admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-02 21:01:15 +00:00
parent 3a363d3f8c
commit 4a7ce04cbe
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
37 changed files with 5156 additions and 1581 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

183
2015/7xxx/CVE-2015-7713.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7713",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made."
"value": "A vulnerability was discovered in the way OpenStack Compute (nova) networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances."
}
]
},
@ -44,43 +21,155 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2014.1.5-16.el6ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2014.1.5-9.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2014.2.3-42.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2015.1.2-7.el7ost",
"version_affected": "!"
},
{
"version_value": "1:2.23.0-2.el7ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "76960",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76960"
"url": "https://access.redhat.com/errata/RHSA-2016:0017",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0017"
},
{
"name": "https://bugs.launchpad.net/nova/+bug/1491307",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/nova/+bug/1491307"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2684.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2684.html"
},
{
"name": "RHSA-2015:2673",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2015:2673"
"url": "http://www.securityfocus.com/bid/76960",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/76960"
},
{
"name": "https://bugs.launchpad.net/nova/+bug/1492961",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/nova/+bug/1492961"
"url": "https://access.redhat.com/errata/RHSA-2015:2673",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2673"
},
{
"name": "RHSA-2015:2684",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2684.html"
"url": "https://access.redhat.com/errata/RHSA-2015:2684",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2684"
},
{
"name": "https://security.openstack.org/ossa/OSSA-2015-021.html",
"refsource": "CONFIRM",
"url": "https://security.openstack.org/ossa/OSSA-2015-021.html"
"url": "https://access.redhat.com/errata/RHSA-2016:0013",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0013"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-7713",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-7713"
},
{
"url": "https://bugs.launchpad.net/nova/+bug/1491307",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/nova/+bug/1491307"
},
{
"url": "https://bugs.launchpad.net/nova/+bug/1492961",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/nova/+bug/1492961"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269119",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1269119"
},
{
"url": "https://security.openstack.org/ossa/OSSA-2015-021.html",
"refsource": "MISC",
"name": "https://security.openstack.org/ossa/OSSA-2015-021.html"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
]
}

225
2015/8xxx/CVE-2015-8817.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-8817",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS."
"value": "An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service)."
}
]
},
@ -44,68 +21,192 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-27.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-27.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-27.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-27.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-27.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2671",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2671.html"
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=23820dbfc79d1c9dce090b4c555994f2bb6a69b3",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=23820dbfc79d1c9dce090b4c555994f2bb6a69b3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=23820dbfc79d1c9dce090b4c555994f2bb6a69b3",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=23820dbfc79d1c9dce090b4c555994f2bb6a69b3"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2670.html"
},
{
"name": "RHSA-2016:2706",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2706.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2671.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2671.html"
},
{
"name": "[oss-security] 20160301 CVE request Qemu: OOB access in address_space_rw leads to segmentation fault",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/01/1"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2704.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2704.html"
},
{
"name": "[oss-security] 20160301 Re: CVE request Qemu: OOB access in address_space_rw leads to segmentation fault",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/01/10"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2705.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2705.html"
},
{
"name": "RHSA-2016:2705",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2705.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2706.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2706.html"
},
{
"name": "[qemu-stable] 20160127 [PATCH for v2.3.1] exec: Respect as_translate_internal length clamp",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html"
"url": "http://www.openwall.com/lists/oss-security/2016/03/01/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/03/01/1"
},
{
"name": "RHSA-2016:2670",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html"
"url": "http://www.openwall.com/lists/oss-security/2016/03/01/10",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/03/01/10"
},
{
"name": "RHSA-2016:2704",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2704.html"
"url": "https://access.redhat.com/errata/RHSA-2016:2670",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2670"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459"
"url": "https://access.redhat.com/errata/RHSA-2016:2671",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2671"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2704",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2704"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2705",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2705"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2706",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2706"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-8817",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-8817"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
}

213
2015/8xxx/CVE-2015-8818.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-8818",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors."
"value": "An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service)."
}
]
},
@ -44,58 +21,182 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-27.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-27.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-27.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-27.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-27.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2671",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2671.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2670.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2671.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2671.html"
},
{
"name": "RHSA-2016:2706",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2706.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2704.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2704.html"
},
{
"name": "[oss-security] 20160301 CVE request Qemu: OOB access in address_space_rw leads to segmentation fault",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/01/1"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2705.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2705.html"
},
{
"name": "[oss-security] 20160301 Re: CVE request Qemu: OOB access in address_space_rw leads to segmentation fault",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/01/10"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2706.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2706.html"
},
{
"name": "RHSA-2016:2705",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2705.html"
"url": "http://www.openwall.com/lists/oss-security/2016/03/01/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/03/01/1"
},
{
"name": "RHSA-2016:2670",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html"
"url": "http://www.openwall.com/lists/oss-security/2016/03/01/10",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/03/01/10"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=b242e0e0e2969c044a318e56f7988bbd84de1f63",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=b242e0e0e2969c044a318e56f7988bbd84de1f63"
"url": "https://access.redhat.com/errata/RHSA-2016:2670",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2670"
},
{
"name": "RHSA-2016:2704",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2704.html"
"url": "https://access.redhat.com/errata/RHSA-2016:2671",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2671"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2704",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2704"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2705",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2705"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2706",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2706"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
},
{
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=b242e0e0e2969c044a318e56f7988bbd84de1f63",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=b242e0e0e2969c044a318e56f7988bbd84de1f63"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-8818",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-8818"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
}

202
2015/8xxx/CVE-2015-8970.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-8970",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c."
"value": "The lrw_crypt() function in 'crypto/lrw.c' in the Linux kernel before 4.5 allows local users to cause a system crash and a denial of service by the NULL pointer dereference via accept(2) system call for AF_ALG socket without calling setkey() first to set a cipher key."
}
]
},
@ -44,68 +21,169 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.rt56.617.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-693.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.3 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.28.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-514.rt56.231.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2437",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2437"
"url": "https://access.redhat.com/errata/RHSA-2017:1842",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1842"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.2"
"url": "https://access.redhat.com/errata/RHSA-2017:2077",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd504589577d8e8e70f51f997ad487a4cb6c026f",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd504589577d8e8e70f51f997ad487a4cb6c026f"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd504589577d8e8e70f51f997ad487a4cb6c026f",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd504589577d8e8e70f51f997ad487a4cb6c026f"
},
{
"name": "RHSA-2017:2444",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2444"
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.2",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.2"
},
{
"name": "RHSA-2017:2077",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2077"
"url": "http://www.openwall.com/lists/oss-security/2016/11/04/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/11/04/3"
},
{
"name": "RHSA-2017:1842",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1842"
"url": "http://www.securityfocus.com/bid/94217",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94217"
},
{
"name": "https://github.com/torvalds/linux/commit/dd504589577d8e8e70f51f997ad487a4cb6c026f",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/dd504589577d8e8e70f51f997ad487a4cb6c026f"
"url": "https://access.redhat.com/errata/RHSA-2017:2437",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2437"
},
{
"name": "[oss-security] 20161104 Re: CVE request -- linux kernel: crypto: GPF in lrw_crypt caused by null-deref",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/04/3"
"url": "https://access.redhat.com/errata/RHSA-2017:2444",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2444"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1386286",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386286"
"url": "https://access.redhat.com/security/cve/CVE-2015-8970",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-8970"
},
{
"name": "94217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94217"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386286",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1386286"
},
{
"name": "https://groups.google.com/forum/#!msg/syzkaller/frb2XrB5aWk/xCXzkIBcDAAJ",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!msg/syzkaller/frb2XrB5aWk/xCXzkIBcDAAJ"
"url": "https://github.com/torvalds/linux/commit/dd504589577d8e8e70f51f997ad487a4cb6c026f",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/dd504589577d8e8e70f51f997ad487a4cb6c026f"
},
{
"url": "https://groups.google.com/forum/#%21msg/syzkaller/frb2XrB5aWk/xCXzkIBcDAAJ",
"refsource": "MISC",
"name": "https://groups.google.com/forum/#%21msg/syzkaller/frb2XrB5aWk/xCXzkIBcDAAJ"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Igor Redko (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

402
2016/0xxx/CVE-2016-0718.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0718",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow."
"value": "An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application."
}
]
},
@ -44,163 +21,240 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.0.1-13.el6_8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.1.0-10.el7_3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2824",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2824.html"
},
{
"name": "https://www.tenable.com/security/tns-2016-20",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"name": "1037705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037705"
},
{
"name": "1036415",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036415"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "USN-2983-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2983-1"
},
{
"name": "openSUSE-SU-2016:1523",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html"
},
{
"name": "http://support.eset.com/ca6333/",
"refsource": "CONFIRM",
"url": "http://support.eset.com/ca6333/"
},
{
"name": "90729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90729"
},
{
"name": "USN-3044-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3044-1"
},
{
"name": "[oss-security] 20160517 CVE-2016-0718: Expat XML Parser Crashes on Malformed Input",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/17/12"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "SUSE-SU-2016:1508",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1236923",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1236923"
},
{
"name": "20170227 CVE-2016-9892 - Remote Code Execution as Root via ESET Endpoint Antivirus 6",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Feb/68"
},
{
"name": "GLSA-201701-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-21"
},
{
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name": "DSA-3582",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3582"
},
{
"name": "SUSE-SU-2016:1512",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1296102",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296102"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-68.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-68.html"
},
{
"name": "openSUSE-SU-2016:1964",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html"
},
{
"name": "RHSA-2018:2486",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "1036348",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036348"
},
{
"name": "https://support.apple.com/HT206903",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206903"
},
{
"name": "openSUSE-SU-2016:1441",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html"
},
{
"name": "openSUSE-SU-2016:2026",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html"
},
{
"name": "http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"refsource": "CONFIRM",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365"
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"url": "http://www.securitytracker.com/id/1036348",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1036348"
},
{
"url": "https://support.apple.com/HT206903",
"refsource": "MISC",
"name": "https://support.apple.com/HT206903"
},
{
"url": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"url": "https://security.gentoo.org/glsa/201701-21",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201701-21"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html"
},
{
"url": "http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-2824.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2824.html"
},
{
"url": "http://seclists.org/fulldisclosure/2017/Feb/68",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2017/Feb/68"
},
{
"url": "http://support.eset.com/ca6333/",
"refsource": "MISC",
"name": "http://support.eset.com/ca6333/"
},
{
"url": "http://www.debian.org/security/2016/dsa-3582",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3582"
},
{
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-68.html",
"refsource": "MISC",
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-68.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2016/05/17/12",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/05/17/12"
},
{
"url": "http://www.securityfocus.com/bid/90729",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/90729"
},
{
"url": "http://www.securitytracker.com/id/1036415",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1036415"
},
{
"url": "http://www.securitytracker.com/id/1037705",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037705"
},
{
"url": "http://www.ubuntu.com/usn/USN-2983-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2983-1"
},
{
"url": "http://www.ubuntu.com/usn/USN-3044-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3044-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2824",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2824"
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:2486",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-0718",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-0718"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1236923",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1236923"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296102",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1296102"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365",
"refsource": "MISC",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365"
},
{
"url": "https://www.tenable.com/security/tns-2016-20",
"refsource": "MISC",
"name": "https://www.tenable.com/security/tns-2016-20"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Gustavo Grieco for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

149
2016/0xxx/CVE-2016-0721.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0721",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in pcsd in pcs before 0.9.157."
"value": "It was found that pcsd did not invalidate cookies on the server side when a user logged out. This could potentially allow an attacker to perform session fixation attacks on pcsd."
}
]
},
@ -44,53 +21,119 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Session Fixation",
"cweId": "CWE-384"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:0.9.152-10.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/ClusterLabs/pcs/commit/bc6ad9086857559db57f4e3e6de66762291c0774",
"refsource": "CONFIRM",
"url": "https://github.com/ClusterLabs/pcs/commit/bc6ad9086857559db57f4e3e6de66762291c0774"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178261.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178261.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1299615",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1299615"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178384.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178384.html"
},
{
"name": "https://github.com/ClusterLabs/pcs/commit/e9b28833d54a47ec441f6dbad0db96e1fc662a5b",
"refsource": "CONFIRM",
"url": "https://github.com/ClusterLabs/pcs/commit/e9b28833d54a47ec441f6dbad0db96e1fc662a5b"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2596.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2596.html"
},
{
"name": "FEDORA-2016-cdd4228cc7",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178384.html"
"url": "https://access.redhat.com/errata/RHSA-2016:2596",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2596"
},
{
"name": "97977",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97977"
"url": "http://www.securityfocus.com/bid/97977",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/97977"
},
{
"name": "RHSA-2016:2596",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2596.html"
"url": "https://access.redhat.com/security/cve/CVE-2016-0721",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-0721"
},
{
"name": "https://github.com/ClusterLabs/pcs/commit/acdbbe8307e6f4a36b2c7754765e732e43fe8d17",
"refsource": "CONFIRM",
"url": "https://github.com/ClusterLabs/pcs/commit/acdbbe8307e6f4a36b2c7754765e732e43fe8d17"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1299615",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1299615"
},
{
"name": "FEDORA-2016-3b20c4ec9d",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178261.html"
"url": "https://github.com/ClusterLabs/pcs/commit/acdbbe8307e6f4a36b2c7754765e732e43fe8d17",
"refsource": "MISC",
"name": "https://github.com/ClusterLabs/pcs/commit/acdbbe8307e6f4a36b2c7754765e732e43fe8d17"
},
{
"url": "https://github.com/ClusterLabs/pcs/commit/bc6ad9086857559db57f4e3e6de66762291c0774",
"refsource": "MISC",
"name": "https://github.com/ClusterLabs/pcs/commit/bc6ad9086857559db57f4e3e6de66762291c0774"
},
{
"url": "https://github.com/ClusterLabs/pcs/commit/e9b28833d54a47ec441f6dbad0db96e1fc662a5b",
"refsource": "MISC",
"name": "https://github.com/ClusterLabs/pcs/commit/e9b28833d54a47ec441f6dbad0db96e1fc662a5b"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Martin Prpic (Red Hat Product Security)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

160
2016/0xxx/CVE-2016-0749.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0749",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow."
"value": "A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to crash the QEMU-KVM process or execute arbitrary code with the privileges of the host's QEMU-KVM process."
}
]
},
@ -44,53 +21,130 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:0.12.4-13.el6.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:0.12.4-15.el7_2.1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "GLSA-201606-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-05"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
"url": "https://security.gentoo.org/glsa/201606-05",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201606-05"
},
{
"name": "openSUSE-SU-2016:1725",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00003.html"
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00003.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00003.html"
},
{
"name": "USN-3014-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3014-1"
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00004.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00004.html"
},
{
"name": "openSUSE-SU-2016:1726",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00004.html"
"url": "http://www.debian.org/security/2016/dsa-3596",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3596"
},
{
"name": "RHSA-2016:1205",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1205"
"url": "http://www.ubuntu.com/usn/USN-3014-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3014-1"
},
{
"name": "DSA-3596",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3596"
"url": "https://access.redhat.com/errata/RHSA-2016:1204",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1204"
},
{
"name": "RHSA-2016:1204",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1204"
"url": "https://access.redhat.com/errata/RHSA-2016:1205",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1205"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-0749",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-0749"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300646",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1300646"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Jing Zhao (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

172
2016/0xxx/CVE-2016-0757.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0757",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image."
"value": "An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw to silently replace owned image data, regardless of its original creator or visibility settings. Only environments with show_multiple_locations set to true (not default) were affected."
}
]
},
@ -44,28 +21,147 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2014.1.5-5.el6ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2014.1.5-5.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2014.2.3-4.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2015.1.2-2.el7ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:0309",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0309.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-0309.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0309.html"
},
{
"name": "82696",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/82696"
"url": "http://www.securityfocus.com/bid/82696",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/82696"
},
{
"name": "https://security.openstack.org/ossa/OSSA-2016-006.html",
"refsource": "CONFIRM",
"url": "https://security.openstack.org/ossa/OSSA-2016-006.html"
"url": "https://access.redhat.com/errata/RHSA-2016:0309",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0309"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0352",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0352"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0354",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0354"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0358",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0358"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-0757",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-0757"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302607",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1302607"
},
{
"url": "https://security.openstack.org/ossa/OSSA-2016-006.html",
"refsource": "MISC",
"name": "https://security.openstack.org/ossa/OSSA-2016-006.html"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank the Openstack project for reporting this issue. Upstream acknowledges Erno Kuvaja (HPE) as the original reporter."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
]
}

324
2016/0xxx/CVE-2016-0758.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0758",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data."
"value": "A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system."
}
]
},
@ -44,178 +21,269 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-327.18.2.rt56.223.el7_2",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-327.18.2.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-327.rt56.183.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-2979-4",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2979-4"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "SUSE-SU-2016:2010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "SUSE-SU-2016:2011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:2003",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "https://github.com/torvalds/linux/commit/23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa"
},
{
"name": "SUSE-SU-2016:1994",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
},
{
"name": "RHSA-2016:1055",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1055.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
},
{
"name": "SUSE-SU-2016:1961",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
},
{
"name": "SUSE-SU-2016:2001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
},
{
"name": "SUSE-SU-2016:1985",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
},
{
"name": "openSUSE-SU-2016:2184",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
},
{
"name": "SUSE-SU-2016:2006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
},
{
"name": "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-10-01.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
},
{
"name": "[oss-security] 20160513 CVE-2016-0758 - Linux kernel - Flaw in ASN.1 DER decoder for x509 certificate DER files.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/12/9"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
},
{
"name": "SUSE-SU-2016:2014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
},
{
"name": "RHSA-2016:1033",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1033.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
},
{
"name": "openSUSE-SU-2016:1641",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1300257",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300257"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "RHSA-2016:1051",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1051.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "SUSE-SU-2016:2009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1033.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1033.html"
},
{
"name": "SUSE-SU-2016:2005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1051.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1051.html"
},
{
"name": "SUSE-SU-2016:2007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1055.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1055.html"
},
{
"name": "90626",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90626"
"url": "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource": "MISC",
"name": "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name": "SUSE-SU-2016:2000",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
"url": "http://www.openwall.com/lists/oss-security/2016/05/12/9",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/05/12/9"
},
{
"name": "SUSE-SU-2016:1995",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
"url": "http://www.securityfocus.com/bid/90626",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/90626"
},
{
"name": "SUSE-SU-2016:2105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
"url": "http://www.ubuntu.com/usn/USN-2979-4",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2979-4"
},
{
"name": "SUSE-SU-2016:2002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
"url": "https://access.redhat.com/errata/RHSA-2016:1033",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1033"
},
{
"name": "HPSBHF3548",
"refsource": "HP",
"url": "https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158555"
"url": "https://access.redhat.com/errata/RHSA-2016:1051",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1051"
},
{
"name": "SUSE-SU-2016:1937",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
"url": "https://access.redhat.com/errata/RHSA-2016:1055",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1055"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-0758",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-0758"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300257",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1300257"
},
{
"url": "https://github.com/torvalds/linux/commit/23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa"
},
{
"url": "https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158555",
"refsource": "MISC",
"name": "https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158555"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Philip Pettersson (Samsung) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.2,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

178
2016/0xxx/CVE-2016-0794.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0794",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document."
"value": "Multiple flaws were found in the Lotus Word Pro (LWP) document format parser in LibreOffice. By tricking a user into opening a specially crafted LWP document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file."
}
]
},
@ -44,68 +21,145 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:0.5.1-2.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.3-1.el7",
"version_affected": "!"
},
{
"version_value": "1:5.0.6.2-3.el7",
"version_affected": "!"
},
{
"version_value": "0:0.12.1-1.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1415",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00110.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178036.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178036.html"
},
{
"name": "openSUSE-SU-2016:1805",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00050.html"
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00110.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00110.html"
},
{
"name": "20160217 Multiple Vendor LibreOffice Writer Lotus Word Pro Bullet Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1222"
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00050.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00050.html"
},
{
"name": "FEDORA-2016-962c0d156d",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178036.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2579.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2579.html"
},
{
"name": "20160217 Multiple Vendor LibreOffice Writer Lotus Word Pro 'ReadRootData' Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1220"
"url": "http://www.debian.org/security/2016/dsa-3482",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3482"
},
{
"name": "1035022",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035022"
"url": "http://www.securitytracker.com/id/1035022",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1035022"
},
{
"name": "RHSA-2016:2579",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2579.html"
"url": "http://www.ubuntu.com/usn/USN-2899-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2899-1"
},
{
"name": "https://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/",
"refsource": "CONFIRM",
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/"
"url": "https://access.redhat.com/errata/RHSA-2016:2579",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2579"
},
{
"name": "20160217 Multiple Vendor LibreOffice Writer Lotus Word Pro TabRack Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1221"
"url": "https://access.redhat.com/security/cve/CVE-2016-0794",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-0794"
},
{
"name": "DSA-3482",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3482"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1306609",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1306609"
},
{
"name": "USN-2899-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2899-1"
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/",
"refsource": "MISC",
"name": "https://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/"
},
{
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1220",
"refsource": "MISC",
"name": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1220"
},
{
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1221",
"refsource": "MISC",
"name": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1221"
},
{
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1222",
"refsource": "MISC",
"name": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1222"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

166
2016/0xxx/CVE-2016-0795.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0795",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document."
"value": "Multiple flaws were found in the Lotus Word Pro (LWP) document format parser in LibreOffice. By tricking a user into opening a specially crafted LWP document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file."
}
]
},
@ -44,58 +21,135 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:0.5.1-2.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.3-1.el7",
"version_affected": "!"
},
{
"version_value": "1:5.0.6.2-3.el7",
"version_affected": "!"
},
{
"version_value": "0:0.12.1-1.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "20160217 Multiple Vendor LibreOffice Writer Lotus Word Pro 'TocSuperLayout' Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1223"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178036.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178036.html"
},
{
"name": "https://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/",
"refsource": "CONFIRM",
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/"
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00110.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00110.html"
},
{
"name": "openSUSE-SU-2016:1415",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00110.html"
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00050.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00050.html"
},
{
"name": "openSUSE-SU-2016:1805",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00050.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2579.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2579.html"
},
{
"name": "FEDORA-2016-962c0d156d",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178036.html"
"url": "http://www.debian.org/security/2016/dsa-3482",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3482"
},
{
"name": "1035022",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035022"
"url": "http://www.securitytracker.com/id/1035022",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1035022"
},
{
"name": "RHSA-2016:2579",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2579.html"
"url": "http://www.ubuntu.com/usn/USN-2899-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2899-1"
},
{
"name": "DSA-3482",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3482"
"url": "https://access.redhat.com/errata/RHSA-2016:2579",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2579"
},
{
"name": "USN-2899-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2899-1"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1306609",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1306609"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-0795",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-0795"
},
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/",
"refsource": "MISC",
"name": "https://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/"
},
{
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1223",
"refsource": "MISC",
"name": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1223"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

170
2018/10xxx/CVE-2018-10877.json
View File

@ -1,126 +1,146 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10877",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image."
"value": "A flaw was found in the Linux kernel ext4 filesystem. An out-of-bound access is possible in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
"value": "Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:4.14.0-115.el7a",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10877",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10877"
"url": "https://usn.ubuntu.com/3754-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3754-1/"
},
{
"name": "USN-3753-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3753-2/"
"url": "http://www.securityfocus.com/bid/106503",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/106503"
},
{
"name": "USN-3754-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3754-1/"
"url": "https://access.redhat.com/errata/RHSA-2018:2948",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "USN-3871-5",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-5/"
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"name": "USN-3871-4",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-4/"
"url": "https://usn.ubuntu.com/3871-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3871-1/"
},
{
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
"url": "https://usn.ubuntu.com/3871-3/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3871-3/"
},
{
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
"url": "https://usn.ubuntu.com/3871-4/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3871-4/"
},
{
"name": "USN-3871-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-1/"
"url": "https://usn.ubuntu.com/3871-5/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3871-5/"
},
{
"name": "106503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106503"
"url": "https://usn.ubuntu.com/3753-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3753-1/"
},
{
"name": "USN-3753-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3753-1/"
"url": "https://usn.ubuntu.com/3753-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3753-2/"
},
{
"name": "USN-3871-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-3/"
"url": "http://www.securityfocus.com/bid/104878",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/104878"
},
{
"refsource": "BID",
"name": "104878",
"url": "http://www.securityfocus.com/bid/104878"
"url": "https://access.redhat.com/security/cve/CVE-2018-10877",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10877"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596795",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1596795"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10877",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10877"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
]
}

147
2018/10xxx/CVE-2018-10893.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10893",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "spice-client",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,57 +15,121 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.6/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122"
"value": "Integer Overflow or Wraparound",
"cweId": "CWE-190"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"description": [
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"lang": "eng",
"value": "CWE-190"
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:0.26-8.el6_10.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:0.3.4-3.el7",
"version_affected": "!"
},
{
"version_value": "0:0.35-4.el7",
"version_affected": "!"
},
{
"version_value": "0:0.14.0-18.el7",
"version_affected": "!"
},
{
"version_value": "0:5.0-15.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10893",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10893"
"url": "https://access.redhat.com/errata/RHSA-2019:2229",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:2229"
},
{
"name": "[spice-devel] 20180703 [PATCH spice-common v3] lz: Avoid buffer reading overflow checking for image type",
"refsource": "MLIST",
"url": "https://lists.freedesktop.org/archives/spice-devel/2018-July/044489.html"
"url": "https://access.redhat.com/errata/RHSA-2020:0471",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0471"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:2229",
"url": "https://access.redhat.com/errata/RHSA-2019:2229"
"url": "https://access.redhat.com/security/cve/CVE-2018-10893",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10893"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0471",
"url": "https://access.redhat.com/errata/RHSA-2020:0471"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1598234",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1598234"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10893",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10893"
},
{
"url": "https://lists.freedesktop.org/archives/spice-devel/2018-July/044489.html",
"refsource": "MISC",
"name": "https://lists.freedesktop.org/archives/spice-devel/2018-July/044489.html"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Frediano Ziglio (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
]
}

188
2018/10xxx/CVE-2018-10897.json
View File

@ -1,111 +1,167 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10897",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "yum-utils:",
"version": {
"version_data": [
{
"version_value": "1.1.31"
}
]
}
}
]
},
"vendor_name": "The RPM Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected."
"value": "A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59"
"value": "Improper Link Resolution Before File Access ('Link Following')",
"cweId": "CWE-59"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:1.1.30-42.el6_10",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.1.31-46.el7_5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.0.24-1.el7ev",
"version_affected": "!"
},
{
"version_value": "0:4.2-6.0.el7",
"version_affected": "!"
},
{
"version_value": "0:4.2-20180828.2.el7_5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "1041594",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041594"
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "MISC",
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "RHSA-2018:2285",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2285"
"url": "http://www.securitytracker.com/id/1041594",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1041594"
},
{
"name": "RHSA-2018:2284",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2284"
"url": "https://access.redhat.com/errata/RHSA-2018:2284",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2284"
},
{
"name": "https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c",
"refsource": "CONFIRM",
"url": "https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c"
"url": "https://access.redhat.com/errata/RHSA-2018:2285",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2285"
},
{
"name": "RHSA-2018:2626",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2626"
"url": "https://access.redhat.com/errata/RHSA-2018:2626",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2626"
},
{
"name": "https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c",
"refsource": "CONFIRM",
"url": "https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c"
"url": "https://access.redhat.com/security/cve/CVE-2018-10897",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10897"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1600221",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1600221"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897"
},
{
"name": "https://github.com/rpm-software-management/yum-utils/pull/43",
"refsource": "CONFIRM",
"url": "https://github.com/rpm-software-management/yum-utils/pull/43"
"url": "https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c",
"refsource": "MISC",
"name": "https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c"
},
{
"url": "https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c",
"refsource": "MISC",
"name": "https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c"
},
{
"url": "https://github.com/rpm-software-management/yum-utils/pull/43",
"refsource": "MISC",
"name": "https://github.com/rpm-software-management/yum-utils/pull/43"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Aaron Levy (Clover Network) and Jay Grizzard (Clover Network) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}

156
2018/10xxx/CVE-2018-10931.json
View File

@ -1,86 +1,140 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10931",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "cobbler",
"version": {
"version_data": [
{
"version_value": "2.6.x"
}
]
}
}
]
},
"vendor_name": "The Cobbler Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon."
"value": "An API-exposure flaw was found in cobbler, where it exported CobblerXMLRPCInterface private functions over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain important privileges within cobbler, as well as upload files to an arbitrary location in the daemon context."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-749"
"value": "Exposed Dangerous Method or Function",
"cweId": "CWE-749"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 5.6",
"version": {
"version_data": [
{
"version_value": "0:2.0.7-44.1.el6sat",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Satellite 5.7",
"version": {
"version_data": [
{
"version_value": "0:2.0.7-68.1.el6sat",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Satellite 5.8",
"version": {
"version_data": [
{
"version_value": "0:2.0.7-73.el6sat",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10931",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10931"
"url": "https://access.redhat.com/errata/RHSA-2018:2372",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2372"
},
{
"name": "RHSA-2018:2372",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2372"
"url": "https://access.redhat.com/security/cve/CVE-2018-10931",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10931"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-3cacfb34ad",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMWK5KCCZXOGOYNR2H6BWDSABTQ5NYJA/"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1613861",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1613861"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-cd24f60a94",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5Q4ACIVZ5D4KSUDLGRTOKGGB4U42SD/"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10931",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10931"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5Q4ACIVZ5D4KSUDLGRTOKGGB4U42SD/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5Q4ACIVZ5D4KSUDLGRTOKGGB4U42SD/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMWK5KCCZXOGOYNR2H6BWDSABTQ5NYJA/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMWK5KCCZXOGOYNR2H6BWDSABTQ5NYJA/"
}
]
},
"work_around": [
{
"lang": "en",
"value": "If SELinux is enabled, it might prevent some locations from accepting uploaded files from the attacker. This prevents some basic attacks allowing remote code execution, although it would not exclude all other possibilities."
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Cedric Buissart (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}

144
2018/10xxx/CVE-2018-10932.json
View File

@ -1,86 +1,128 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10932",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "lldptool",
"version": {
"version_data": [
{
"version_value": "1.0.1 and older"
}
]
}
}
]
},
"vendor_name": "Intel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal."
"value": "lldptool can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.3/CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-117"
"value": "Improper Output Neutralization for Logs",
"cweId": "CWE-117"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.0.1-5.git036e314.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:1.0.1-13.git036e314.el8",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10932",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10932"
"url": "https://access.redhat.com/errata/RHBA-2019:2339",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2019:2339"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1551623",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551623"
"url": "https://access.redhat.com/errata/RHSA-2019:3673",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:3673"
},
{
"name": "https://github.com/intel/openlldp/pull/7",
"refsource": "CONFIRM",
"url": "https://github.com/intel/openlldp/pull/7"
"url": "https://access.redhat.com/security/cve/CVE-2018-10932",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10932"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3673",
"url": "https://access.redhat.com/errata/RHSA-2019:3673"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551623",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1551623"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1614896",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1614896"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10932",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10932"
},
{
"url": "https://github.com/intel/openlldp/pull/7",
"refsource": "MISC",
"name": "https://github.com/intel/openlldp/pull/7"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Aaron Conole (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
]
}

267
2018/1xxx/CVE-2018-1092.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1092",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux kernel through version 4.15",
"version": {
"version_data": [
{
"version_value": "Linux kernel through version 4.15"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image."
"value": "The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/mballoc.c:ext4_process_freed_data() function. An attacker could trick a legitimate user or a privileged attacker could exploit this by mounting a crafted ext4 image to cause a kernel panic."
}
]
},
@ -44,113 +21,175 @@
"description": [
{
"lang": "eng",
"value": "NULL pointer dereference"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-957.rt56.910.el7",
"version_affected": "!"
},
{
"version_value": "0:4.14.0-115.el7a",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-957.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-3676-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3676-1/"
},
{
"name": "USN-3678-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3678-2/"
},
{
"name": "RHSA-2018:3083",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name": "http://openwall.com/lists/oss-security/2018/03/29/1",
"url": "https://usn.ubuntu.com/3754-1/",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2018/03/29/1"
"name": "https://usn.ubuntu.com/3754-1/"
},
{
"name": "DSA-4187",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "USN-3678-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3678-1/"
},
{
"name": "USN-3677-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3677-1/"
},
{
"name": "DSA-4188",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4188"
},
{
"name": "USN-3754-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3754-1/"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=199179",
"url": "https://access.redhat.com/errata/RHSA-2018:2948",
"refsource": "MISC",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=199179"
"name": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "USN-3678-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3678-3/"
},
{
"name": "USN-3677-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3677-2/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1560777",
"url": "https://access.redhat.com/errata/RHSA-2018:3083",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560777"
"name": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name": "USN-3676-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3676-2/"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44",
"url": "https://access.redhat.com/errata/RHSA-2018:3096",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44"
"name": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name": "RHSA-2018:3096",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name": "USN-3678-4",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3678-4/"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=199275",
"url": "http://openwall.com/lists/oss-security/2018/03/29/1",
"refsource": "MISC",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=199275"
"name": "http://openwall.com/lists/oss-security/2018/03/29/1"
},
{
"url": "https://usn.ubuntu.com/3676-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3676-1/"
},
{
"url": "https://usn.ubuntu.com/3676-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3676-2/"
},
{
"url": "https://www.debian.org/security/2018/dsa-4188",
"refsource": "MISC",
"name": "https://www.debian.org/security/2018/dsa-4188"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-1092",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-1092"
},
{
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=199179",
"refsource": "MISC",
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=199179"
},
{
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=199275",
"refsource": "MISC",
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=199275"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560777",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1560777"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"url": "https://usn.ubuntu.com/3677-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3677-1/"
},
{
"url": "https://usn.ubuntu.com/3677-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3677-2/"
},
{
"url": "https://usn.ubuntu.com/3678-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3678-1/"
},
{
"url": "https://usn.ubuntu.com/3678-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3678-2/"
},
{
"url": "https://usn.ubuntu.com/3678-3/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3678-3/"
},
{
"url": "https://usn.ubuntu.com/3678-4/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3678-4/"
},
{
"url": "https://www.debian.org/security/2018/dsa-4187",
"refsource": "MISC",
"name": "https://www.debian.org/security/2018/dsa-4187"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Wen Xu for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

159
2018/1xxx/CVE-2018-1094.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1094",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux kernel through version 4.15",
"version": {
"version_data": [
{
"version_value": "Linux kernel through version 4.15"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image."
"value": "The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/xattr.c:ext4_xattr_inode_hash() function. An attacker could trick a legitimate user or a privileged attacker could exploit this to cause a NULL pointer dereference with a crafted ext4 image."
}
]
},
@ -44,63 +21,125 @@
"description": [
{
"lang": "eng",
"value": "NULL pointer dereference"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-957.rt56.910.el7",
"version_affected": "!"
},
{
"version_value": "0:4.14.0-115.el7a",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-957.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1560788",
"url": "https://access.redhat.com/errata/RHSA-2018:2948",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560788"
"name": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "RHSA-2018:3083",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=18db4b4e6fc31eda838dd1c1296d67dbcb3dc957",
"url": "https://access.redhat.com/errata/RHSA-2018:3083",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=18db4b4e6fc31eda838dd1c1296d67dbcb3dc957"
"name": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name": "http://openwall.com/lists/oss-security/2018/03/29/1",
"url": "https://access.redhat.com/errata/RHSA-2018:3096",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2018/03/29/1"
"name": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name": "USN-3695-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3695-1/"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=a45403b51582a87872927a3e0fc0a389c26867f1",
"url": "http://openwall.com/lists/oss-security/2018/03/29/1",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=a45403b51582a87872927a3e0fc0a389c26867f1"
"name": "http://openwall.com/lists/oss-security/2018/03/29/1"
},
{
"name": "USN-3695-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3695-2/"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=199183",
"url": "https://access.redhat.com/security/cve/CVE-2018-1094",
"refsource": "MISC",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=199183"
"name": "https://access.redhat.com/security/cve/CVE-2018-1094"
},
{
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=199183",
"refsource": "MISC",
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=199183"
},
{
"name": "RHSA-2018:3096",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560788",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1560788"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=18db4b4e6fc31eda838dd1c1296d67dbcb3dc957",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=18db4b4e6fc31eda838dd1c1296d67dbcb3dc957"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=a45403b51582a87872927a3e0fc0a389c26867f1",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=a45403b51582a87872927a3e0fc0a389c26867f1"
},
{
"url": "https://usn.ubuntu.com/3695-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3695-1/"
},
{
"url": "https://usn.ubuntu.com/3695-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3695-2/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Wen Xu for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

135
2018/1xxx/CVE-2018-1095.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1095",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux kernel through version 4.15",
"version": {
"version_data": [
{
"version_value": "Linux kernel through version 4.15"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image."
"value": "The Linux kernel is vulnerable to an out-of-bound access bug in the fs/posix_acl.c:get_acl() function. An attacker could trick a legitimate user or a privileged attacker could exploit this to cause a system crash or other unspecified impact with a crafted ext4 image. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely."
}
]
},
@ -44,48 +21,102 @@
"description": [
{
"lang": "eng",
"value": "NULL pointer dereference"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:4.14.0-115.el7a",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=ce3fd194fcc6fbdc00ce095a852f22df97baa401",
"url": "https://access.redhat.com/errata/RHSA-2018:2948",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=ce3fd194fcc6fbdc00ce095a852f22df97baa401"
"name": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "http://openwall.com/lists/oss-security/2018/03/29/1",
"url": "http://openwall.com/lists/oss-security/2018/03/29/1",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2018/03/29/1"
"name": "http://openwall.com/lists/oss-security/2018/03/29/1"
},
{
"name": "USN-3695-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3695-1/"
},
{
"name": "USN-3695-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3695-2/"
},
{
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=199185",
"url": "https://usn.ubuntu.com/3695-1/",
"refsource": "MISC",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=199185"
"name": "https://usn.ubuntu.com/3695-1/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1560793",
"url": "https://usn.ubuntu.com/3695-2/",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560793"
"name": "https://usn.ubuntu.com/3695-2/"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-1095",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-1095"
},
{
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=199185",
"refsource": "MISC",
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=199185"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560793",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1560793"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=ce3fd194fcc6fbdc00ce095a852f22df97baa401",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=ce3fd194fcc6fbdc00ce095a852f22df97baa401"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Wen Xu for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
]
}

1228
2018/1xxx/CVE-2018-1097.json
View File

File diff suppressed because it is too large Load Diff

143
2018/1xxx/CVE-2018-1100.json
View File

@ -1,41 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-04-07T00:00:00",
"ID": "CVE-2018-1100",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zsh",
"version": {
"version_data": [
{
"version_value": "through 5.4.2"
}
]
}
}
]
},
"vendor_name": "zsh"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user."
"value": "A buffer overflow flaw was found in the zsh shell check path functionality. A local, unprivileged user can create a specially crafted message file, which, if used to set a custom \"you have new mail\" message, leads to code execution in the context of the user who receives the message. If the user affected is privileged, this leads to privilege escalation."
}
]
},
@ -45,48 +21,113 @@
"description": [
{
"lang": "eng",
"value": "CWE-120->CWE-121"
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:4.3.11-8.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:5.0.2-31.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/"
"url": "https://access.redhat.com/errata/RHSA-2018:3073",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3073"
},
{
"name": "USN-3764-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3764-1/"
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
},
{
"name": "GLSA-201805-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-10"
"url": "https://security.gentoo.org/glsa/201805-10",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201805-10"
},
{
"name": "RHSA-2018:1932",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1932"
"url": "https://access.redhat.com/errata/RHSA-2018:1932",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1932"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1563395",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563395"
"url": "https://access.redhat.com/security/cve/CVE-2018-1100",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-1100"
},
{
"name": "RHSA-2018:3073",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3073"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563395",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1563395"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
"url": "https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/",
"refsource": "MISC",
"name": "https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/"
},
{
"url": "https://usn.ubuntu.com/3764-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3764-1/"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Richard Maciel Costa (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
}

377
2018/1xxx/CVE-2018-1102.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-03-29T00:00:00",
"ID": "CVE-2018-1102",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "atomic-openshift",
"version": {
"version_data": [
{
"version_value": "as shipped with Openshift Enterprise 3.x"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,68 +21,345 @@
"description": [
{
"lang": "eng",
"value": "CWE-20"
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 3.2",
"version": {
"version_data": [
{
"version_value": "0:3.2.1.34-2.git.3.aad33c3.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 3.3",
"version": {
"version_data": [
{
"version_value": "0:3.3.1.46.39-2.git.3.cc57f5b.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 3.4",
"version": {
"version_data": [
{
"version_value": "0:3.4.1.44.53-1.git.0.d7eb028.el7",
"version_affected": "!"
},
{
"version_value": "0:3.4.168-1.git.0.bb73aad.el7",
"version_affected": "!"
},
{
"version_value": "0:0.12.14-9.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 3.5",
"version": {
"version_data": [
{
"version_value": "0:3.5.5.31.67-1.git.0.0a8cf24.el7",
"version_affected": "!"
},
{
"version_value": "0:3.5.165-1.git.0.475fa67.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 3.6",
"version": {
"version_data": [
{
"version_value": "0:3.6.173.0.113-1.git.0.65fb9fb.el7",
"version_affected": "!"
},
{
"version_value": "0:1.5.3-1.el7",
"version_affected": "!"
},
{
"version_value": "0:0.60.0-1.el7",
"version_affected": "!"
},
{
"version_value": "0:0.13.1-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.9.23-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.1-1.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.9-1.el7",
"version_affected": "!"
},
{
"version_value": "0:5.10.3-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.2.2-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.13.1-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.3.1-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.2.5-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.2018.3-1.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.7.5-1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 3.7",
"version": {
"version_data": [
{
"version_value": "0:1.0.6-1.el7",
"version_affected": "!"
},
{
"version_value": "0:3.7.44-1.git.0.6b061d4.el7",
"version_affected": "!"
},
{
"version_value": "0:1.14.0-1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 3.8",
"version": {
"version_data": [
{
"version_value": "0:3.8.37-1.git.0.e85a326.el7",
"version_affected": "!"
},
{
"version_value": "0:3.8.37-1.git.224.8e15ecf.el7",
"version_affected": "!"
},
{
"version_value": "0:3.8.37-1.git.0.be319af.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 3.9",
"version": {
"version_data": [
{
"version_value": "0:3.9.25-1.git.0.6bc473e.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Enterprise 3.1",
"version": {
"version_data": [
{
"version_value": "0:3.1.1.11-4.git.3.12809c8.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.1.13-1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS",
"version": {
"version_data": [
{
"version_value": "0:1.1.13-1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS",
"version": {
"version_data": [
{
"version_value": "0:1.1.13-1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS",
"version": {
"version_data": [
{
"version_value": "0:1.1.13-1.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:1235",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1235"
"url": "https://access.redhat.com/errata/RHSA-2018:1227",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1227"
},
{
"name": "RHSA-2018:1241",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1241"
"url": "https://access.redhat.com/errata/RHSA-2018:1229",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1229"
},
{
"name": "RHSA-2018:1233",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1233"
"url": "https://access.redhat.com/errata/RHSA-2018:1231",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1231"
},
{
"name": "RHSA-2019:0036",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0036"
"url": "https://access.redhat.com/errata/RHSA-2018:1233",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1233"
},
{
"name": "RHSA-2018:1237",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1237"
"url": "https://access.redhat.com/errata/RHSA-2018:1235",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1235"
},
{
"name": "RHSA-2018:1227",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1227"
"url": "https://access.redhat.com/errata/RHSA-2018:1237",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1237"
},
{
"name": "RHSA-2018:1243",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1243"
"url": "https://access.redhat.com/errata/RHSA-2018:1239",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1239"
},
{
"name": "RHSA-2018:1231",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1231"
"url": "https://access.redhat.com/errata/RHSA-2018:1241",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1241"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
"url": "https://access.redhat.com/errata/RHSA-2018:1243",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1243"
},
{
"name": "RHSA-2018:1229",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1229"
"url": "https://access.redhat.com/errata/RHSA-2019:0036",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:0036"
},
{
"name": "RHSA-2018:1239",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1239"
"url": "https://access.redhat.com/security/cve/CVE-2018-1102",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-1102"
},
{
"url": "https://access.redhat.com/security/vulnerabilities/3422241",
"refsource": "MISC",
"name": "https://access.redhat.com/security/vulnerabilities/3422241"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1562246"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.\n\n* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds\n* OpenShift Enterprise 3.8 is not a production version (only for upgrades).\n* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
}

97
2022/36xxx/CVE-2022-36401.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36401",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in TeraWallet \u2013 For WooCommerce plugin <= 1.3.24 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "StandaloneTech",
"product": {
"product_data": [
{
"product_name": "TeraWallet \u2013 For WooCommerce",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/woo-wallet/wordpress-terawallet-for-woocommerce-plugin-1-3-24-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/woo-wallet/wordpress-terawallet-for-woocommerce-plugin-1-3-24-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;1.4.0 or higher version."
}
],
"value": "Update to\u00a01.4.0 or higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Muhammad Daffa (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

97
2022/40xxx/CVE-2022-40692.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40692",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WP Sunshine",
"product": {
"product_data": [
{
"product_name": "Sunshine Photo Cart",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-2-9-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-2-9-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;2.9.14 or higher version."
}
],
"value": "Update to\u00a02.9.14 or higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Lana Codes (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

84
2022/44xxx/CVE-2022-44585.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-44585",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Magneticlab S\u00e0rl Homepage Pop-up plugin <= 1.2.5 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Magneticlab S\u00e0rl",
"product": {
"product_data": [
{
"product_name": "Homepage Pop-up",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/homepage-pop-up/wordpress-homepage-popup-plugin-1-2-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/homepage-pop-up/wordpress-homepage-popup-plugin-1-2-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Mika (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

97
2022/45xxx/CVE-2022-45067.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-45067",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "DevsCred",
"product": {
"product_data": [
{
"product_name": "Exclusive Addons for Elementor",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/exclusive-addons-for-elementor/wordpress-exclusive-addons-for-elementor-plugin-2-6-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/exclusive-addons-for-elementor/wordpress-exclusive-addons-for-elementor-plugin-2-6-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;2.6.2 or higher version."
}
],
"value": "Update to\u00a02.6.2 or higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Muhammad Daffa (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

97
2022/45xxx/CVE-2022-45807.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-45807",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) in WPVibes WP Mail Log plugin <= 1.0.1 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WPVibes",
"product": {
"product_data": [
{
"product_name": "WP Mail Log",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/wp-mail-log/wordpress-wp-mail-log-plugin-1-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/wp-mail-log/wordpress-wp-mail-log-plugin-1-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;1.0.2 or higher version."
}
],
"value": "Update to\u00a01.0.2 or higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Lana Codes (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

55
2022/46xxx/CVE-2022-46340.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order."
"value": "A vulnerability was found in X.Org. The issue occurs due to the swap handler for the XTestFakeInput request of the XTest extension, possibly corrupting the stack if GenericEvents with lengths larger than 32 bytes are sent through the XTestFakeInput request. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where the client and server use the same byte order."
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "stack overflow"
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
@ -31,16 +32,20 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "xorg-x11-server-1.20.4",
"version_affected": "="
"version_value": "0:1.8.0-23.el7_9",
"version_affected": "!"
},
{
"version_value": "0:1.20.4-21.el7_9",
"version_affected": "!"
}
]
}
@ -58,11 +63,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-46340"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151755",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151755"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/",
"refsource": "MISC",
@ -87,6 +87,39 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWTH3SNJ3GKYDSN7I3QDGWYEPSMWU6EP/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWTH3SNJ3GKYDSN7I3QDGWYEPSMWU6EP/"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0045",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0045"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0046",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0046"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151755",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151755"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

55
2022/46xxx/CVE-2022-46342.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se"
"value": "A vulnerability was found in X.Org. This flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions."
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "use-after-free"
"value": "Use After Free",
"cweId": "CWE-416"
}
]
}
@ -31,16 +32,20 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "xorg-x11-server-1.20.4",
"version_affected": "="
"version_value": "0:1.8.0-23.el7_9",
"version_affected": "!"
},
{
"version_value": "0:1.20.4-21.el7_9",
"version_affected": "!"
}
]
}
@ -53,11 +58,6 @@
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151757",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151757"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-46342",
"refsource": "MISC",
@ -82,6 +82,39 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0045",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0045"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0046",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0046"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151757",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151757"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

55
2022/46xxx/CVE-2022-46343.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions."
"value": "A vulnerability was found in X.Org. This issue occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This flaw can lead to local privileges elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions."
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "use-after-free"
"value": "Use After Free",
"cweId": "CWE-416"
}
]
}
@ -31,16 +32,20 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "xorg-x11-server-1.20.4",
"version_affected": "="
"version_value": "0:1.8.0-23.el7_9",
"version_affected": "!"
},
{
"version_value": "0:1.20.4-21.el7_9",
"version_affected": "!"
}
]
}
@ -58,11 +63,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-46343"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151758",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151758"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/",
"refsource": "MISC",
@ -82,6 +82,39 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0045",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0045"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0046",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0046"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151758",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151758"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

55
2022/46xxx/CVE-2022-46344.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions."
"value": "A vulnerability was found in X.Org. The issue occurs because the handler for the XIChangeProperty request has a length-validation issue, resulting in out-of-bounds memory reads and potential information disclosure. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions."
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "out-of-bounds access"
"value": "Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
@ -31,16 +32,20 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "xorg-x11-server-1.20.4",
"version_affected": "="
"version_value": "0:1.8.0-23.el7_9",
"version_affected": "!"
},
{
"version_value": "0:1.20.4-21.el7_9",
"version_affected": "!"
}
]
}
@ -58,11 +63,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-46344"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151760",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151760"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/",
"refsource": "MISC",
@ -82,6 +82,39 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0045",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0045"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0046",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0046"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151760",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151760"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

97
2022/46xxx/CVE-2022-46815.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-46815",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Lauri Karisola / WP Trio",
"product": {
"product_data": [
{
"product_name": "Conditional Shipping for WooCommerce",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/conditional-shipping-for-woocommerce/wordpress-conditional-shipping-for-woocommerce-plugin-2-3-1-cross-site-request-forgery-csrf?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/conditional-shipping-for-woocommerce/wordpress-conditional-shipping-for-woocommerce-plugin-2-3-1-cross-site-request-forgery-csrf?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;2.3.2 or higher version."
}
],
"value": "Update to\u00a02.3.2 or higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Cat (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

97
2022/46xxx/CVE-2022-46842.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-46842",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "JS Help Desk",
"product": {
"product_data": [
{
"product_name": "JS Help Desk",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/js-support-ticket/wordpress-js-help-desk-plugin-2-7-1-multiple-cross-site-request-forgery-csrf-vulnerabilities?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/js-support-ticket/wordpress-js-help-desk-plugin-2-7-1-multiple-cross-site-request-forgery-csrf-vulnerabilities?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;2.7.2 or a higher version."
}
],
"value": "Update to\u00a02.7.2 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Vlad Vector (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

62
2022/48xxx/CVE-2022-48140.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-48140",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-48140",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ChandlerChin/dedecms/blob/main/xss.docx",
"refsource": "MISC",
"name": "https://github.com/ChandlerChin/dedecms/blob/main/xss.docx"
}
]
}

79
2023/0xxx/CVE-2023-0253.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0253",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via folder names in versions up to, and including, 4.18.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "devowl",
"product": {
"product_data": [
{
"product_name": "Real Media Library: Media Library Folder & File Manager",
"version": {
"version_data": [
{
"version_value": "*",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/real-media-library-lite/",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/real-media-library-lite/"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/950d71ae-29a1-4b71-b74a-b1a5c9f3326e",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/950d71ae-29a1-4b71-b74a-b1a5c9f3326e"
},
{
"url": "https://devowlio.gitbook.io/changelogs/wordpress-plugins/real-media-library",
"refsource": "MISC",
"name": "https://devowlio.gitbook.io/changelogs/wordpress-plugins/real-media-library"
}
]
},
"credits": [
{
"lang": "en",
"value": "Bipul Jaiswal"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

116
2023/0xxx/CVE-2023-0296.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0296",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"description": {
"description_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift",
"version": {
"version_data": [
{
"version_value": "OpenShift 4.11"
"lang": "eng",
"value": "The Birthday attack against 64-bit block ciphers (CVE-2016-2183) was reported for the health checks port (9979) on the etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy. Therefore, this port might still be considered vulnerable to the same type of attack. The health checks on etcd grpc-proxy do not contain sensitive data, only metrics data. The potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
@ -36,26 +21,103 @@
"description": [
{
"lang": "eng",
"value": "CWE-327"
"value": "Use of a Broken or Risky Cryptographic Algorithm",
"cweId": "CWE-327"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 4.10",
"version": {
"version_data": [
{
"version_value": "v4.10.0-202301062005.p0.g2a91bf0.assembly.stream",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.11",
"version": {
"version_data": [
{
"version_value": "v4.11.0-202301041324.p0.gc50e9aa.assembly.stream",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.12",
"version": {
"version_data": [
{
"version_value": "v4.12.0-202212121125.p0.g89a451c.assembly.stream",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2022:7399",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2161287",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161287"
"name": "https://access.redhat.com/errata/RHSA-2022:7399"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0069",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0069"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0241",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0241"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-0296",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-0296"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161287",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2161287"
}
]
},
"description": {
"description_data": [
"impact": {
"cvss": [
{
"lang": "eng",
"value": "The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component."
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

112
2023/0xxx/CVE-2023-0576.json
View File

@ -1,17 +1,121 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0576",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@yugabyte.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in Yugabyte DB allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte DB: v2.17.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"cweId": "CWE-915"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"cweId": "CWE-307"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "YugaByte, Inc.",
"product": {
"product_data": [
{
"product_name": "Yugabyte DB",
"version": {
"version_data": [
{
"version_value": "v2.17.0.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.yugabyte.com/",
"refsource": "MISC",
"name": "https://www.yugabyte.com/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"PLAT-3195"
],
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed"
}
],
"value": "Fixed"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}