhat.com/errata/RHSA-2018:2151",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2151"
},
{
"name": "1041396",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041396"
"url": "https://access.redhat.com/errata/RHSA-2018:2152",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2152"
},
{
"name": "RHBA-2018:3788",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
"url": "https://access.redhat.com/errata/RHSA-2018:2166",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2166"
},
{
"name": "RHSA-2019:0054",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
"url": "https://access.redhat.com/errata/RHSA-2018:2321",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2321"
},
{
"name": "RHSA-2018:2151",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2151"
"url": "https://access.redhat.com/errata/RHSA-2018:2585",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"name": "RHSA-2018:2321",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2321"
"url": "https://access.redhat.com/errata/RHSA-2019:0054",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"name": "RHSA-2018:2585",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
"url": "https://access.redhat.com/security/cve/CVE-2018-10874",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10874"
},
{
"refsource": "UBUNTU",
"name": "USN-4072-1",
"url": "https://usn.ubuntu.com/4072-1/"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596528",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1596528"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874"
},
{
"url": "https://usn.ubuntu.com/4072-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/4072-1/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Michael Scherer (OSAS) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}

182
2018/10xxx/CVE-2018-10876.json
View File

@ -1,136 +1,156 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10876",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image."
"value": "A flaw was found in the Linux kernel's ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
"value": "Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:4.14.0-115.6.1.el7a",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://patchwork.ozlabs.org/patch/929239/",
"refsource": "CONFIRM",
"url": "http://patchwork.ozlabs.org/patch/929239/"
"url": "http://www.securityfocus.com/bid/106503",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/106503"
},
{
"name": "USN-3753-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3753-2/"
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8844618d8aa7a9973e7b527d038a2a589665002c",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8844618d8aa7a9973e7b527d038a2a589665002c"
"url": "https://usn.ubuntu.com/3871-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3871-1/"
},
{
"name": "USN-3871-5",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-5/"
"url": "https://usn.ubuntu.com/3871-3/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3871-3/"
},
{
"name": "USN-3871-4",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-4/"
"url": "https://usn.ubuntu.com/3871-4/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3871-4/"
},
{
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
"url": "https://usn.ubuntu.com/3871-5/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3871-5/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10876",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10876"
"url": "https://usn.ubuntu.com/3753-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3753-1/"
},
{
"name": "USN-3871-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-1/"
"url": "https://usn.ubuntu.com/3753-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3753-2/"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=199403",
"refsource": "CONFIRM",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=199403"
"url": "http://patchwork.ozlabs.org/patch/929239/",
"refsource": "MISC",
"name": "http://patchwork.ozlabs.org/patch/929239/"
},
{
"name": "RHSA-2019:0525",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0525"
"url": "http://www.securityfocus.com/bid/104904",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/104904"
},
{
"name": "106503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106503"
"url": "https://access.redhat.com/errata/RHSA-2019:0525",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:0525"
},
{
"name": "USN-3753-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3753-1/"
"url": "https://access.redhat.com/security/cve/CVE-2018-10876",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10876"
},
{
"name": "USN-3871-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-3/"
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=199403",
"refsource": "MISC",
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=199403"
},
{
"refsource": "BID",
"name": "104904",
"url": "http://www.securityfocus.com/bid/104904"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596773",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1596773"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10876",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10876"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8844618d8aa7a9973e7b527d038a2a589665002c",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8844618d8aa7a9973e7b527d038a2a589665002c"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

163
2018/1xxx/CVE-2018-1065.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1065",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux kernel 4.15.0-rc9",
"version": {
"version_data": [
{
"version_value": "Linux kernel 4.15.0-rc9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c."
"value": "A flaw was found in the netfilter/iptables subsystem. A user with the netfilter modification capabilities could insert a rule which could panic the system."
}
]
},
@ -44,68 +21,116 @@
"description": [
{
"lang": "eng",
"value": "NULL pointer dereference"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:4.14.0-115.el7a",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "1040446",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040446"
},
{
"name": "USN-3654-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3654-1/"
},
{
"name": "DSA-4188",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4188"
},
{
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1547824",
"url": "https://access.redhat.com/errata/RHSA-2018:2948",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547824"
"name": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "USN-3654-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3654-2/"
},
{
"name": "http://lists.openwall.net/netdev/2018/01/27/46",
"url": "https://www.debian.org/security/2018/dsa-4188",
"refsource": "MISC",
"url": "http://lists.openwall.net/netdev/2018/01/27/46"
"name": "https://www.debian.org/security/2018/dsa-4188"
},
{
"name": "USN-3656-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3656-1/"
},
{
"name": "http://patchwork.ozlabs.org/patch/870355/",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=57ebd808a97d7c5b1e1afb937c2db22beba3c1f8",
"refsource": "MISC",
"url": "http://patchwork.ozlabs.org/patch/870355/"
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=57ebd808a97d7c5b1e1afb937c2db22beba3c1f8"
},
{
"name": "https://github.com/torvalds/linux/commit/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8",
"url": "http://lists.openwall.net/netdev/2018/01/27/46",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8"
"name": "http://lists.openwall.net/netdev/2018/01/27/46"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=57ebd808a97d7c5b1e1afb937c2db22beba3c1f8",
"url": "http://patchwork.ozlabs.org/patch/870355/",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=57ebd808a97d7c5b1e1afb937c2db22beba3c1f8"
"name": "http://patchwork.ozlabs.org/patch/870355/"
},
{
"url": "http://www.securitytracker.com/id/1040446",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1040446"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-1065",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-1065"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547824",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1547824"
},
{
"url": "https://github.com/torvalds/linux/commit/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8"
},
{
"url": "https://usn.ubuntu.com/3654-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3654-1/"
},
{
"url": "https://usn.ubuntu.com/3654-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3654-2/"
},
{
"url": "https://usn.ubuntu.com/3656-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3656-1/"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

132
2018/1xxx/CVE-2018-1071.json
View File

@ -1,41 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-03-08T00:00:00",
"ID": "CVE-2018-1071",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zsh",
"version": {
"version_data": [
{
"version_value": "5.4.2"
}
]
}
}
]
},
"vendor_name": "zsh"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service."
"value": "CVE-2018-1071 zsh: Stack-based buffer overflow in exec.c:hashcmd()"
}
]
},
@ -45,48 +21,102 @@
"description": [
{
"lang": "eng",
"value": "CWE-121"
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:5.0.2-31.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1553531",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553531"
"url": "http://www.securityfocus.com/bid/103359",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/103359"
},
{
"name": "USN-3608-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3608-1/"
"url": "https://access.redhat.com/errata/RHSA-2018:3073",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3073"
},
{
"name": "103359",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103359"
"url": "https://access.redhat.com/security/cve/CVE-2018-1071",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-1071"
},
{
"name": "GLSA-201805-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-10"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553531",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1553531"
},
{
"name": "[debian-lts-announce] 20180331 [SECURITY] [DLA 1335-1] zsh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html"
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html"
},
{
"name": "RHSA-2018:3073",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3073"
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
"url": "https://security.gentoo.org/glsa/201805-10",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201805-10"
},
{
"url": "https://usn.ubuntu.com/3608-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3608-1/"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Richard Maciel Costa (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
}

122
2018/1xxx/CVE-2018-1075.json
View File

@ -1,81 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1075",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ovirt-engine",
"version": {
"version_data": [
{
"version_value": "up to ovirt-engine 4.2.3"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords."
"value": "A flaw was found in ovirt-engine. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532"
"value": "Insertion of Sensitive Information into Log File",
"cweId": "CWE-532"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Virtualization Engine 4.2",
"version": {
"version_data": [
{
"version_value": "0:4.2.4.5-1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1075",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1075"
"url": "https://access.redhat.com/errata/RHSA-2018:2071",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2071"
},
{
"name": "https://gerrit.ovirt.org/#/c/91653/",
"refsource": "CONFIRM",
"url": "https://gerrit.ovirt.org/#/c/91653/"
"url": "https://access.redhat.com/security/cve/CVE-2018-1075",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-1075"
},
{
"name": "RHSA-2018:2071",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2071"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542508",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1542508"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1075",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1075"
},
{
"url": "https://gerrit.ovirt.org/#/c/91653/",
"refsource": "MISC",
"name": "https://gerrit.ovirt.org/#/c/91653/"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Yedidyah Bar David (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
}

97
2022/25xxx/CVE-2022-25308.json
View File

@ -1,25 +1,58 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25308",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "fribidi",
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "Fixed in v1.0.12"
"version_value": "0:1.0.4-9.el8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "0:1.0.10-6.el9.2",
"version_affected": "!"
}
]
}
@ -30,47 +63,55 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 - Stack-based Buffer Overflow."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/fribidi/fribidi/issues/181",
"refsource": "MISC",
"name": "https://github.com/fribidi/fribidi/issues/181",
"url": "https://github.com/fribidi/fribidi/issues/181"
"name": "https://github.com/fribidi/fribidi/issues/181"
},
{
"url": "https://github.com/fribidi/fribidi/pull/184",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2047890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047890"
"name": "https://github.com/fribidi/fribidi/pull/184"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-25308",
"refsource": "MISC",
"name": "https://github.com/fribidi/fribidi/pull/184",
"url": "https://github.com/fribidi/fribidi/pull/184"
"name": "https://access.redhat.com/security/cve/CVE-2022-25308"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:7514",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-25308",
"url": "https://access.redhat.com/security/cve/CVE-2022-25308"
"name": "https://access.redhat.com/errata/RHSA-2022:7514"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8011",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:8011"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047890",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2047890"
}
]
},
"description": {
"description_data": [
"impact": {
"cvss": [
{
"lang": "eng",
"value": "A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service."
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

97
2022/25xxx/CVE-2022-25309.json
View File

@ -1,25 +1,58 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25309",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "fribidi",
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "Fixed in v1.0.12"
"version_value": "0:1.0.4-9.el8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "0:1.0.10-6.el9.2",
"version_affected": "!"
}
]
}
@ -30,47 +63,55 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 - Heap-based Buffer Overflow."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/fribidi/fribidi/issues/182",
"refsource": "MISC",
"name": "https://github.com/fribidi/fribidi/issues/182",
"url": "https://github.com/fribidi/fribidi/issues/182"
"name": "https://github.com/fribidi/fribidi/issues/182"
},
{
"url": "https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2047896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047896"
"name": "https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-25309",
"refsource": "MISC",
"name": "https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3",
"url": "https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3"
"name": "https://access.redhat.com/security/cve/CVE-2022-25309"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:7514",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-25309",
"url": "https://access.redhat.com/security/cve/CVE-2022-25309"
"name": "https://access.redhat.com/errata/RHSA-2022:7514"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8011",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:8011"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047896",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2047896"
}
]
},
"description": {
"description_data": [
"impact": {
"cvss": [
{
"lang": "eng",
"value": "A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service."
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
}
]
}

97
2022/25xxx/CVE-2022-25310.json
View File

@ -1,25 +1,58 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25310",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "fribidi",
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "Fixed in v1.0.12"
"version_value": "0:1.0.4-9.el8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "0:1.0.10-6.el9.2",
"version_affected": "!"
}
]
}
@ -30,47 +63,55 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/fribidi/fribidi/issues/183",
"refsource": "MISC",
"name": "https://github.com/fribidi/fribidi/issues/183",
"url": "https://github.com/fribidi/fribidi/issues/183"
"name": "https://github.com/fribidi/fribidi/issues/183"
},
{
"url": "https://github.com/fribidi/fribidi/pull/186",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2047923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047923"
"name": "https://github.com/fribidi/fribidi/pull/186"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-25310",
"refsource": "MISC",
"name": "https://github.com/fribidi/fribidi/pull/186",
"url": "https://github.com/fribidi/fribidi/pull/186"
"name": "https://access.redhat.com/security/cve/CVE-2022-25310"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:7514",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-25310",
"url": "https://access.redhat.com/security/cve/CVE-2022-25310"
"name": "https://access.redhat.com/errata/RHSA-2022:7514"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8011",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:8011"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047923",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2047923"
}
]
},
"description": {
"description_data": [
"impact": {
"cvss": [
{
"lang": "eng",
"value": "A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service."
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

145
2022/26xxx/CVE-2022-26353.json
View File

@ -1,25 +1,69 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26353",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage, use-after-free or other unexpected results. A malicious privileged guest could exploit this issue to crash QEMU or potentially execute arbitrary code within the context of the QEMU process on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Release of Resource after Effective Lifetime",
"cweId": "CWE-772"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "qemu-kvm",
"product_name": "Advanced Virtualization for RHEL 8.4.0.EUS",
"version": {
"version_data": [
{
"version_value": "Affected QEMU version: 6.2.0"
"version_value": "8040020220517095834.522a0ee4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "8060020220616155742.ad008a3a",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "17:6.2.0-11.el9_0.3",
"version_affected": "!"
}
]
}
@ -30,52 +74,87 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-772"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html",
"refsource": "MISC",
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html"
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html"
},
{
"url": "https://security.gentoo.org/glsa/202208-27",
"refsource": "MISC",
"name": "https://gitlab.com/qemu-project/qemu/-/commit/abe300d9d894f7138e1af7c8e9c88c04bfe98b37",
"url": "https://gitlab.com/qemu-project/qemu/-/commit/abe300d9d894f7138e1af7c8e9c88c04bfe98b37"
"name": "https://security.gentoo.org/glsa/202208-27"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220425-0003/",
"url": "https://security.netapp.com/advisory/ntap-20220425-0003/"
"url": "https://security.netapp.com/advisory/ntap-20220425-0003/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20220425-0003/"
},
{
"refsource": "DEBIAN",
"name": "DSA-5133",
"url": "https://www.debian.org/security/2022/dsa-5133"
"url": "https://access.redhat.com/errata/RHSA-2022:5002",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:5002"
},
{
"refsource": "GENTOO",
"name": "GLSA-202208-27",
"url": "https://security.gentoo.org/glsa/202208-27"
"url": "https://access.redhat.com/errata/RHSA-2022:5263",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:5263"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:5821",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:5821"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-26353",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-26353"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063197",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2063197"
},
{
"url": "https://gitlab.com/qemu-project/qemu/-/commit/abe300d9d894f7138e1af7c8e9c88c04bfe98b37",
"refsource": "MISC",
"name": "https://gitlab.com/qemu-project/qemu/-/commit/abe300d9d894f7138e1af7c8e9c88c04bfe98b37"
},
{
"url": "https://www.debian.org/security/2022/dsa-5133",
"refsource": "MISC",
"name": "https://www.debian.org/security/2022/dsa-5133"
}
]
},
"description": {
"description_data": [
"work_around": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank VictorV (Kunlun Lab) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"lang": "eng",
"value": "A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0."
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

153
2022/26xxx/CVE-2022-26354.json
View File

@ -1,25 +1,69 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26354",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Release of Resource after Effective Lifetime",
"cweId": "CWE-772"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "qemu-kvm",
"product_name": "Advanced Virtualization for RHEL 8.4.0.EUS",
"version": {
"version_data": [
{
"version_value": "Affected QEMU versions <= 6.2.0"
"version_value": "8040020220517095834.522a0ee4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "8060020220616155742.ad008a3a",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "17:6.2.0-11.el9_0.3",
"version_affected": "!"
}
]
}
@ -30,57 +74,92 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-772"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf",
"refsource": "MISC",
"name": "https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf",
"url": "https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf"
"name": "https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220404 [SECURITY] [DLA 2970-1] qemu security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html"
"url": "https://security.gentoo.org/glsa/202208-27",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202208-27"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220425-0003/",
"url": "https://security.netapp.com/advisory/ntap-20220425-0003/"
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-5133",
"url": "https://www.debian.org/security/2022/dsa-5133"
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202208-27",
"url": "https://security.gentoo.org/glsa/202208-27"
"url": "https://security.netapp.com/advisory/ntap-20220425-0003/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20220425-0003/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
"url": "https://access.redhat.com/errata/RHSA-2022:5002",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:5002"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:5263",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:5263"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:5821",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:5821"
},
{
"url": "https://www.debian.org/security/2022/dsa-5133",
"refsource": "MISC",
"name": "https://www.debian.org/security/2022/dsa-5133"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-26354",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-26354"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063257",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2063257"
}
]
},
"description": {
"description_data": [
"work_around": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank VictorV (Kunlun Lab) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"lang": "eng",
"value": "A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0."
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
]
}

101
2022/2xxx/CVE-2022-2403.json
View File

@ -1,25 +1,58 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2403",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"cweId": "CWE-497"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Openshift",
"product_name": "Red Hat OpenShift Container Platform 4.10",
"version": {
"version_data": [
{
"version_value": "Openshift 4.9 onwards"
"version_value": "v4.10.0-202207160316.p0.g6a015c7.assembly.stream",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.9",
"version": {
"version_data": [
{
"version_value": "v4.9.0-202208020055.p0.g265030f.assembly.stream",
"version_affected": "!"
}
]
}
@ -30,37 +63,57 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-497"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2022-2403",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2101959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101959"
"name": "https://access.redhat.com/security/cve/CVE-2022-2403"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:5664",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-2403",
"url": "https://access.redhat.com/security/cve/CVE-2022-2403"
"name": "https://access.redhat.com/errata/RHSA-2022:5664"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:5879",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:5879"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101959",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2101959"
}
]
},
"description": {
"description_data": [
"work_around": [
{
"lang": "en",
"value": "Removal of the private key from the ConfigMap, or modification of the RBAC permissions is not a sufficient mitigation on its own, as these will both be restored by the authentication-operator.\n\nThis flaw can be mitigated by deploying a custom webhook which filters out the private key from the target ConfigMap, preventing it from being restored by the authentication-operator. An example of this can be found here:\n\nhttps://github.com/sfowl/configmap-cleaner\n\nAfter upgrading to a fixed version of OpenShift or applying the mitigation, all ingress certificates should be rotated:\n\nhttps://docs.openshift.com/container-platform/4.10/security/certificates/replacing-default-ingress-certificate.html#replacing-default-ingress"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Colin Smith (yoloClin, Radiant Security) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"lang": "eng",
"value": "A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate."
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}

105
2022/2xxx/CVE-2022-2519.json
View File

@ -1,25 +1,58 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2519",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A double-free flaw was found in the tiffcrop tool distributed with the libtiff tools package. The double-free issue leads to a denial of service, impacting the availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Double Free",
"cweId": "CWE-415"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "libtiff",
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "libtiff 4.4.0rc1"
"version_value": "0:4.0.9-26.el8_7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "0:4.4.0-5.el9_1",
"version_affected": "!"
}
]
}
@ -30,42 +63,60 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-415"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/libtiff/libtiff/-/issues/423",
"refsource": "MISC",
"name": "https://gitlab.com/libtiff/libtiff/-/issues/423",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/423"
"name": "https://gitlab.com/libtiff/libtiff/-/issues/423"
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378",
"refsource": "MISC",
"name": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378"
"name": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378"
},
{
"refsource": "DEBIAN",
"name": "DSA-5333",
"url": "https://www.debian.org/security/2023/dsa-5333"
"url": "https://www.debian.org/security/2023/dsa-5333",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5333"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0095",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0095"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0302",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0302"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-2519",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-2519"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122789",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2122789"
}
]
},
"description": {
"description_data": [
"impact": {
"cvss": [
{
"lang": "eng",
"value": "There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1"
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

105
2022/2xxx/CVE-2022-2520.json
View File

@ -1,25 +1,58 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2520",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "CVE-2022-2520 libtiff: Assertion fail in rotateImage() function at tiffcrop.c"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Calculation of Buffer Size",
"cweId": "CWE-131"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "libtiff",
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "libtiff 4.4.0rc1"
"version_value": "0:4.0.9-26.el8_7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "0:4.4.0-5.el9_1",
"version_affected": "!"
}
]
}
@ -30,42 +63,60 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-131"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/libtiff/libtiff/-/issues/424",
"refsource": "MISC",
"name": "https://gitlab.com/libtiff/libtiff/-/issues/424",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/424"
"name": "https://gitlab.com/libtiff/libtiff/-/issues/424"
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378",
"refsource": "MISC",
"name": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378"
"name": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378"
},
{
"refsource": "DEBIAN",
"name": "DSA-5333",
"url": "https://www.debian.org/security/2023/dsa-5333"
"url": "https://www.debian.org/security/2023/dsa-5333",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5333"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0095",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0095"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0302",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0302"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-2520",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-2520"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122792",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2122792"
}
]
},
"description": {
"description_data": [
"impact": {
"cvss": [
{
"lang": "eng",
"value": "A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input."
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

105
2022/2xxx/CVE-2022-2521.json
View File

@ -1,25 +1,58 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2521",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "CVE-2022-2521 libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Release of Invalid Pointer or Reference",
"cweId": "CWE-763"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "libtiff",
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "libtiff 4.4.0rc1"
"version_value": "0:4.0.9-26.el8_7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "0:4.4.0-5.el9_1",
"version_affected": "!"
}
]
}
@ -30,42 +63,60 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-763"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/libtiff/libtiff/-/issues/422",
"refsource": "MISC",
"name": "https://gitlab.com/libtiff/libtiff/-/issues/422",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/422"
"name": "https://gitlab.com/libtiff/libtiff/-/issues/422"
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378",
"refsource": "MISC",
"name": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378"
"name": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378"
},
{
"refsource": "DEBIAN",
"name": "DSA-5333",
"url": "https://www.debian.org/security/2023/dsa-5333"
"url": "https://www.debian.org/security/2023/dsa-5333",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5333"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0095",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0095"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0302",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0302"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-2521",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-2521"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122799",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2122799"
}
]
},
"description": {
"description_data": [
"impact": {
"cvss": [
{
"lang": "eng",
"value": "It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input."
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

137
2022/2xxx/CVE-2022-2735.json
View File

@ -1,25 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2735",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the \"hacluster\" token, this flaw allows an attacker to have complete control over the cluster managed by PCS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Default Permissions",
"cweId": "CWE-276"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "ClusterLabs/pcs",
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "Affects v0.10.5 and later including all 0.11.x."
"version_value": "0:0.10.12-6.el8_6.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:0.10.4-6.el8_2.3",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:0.10.8-1.el8_4.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "0:0.11.1-10.el9_0.2",
"version_affected": "!"
}
]
}
@ -30,47 +85,71 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 - Incorrect Default Permissions."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.openwall.com/lists/oss-security/2022/09/01/4",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2116815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116815"
"name": "https://www.openwall.com/lists/oss-security/2022/09/01/4"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-2735",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2022/09/01/4",
"url": "https://www.openwall.com/lists/oss-security/2022/09/01/4"
"name": "https://access.redhat.com/security/cve/CVE-2022-2735"
},
{
"url": "https://www.debian.org/security/2022/dsa-5226",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-2735",
"url": "https://access.redhat.com/security/cve/CVE-2022-2735"
"name": "https://www.debian.org/security/2022/dsa-5226"
},
{
"refsource": "DEBIAN",
"name": "DSA-5226",
"url": "https://www.debian.org/security/2022/dsa-5226"
"url": "https://access.redhat.com/errata/RHSA-2022:6312",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:6312"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:6313",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:6313"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:6314",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:6314"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:6341",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:6341"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116815",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2116815"
}
]
},
"description": {
"description_data": [
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Ondrej Mular (Senior Software Engineer, Red Hat)."
}
],
"impact": {
"cvss": [
{
"lang": "eng",
"value": "A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the \"hacluster\" token, this flaw allows an attacker to have complete control over the cluster managed by PCS."
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

73
2022/2xxx/CVE-2022-2738.json
View File

@ -1,25 +1,47 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2738",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "podman",
"product_name": "Red Hat Enterprise Linux 7 Extras",
"version": {
"version_data": [
{
"version_value": "podman 1.6.4-32.el7_9"
"version_value": "0:1.6.4-36.el7_9",
"version_affected": "!"
}
]
}
@ -30,37 +52,40 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2022-2738",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2116923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116923"
"name": "https://access.redhat.com/security/cve/CVE-2022-2738"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:6119",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-2738",
"url": "https://access.redhat.com/security/cve/CVE-2022-2738"
"name": "https://access.redhat.com/errata/RHSA-2022:6119"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116923",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2116923"
}
]
},
"description": {
"description_data": [
"impact": {
"cvss": [
{
"lang": "eng",
"value": "The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification."
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

109
2022/2xxx/CVE-2022-2989.json
View File

@ -1,25 +1,62 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2989",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Placement of User into Incorrect Group",
"cweId": "CWE-842"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "podman",
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "no fixed version known"
"version_value": "8070020221026183352.489fc8e9",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "1:1.27.0-2.el9",
"version_affected": "!"
},
{
"version_value": "2:4.2.0-7.el9_1",
"version_affected": "!"
}
]
}
@ -30,37 +67,61 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-842"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2121445",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121445"
"name": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:7822",
"refsource": "MISC",
"name": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/",
"url": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/"
"name": "https://access.redhat.com/errata/RHSA-2022:7822"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8008",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:8008"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8431",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:8431"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-2989",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-2989"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121445",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2121445"
}
]
},
"description": {
"description_data": [
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Steven Murdoch for reporting this issue."
}
],
"impact": {
"cvss": [
{
"lang": "eng",
"value": "An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container."
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

118
2022/2xxx/CVE-2022-2990.json
View File

@ -1,25 +1,66 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2990",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Placement of User into Incorrect Group",
"cweId": "CWE-842"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "buildah",
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "no fixed version known"
"version_value": "8070020220929222448.39077419",
"version_affected": "!"
},
{
"version_value": "8070020221026183352.489fc8e9",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "1:1.27.0-2.el9",
"version_affected": "!"
},
{
"version_value": "2:4.2.0-7.el9_1",
"version_affected": "!"
}
]
}
@ -30,37 +71,66 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-842"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/",
"refsource": "MISC",
"name": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/",
"url": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/"
"name": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:7822",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2121453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121453"
"name": "https://access.redhat.com/errata/RHSA-2022:7822"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8008",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:8008"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8431",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:8431"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:7457",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:7457"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-2990",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-2990"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121453",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2121453"
}
]
},
"description": {
"description_data": [
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Steven Murdoch for reporting this issue."
}
],
"impact": {
"cvss": [
{
"lang": "eng",
"value": "An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container."
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

150
2022/34xxx/CVE-2022-34858.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-02T11:48:00.000Z",
"ID": "CVE-2022-34858",
"STATE": "PUBLIC",
"TITLE": "WordPress OAuth 2.0 client for SSO plugin <= 1.11.3 - Authentication Bypass vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OAuth 2.0 client for SSO (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.11.3",
"version_value": "1.11.3"
}
]
}
}
]
},
"vendor_name": "miniOrange"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Lana Codes (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-34858",
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,58 +15,93 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "miniOrange",
"product": {
"product_data": [
{
"product_name": "OAuth 2.0 client for SSO (WordPress plugin)",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/oauth-client/wordpress-oauth-2-0-client-for-sso-plugin-1-11-3-authentication-bypass-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/oauth-client/wordpress-oauth-2-0-client-for-sso-plugin-1-11-3-authentication-bypass-vulnerability"
},
{
"name": "https://wordpress.org/plugins/oauth-client/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/oauth-client/#developers"
"url": "https://patchstack.com/database/vulnerability/oauth-client/wordpress-oauth-2-0-client-for-sso-plugin-1-11-3-authentication-bypass-vulnerability",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/oauth-client/wordpress-oauth-2-0-client-for-sso-plugin-1-11-3-authentication-bypass-vulnerability"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 1.11.4 or higher version."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Update to 1.11.4 or higher version.</p>"
}
],
"value": "Update to 1.11.4 or higher version.\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Lana Codes (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

74
2022/3xxx/CVE-2022-3259.json
View File

@ -1,25 +1,47 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3259",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "CVE-2022-3259 OpenShift: Missing HTTP Strict Transport Security"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Initialization",
"cweId": "CWE-665"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "OpenShift",
"product_name": "Red Hat OpenShift Container Platform 4.12",
"version": {
"version_data": [
{
"version_value": "4.9.0"
"version_value": "0:4.12.0-202301042257.p0.g77bec7a.assembly.stream.el8",
"version_affected": "!"
}
]
}
@ -30,32 +52,40 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-665"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2022:7398",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2103220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103220"
"name": "https://access.redhat.com/errata/RHSA-2022:7398"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-3259",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-3259"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103220",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2103220"
}
]
},
"description": {
"description_data": [
"impact": {
"cvss": [
{
"lang": "eng",
"value": "Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks."
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

18
2023/24xxx/CVE-2023-24018.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24018",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}