admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-02 15:01:13 +00:00
parent 5e307c1471
commit 4b3cfe2c06
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
39 changed files with 8553 additions and 3038 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

693
2007/3xxx/CVE-2007-3847.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-3847",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read."
"value": "CVE-2007-3847 httpd: out of bounds read"
}
]
},
@ -44,428 +21,588 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Certificate System 7.3",
"version": {
"version_data": [
{
"version_value": "0:1.6.5-1jpp_1rh",
"version_affected": "!"
},
{
"version_value": "0:1.2-2jpp_4rh",
"version_affected": "!"
},
{
"version_value": "0:1.2.1-1jpp_3rh",
"version_affected": "!"
},
{
"version_value": "0:1.0-2jpp_6rh",
"version_affected": "!"
},
{
"version_value": "0:1.1.1-2jpp_8rh",
"version_affected": "!"
},
{
"version_value": "0:1.0-0.M4.1jpp_10rh",
"version_affected": "!"
},
{
"version_value": "0:2.0-3jpp_2rh",
"version_affected": "!"
},
{
"version_value": "0:1.2.12-1jpp_1rh",
"version_affected": "!"
},
{
"version_value": "1:3.0.1-1jpp_4rh",
"version_affected": "!"
},
{
"version_value": "0:1.3.3-3.el4",
"version_affected": "!"
},
{
"version_value": "0:7.3.0-20.el4",
"version_affected": "!"
},
{
"version_value": "0:7.3.0-10.el4",
"version_affected": "!"
},
{
"version_value": "0:7.3.0-14.el4",
"version_affected": "!"
},
{
"version_value": "0:7.3.0-19.el4",
"version_affected": "!"
},
{
"version_value": "0:7.3.0-6.el4",
"version_affected": "!"
},
{
"version_value": "0:7.3.0-13.el4",
"version_affected": "!"
},
{
"version_value": "0:5.5.23-0jpp_4rh.16",
"version_affected": "!"
},
{
"version_value": "0:2.7.1-1jpp_1rh",
"version_affected": "!"
},
{
"version_value": "0:1.3.02-2jpp_1rh",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 3",
"version": {
"version_data": [
{
"version_value": "0:2.0.46-70.ent",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 4",
"version": {
"version_data": [
{
"version_value": "0:2.0.52-38.ent",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.2.3-11.el5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "28606",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28606"
"url": "https://access.redhat.com/errata/RHSA-2010:0602",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0602"
},
{
"name": "RHSA-2008:0005",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html"
"url": "http://httpd.apache.org/security/vulnerabilities_22.html",
"refsource": "MISC",
"name": "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"name": "ADV-2007-3955",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3955"
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "28922",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28922"
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "oval:org.mitre.oval:def:10525",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10525"
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "28749",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28749"
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "PK52702",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702"
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "HPSBUX02273",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588"
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "26952",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26952"
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "26993",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26993"
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "SSA:2008-045-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748"
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "26636",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26636"
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "27563",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27563"
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "1018633",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018633"
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "27732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27732"
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "27209",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27209"
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "RHSA-2007:0911",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html"
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[apache-httpd-dev] 20070801 Re: svn commit: r561616 - in /httpd/httpd/trunk: CHANGES modules/proxy/proxy_util.c",
"refsource": "MLIST",
"url": "http://marc.info/?l=apache-httpd-dev&m=118595953217856&w=2"
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "26790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26790"
"url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[apache-httpd-dev] 20070801 Re: svn commit: r561616 - in /httpd/httpd/trunk: CHANGES modules/proxy/proxy_util.c",
"refsource": "MLIST",
"url": "http://marc.info/?l=apache-httpd-dev&m=118595556504202&w=2"
"url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
"url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "http://httpd.apache.org/security/vulnerabilities_20.html",
"refsource": "CONFIRM",
"url": "http://httpd.apache.org/security/vulnerabilities_20.html"
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "TA08-150A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
"url": "http://secunia.com/advisories/30430",
"refsource": "MISC",
"name": "http://secunia.com/advisories/30430"
},
{
"name": "SUSE-SA:2007:061",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html"
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html",
"refsource": "MISC",
"name": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "FEDORA-2007-2214",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html"
"url": "http://www.vupen.com/english/advisories/2008/1697",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "RHSA-2007:0747",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0747.html"
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "ADV-2007-3494",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3494"
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
"url": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "MISC",
"name": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "http://httpd.apache.org/security/vulnerabilities_22.html",
"refsource": "CONFIRM",
"url": "http://httpd.apache.org/security/vulnerabilities_22.html"
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-1710",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1710"
"url": "http://secunia.com/advisories/29420",
"refsource": "MISC",
"name": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
"url": "http://www.vupen.com/english/advisories/2008/0924/references",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "30430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30430"
"url": "http://bugs.gentoo.org/show_bug.cgi?id=186219",
"refsource": "MISC",
"name": "http://bugs.gentoo.org/show_bug.cgi?id=186219"
},
{
"name": "MDKSA-2007:235",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:235"
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588",
"refsource": "MISC",
"name": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588"
},
{
"name": "APPLE-SA-2008-05-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
"url": "http://httpd.apache.org/security/vulnerabilities_20.html",
"refsource": "MISC",
"name": "http://httpd.apache.org/security/vulnerabilities_20.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-500.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-500.htm"
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html",
"refsource": "MISC",
"name": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html"
},
{
"name": "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded"
"url": "http://marc.info/?l=apache-cvs&m=118592992309395&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=apache-cvs&m=118592992309395&w=2"
},
{
"name": "28467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28467"
"url": "http://marc.info/?l=apache-httpd-dev&m=118595556504202&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=apache-httpd-dev&m=118595556504202&w=2"
},
{
"name": "ADV-2008-0233",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0233"
"url": "http://marc.info/?l=apache-httpd-dev&m=118595953217856&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=apache-httpd-dev&m=118595953217856&w=2"
},
{
"name": "26722",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26722"
"url": "http://secunia.com/advisories/26636",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26636"
},
{
"name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html",
"refsource": "CONFIRM",
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html"
"url": "http://secunia.com/advisories/26722",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26722"
},
{
"name": "27971",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27971"
"url": "http://secunia.com/advisories/26790",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26790"
},
{
"name": "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html"
"url": "http://secunia.com/advisories/26842",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26842"
},
{
"name": "27882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27882"
"url": "http://secunia.com/advisories/26952",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26952"
},
{
"name": "GLSA-200711-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-06.xml"
"url": "http://secunia.com/advisories/26993",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26993"
},
{
"name": "ADV-2007-3095",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3095"
"url": "http://secunia.com/advisories/27209",
"refsource": "MISC",
"name": "http://secunia.com/advisories/27209"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951"
"url": "http://secunia.com/advisories/27563",
"refsource": "MISC",
"name": "http://secunia.com/advisories/27563"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
"url": "http://secunia.com/advisories/27593",
"refsource": "MISC",
"name": "http://secunia.com/advisories/27593"
},
{
"name": "RHSA-2007:0746",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0746.html"
"url": "http://secunia.com/advisories/27732",
"refsource": "MISC",
"name": "http://secunia.com/advisories/27732"
},
{
"name": "PK50469",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK50469"
"url": "http://secunia.com/advisories/27882",
"refsource": "MISC",
"name": "http://secunia.com/advisories/27882"
},
{
"name": "FEDORA-2007-707",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html"
"url": "http://secunia.com/advisories/27971",
"refsource": "MISC",
"name": "http://secunia.com/advisories/27971"
},
{
"name": "27593",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27593"
"url": "http://secunia.com/advisories/28467",
"refsource": "MISC",
"name": "http://secunia.com/advisories/28467"
},
{
"name": "ADV-2008-1697",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1697"
"url": "http://secunia.com/advisories/28606",
"refsource": "MISC",
"name": "http://secunia.com/advisories/28606"
},
{
"name": "USN-575-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-575-1"
"url": "http://secunia.com/advisories/28749",
"refsource": "MISC",
"name": "http://secunia.com/advisories/28749"
},
{
"name": "26842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26842"
"url": "http://secunia.com/advisories/28922",
"refsource": "MISC",
"name": "http://secunia.com/advisories/28922"
},
{
"name": "ADV-2007-3283",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3283"
"url": "http://security.gentoo.org/glsa/glsa-200711-06.xml",
"refsource": "MISC",
"name": "http://security.gentoo.org/glsa/glsa-200711-06.xml"
},
{
"name": "ADV-2007-3020",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3020"
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748",
"refsource": "MISC",
"name": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748"
},
{
"name": "25489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25489"
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-500.htm",
"refsource": "MISC",
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-500.htm"
},
{
"name": "[apache-cvs] 20070801 svn commit: r561616 - in /httpd/httpd/trunk: CHANGES",
"refsource": "MLIST",
"url": "http://marc.info/?l=apache-cvs&m=118592992309395&w=2"
"url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951",
"refsource": "MISC",
"name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=186219",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=186219"
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK50469",
"refsource": "MISC",
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK50469"
},
{
"name": "SSRT071476",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588"
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702",
"refsource": "MISC",
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E"
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html",
"refsource": "MISC",
"name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E"
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:235",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:235"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E"
"url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html",
"refsource": "MISC",
"name": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E"
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E"
"url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html",
"refsource": "MISC",
"name": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E"
"url": "http://www.redhat.com/support/errata/RHSA-2007-0746.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2007-0746.html"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E"
"url": "http://www.redhat.com/support/errata/RHSA-2007-0747.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2007-0747.html"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E"
"url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2007-0911.html"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
"url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2008-0005.html"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
"url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/505990/100/0/threaded"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/",
"url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E"
"url": "http://www.securityfocus.com/bid/25489",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/25489"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E"
"url": "http://www.securitytracker.com/id?1018633",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1018633"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E"
"url": "http://www.ubuntu.com/usn/usn-575-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/usn-575-1"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E"
"url": "http://www.vupen.com/english/advisories/2007/3020",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2007/3020"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E"
"url": "http://www.vupen.com/english/advisories/2007/3095",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2007/3095"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
"url": "http://www.vupen.com/english/advisories/2007/3283",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2007/3283"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
"url": "http://www.vupen.com/english/advisories/2007/3494",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2007/3494"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E"
"url": "http://www.vupen.com/english/advisories/2007/3955",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2007/3955"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E"
"url": "http://www.vupen.com/english/advisories/2008/0233",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2008/0233"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E"
"url": "https://access.redhat.com/errata/RHSA-2007:0746",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2007:0746"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E"
"url": "https://access.redhat.com/errata/RHSA-2007:0747",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2007:0747"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E"
"url": "https://access.redhat.com/errata/RHSA-2007:0911",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2007:0911"
},
{
"url": "https://access.redhat.com/errata/RHSA-2008:0005",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2008:0005"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2007-3847",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2007-3847"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=250731"
},
{
"url": "https://issues.rpath.com/browse/RPL-1710",
"refsource": "MISC",
"name": "https://issues.rpath.com/browse/RPL-1710"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10525",
"refsource": "MISC",
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10525"
},
{
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html",
"refsource": "MISC",
"name": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html"
}
]
}

405
2007/4xxx/CVE-2007-4137.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-4137",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable."
"value": "CVE-2007-4137 QT off by one buffer overflow"
}
]
},
@ -44,193 +21,261 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Off-by-one Error",
"cweId": "CWE-193"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 2.1",
"version": {
"version_data": [
{
"version_value": "1:2.3.1-14.EL2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 3",
"version": {
"version_data": [
{
"version_value": "1:3.1.2-17.RHEL3",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 4",
"version": {
"version_data": [
{
"version_value": "1:3.3.3-13.RHEL4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "1:3.3.6-23.el5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=192472",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=192472"
},
{
"name": "MDKSA-2007:183",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:183"
},
{
"name": "SUSE-SR:2007:019",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_19_sr.html"
},
{
"name": "26868",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26868"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm"
},
{
"name": "https://issues.rpath.com/browse/RPL-1751",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1751"
},
{
"name": "26811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26811"
},
{
"name": "oval:org.mitre.oval:def:11159",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11159"
},
{
"name": "27053",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27053"
},
{
"name": "27996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27996"
},
{
"name": "27275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27275"
},
{
"name": "27382",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27382"
},
{
"name": "26857",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26857"
},
{
"name": "http://trolltech.com/company/newsroom/announcements/press.2007-09-03.7564032119",
"refsource": "CONFIRM",
"url": "http://trolltech.com/company/newsroom/announcements/press.2007-09-03.7564032119"
},
{
"name": "26778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26778"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=269001",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=269001"
"name": "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc"
},
{
"name": "26882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26882"
},
{
"name": "26987",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26987"
},
{
"name": "GLSA-200710-28",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200710-28.xml"
},
{
"name": "ADV-2007-3144",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3144"
},
{
"name": "20070901-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc"
},
{
"name": "http://dist.trolltech.com/developer/download/175791_4.diff",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=192472",
"refsource": "MISC",
"url": "http://dist.trolltech.com/developer/download/175791_4.diff"
"name": "http://bugs.gentoo.org/show_bug.cgi?id=192472"
},
{
"name": "39384",
"refsource": "OSVDB",
"url": "http://osvdb.org/39384"
},
{
"name": "26804",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26804"
},
{
"name": "26782",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26782"
},
{
"name": "http://dist.trolltech.com/developer/download/175791_3.diff",
"url": "http://dist.trolltech.com/developer/download/175791_3.diff",
"refsource": "MISC",
"url": "http://dist.trolltech.com/developer/download/175791_3.diff"
"name": "http://dist.trolltech.com/developer/download/175791_3.diff"
},
{
"name": "FEDORA-2007-703",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA-2007-703.shtml"
"url": "http://dist.trolltech.com/developer/download/175791_4.diff",
"refsource": "MISC",
"name": "http://dist.trolltech.com/developer/download/175791_4.diff"
},
{
"name": "FEDORA-2007-2216",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA-2007-221.shtml"
"url": "http://fedoranews.org/updates/FEDORA-2007-221.shtml",
"refsource": "MISC",
"name": "http://fedoranews.org/updates/FEDORA-2007-221.shtml"
},
{
"name": "GLSA-200712-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200712-08.xml"
"url": "http://fedoranews.org/updates/FEDORA-2007-703.shtml",
"refsource": "MISC",
"name": "http://fedoranews.org/updates/FEDORA-2007-703.shtml"
},
{
"name": "28021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28021"
"url": "http://osvdb.org/39384",
"refsource": "MISC",
"name": "http://osvdb.org/39384"
},
{
"name": "RHSA-2007:0883",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0883.html"
"url": "http://secunia.com/advisories/26778",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26778"
},
{
"name": "1018688",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018688"
"url": "http://secunia.com/advisories/26782",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26782"
},
{
"name": "20071004 FLEA-2007-0059-1 qt qt-tools",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/481498/100/0/threaded"
"url": "http://secunia.com/advisories/26804",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26804"
},
{
"name": "USN-513-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-513-1"
"url": "http://secunia.com/advisories/26811",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26811"
},
{
"name": "25657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25657"
"url": "http://secunia.com/advisories/26857",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26857"
},
{
"name": "DSA-1426",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1426"
"url": "http://secunia.com/advisories/26868",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26868"
},
{
"url": "http://secunia.com/advisories/26882",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26882"
},
{
"url": "http://secunia.com/advisories/26987",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26987"
},
{
"url": "http://secunia.com/advisories/27053",
"refsource": "MISC",
"name": "http://secunia.com/advisories/27053"
},
{
"url": "http://secunia.com/advisories/27275",
"refsource": "MISC",
"name": "http://secunia.com/advisories/27275"
},
{
"url": "http://secunia.com/advisories/27382",
"refsource": "MISC",
"name": "http://secunia.com/advisories/27382"
},
{
"url": "http://secunia.com/advisories/27996",
"refsource": "MISC",
"name": "http://secunia.com/advisories/27996"
},
{
"url": "http://secunia.com/advisories/28021",
"refsource": "MISC",
"name": "http://secunia.com/advisories/28021"
},
{
"url": "http://security.gentoo.org/glsa/glsa-200710-28.xml",
"refsource": "MISC",
"name": "http://security.gentoo.org/glsa/glsa-200710-28.xml"
},
{
"url": "http://security.gentoo.org/glsa/glsa-200712-08.xml",
"refsource": "MISC",
"name": "http://security.gentoo.org/glsa/glsa-200712-08.xml"
},
{
"url": "http://securitytracker.com/id?1018688",
"refsource": "MISC",
"name": "http://securitytracker.com/id?1018688"
},
{
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm",
"refsource": "MISC",
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm"
},
{
"url": "http://trolltech.com/company/newsroom/announcements/press.2007-09-03.7564032119",
"refsource": "MISC",
"name": "http://trolltech.com/company/newsroom/announcements/press.2007-09-03.7564032119"
},
{
"url": "http://www.debian.org/security/2007/dsa-1426",
"refsource": "MISC",
"name": "http://www.debian.org/security/2007/dsa-1426"
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:183",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:183"
},
{
"url": "http://www.novell.com/linux/security/advisories/2007_19_sr.html",
"refsource": "MISC",
"name": "http://www.novell.com/linux/security/advisories/2007_19_sr.html"
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2007-0883.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2007-0883.html"
},
{
"url": "http://www.securityfocus.com/archive/1/481498/100/0/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/481498/100/0/threaded"
},
{
"url": "http://www.securityfocus.com/bid/25657",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/25657"
},
{
"url": "http://www.ubuntu.com/usn/usn-513-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/usn-513-1"
},
{
"url": "http://www.vupen.com/english/advisories/2007/3144",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2007/3144"
},
{
"url": "https://access.redhat.com/errata/RHSA-2007:0883",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2007:0883"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2007-4137",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2007-4137"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=269001",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=269001"
},
{
"url": "https://issues.rpath.com/browse/RPL-1751",
"refsource": "MISC",
"name": "https://issues.rpath.com/browse/RPL-1751"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11159",
"refsource": "MISC",
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11159"
}
]
}

377
2007/4xxx/CVE-2007-4997.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-4997",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an \"off-by-two error.\""
"value": "CVE-2007-4997 kernel ieee80211 off-by-two integer underflow"
}
]
},
@ -44,163 +21,219 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Integer Overflow or Wraparound",
"cweId": "CWE-190"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 4",
"version": {
"version_data": [
{
"version_value": "0:2.6.9-67.0.1.EL",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.6.18-53.1.4.el5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "28162",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28162"
},
{
"name": "RHSA-2007:1104",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1104.html"
},
{
"name": "28806",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28806"
},
{
"name": "28706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28706"
},
{
"name": "kernel-ieee80211-dos(38247)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38247"
},
{
"name": "MDKSA-2007:226",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:226"
},
{
"name": "27824",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27824"
},
{
"name": "26337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26337"
},
{
"name": "MDVSA-2008:008",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:008"
},
{
"name": "SUSE-SA:2007:059",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_59_kernel.html"
},
{
"name": "DSA-1428",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1428"
},
{
"name": "27912",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27912"
},
{
"name": "28033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28033"
},
{
"name": "RHSA-2007:0993",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0993.html"
},
{
"name": "oval:org.mitre.oval:def:10596",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10596"
},
{
"name": "USN-558-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-558-1"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23"
},
{
"name": "MDVSA-2008:105",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:105"
},
{
"name": "SUSE-SA:2007:064",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html"
},
{
"name": "SUSE-SA:2008:006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html"
},
{
"name": "USN-574-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-574-1"
},
{
"name": "27555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27555"
},
{
"name": "28971",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28971"
},
{
"name": "28170",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28170"
},
{
"name": "MDKSA-2007:232",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:232"
},
{
"name": "27614",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27614"
},
{
"name": "ADV-2007-3718",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3718"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/avi/kvm.git;a=commitdiff;h=04045f98e0457aba7d4e6736f37eed189c48a5f7",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23",
"refsource": "MISC",
"url": "http://git.kernel.org/?p=linux/kernel/git/avi/kvm.git;a=commitdiff;h=04045f98e0457aba7d4e6736f37eed189c48a5f7"
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23"
},
{
"name": "USN-578-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-578-1"
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html"
},
{
"name": "ftp://ftp.kernel.org/pub/linux/kernel/people/bunk/linux-2.6.16.y/testing/ChangeLog-2.6.16.57-rc1",
"refsource": "CONFIRM",
"url": "ftp://ftp.kernel.org/pub/linux/kernel/people/bunk/linux-2.6.16.y/testing/ChangeLog-2.6.16.57-rc1"
"url": "http://secunia.com/advisories/28806",
"refsource": "MISC",
"name": "http://secunia.com/advisories/28806"
},
{
"url": "http://secunia.com/advisories/28706",
"refsource": "MISC",
"name": "http://secunia.com/advisories/28706"
},
{
"url": "http://www.ubuntu.com/usn/usn-574-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/usn-574-1"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html"
},
{
"url": "http://secunia.com/advisories/27912",
"refsource": "MISC",
"name": "http://secunia.com/advisories/27912"
},
{
"url": "ftp://ftp.kernel.org/pub/linux/kernel/people/bunk/linux-2.6.16.y/testing/ChangeLog-2.6.16.57-rc1",
"refsource": "MISC",
"name": "ftp://ftp.kernel.org/pub/linux/kernel/people/bunk/linux-2.6.16.y/testing/ChangeLog-2.6.16.57-rc1"
},
{
"url": "http://git.kernel.org/?p=linux/kernel/git/avi/kvm.git%3Ba=commitdiff%3Bh=04045f98e0457aba7d4e6736f37eed189c48a5f7",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/avi/kvm.git%3Ba=commitdiff%3Bh=04045f98e0457aba7d4e6736f37eed189c48a5f7"
},
{
"url": "http://secunia.com/advisories/27555",
"refsource": "MISC",
"name": "http://secunia.com/advisories/27555"
},
{
"url": "http://secunia.com/advisories/27614",
"refsource": "MISC",
"name": "http://secunia.com/advisories/27614"
},
{
"url": "http://secunia.com/advisories/27824",
"refsource": "MISC",
"name": "http://secunia.com/advisories/27824"
},
{
"url": "http://secunia.com/advisories/28033",
"refsource": "MISC",
"name": "http://secunia.com/advisories/28033"
},
{
"url": "http://secunia.com/advisories/28162",
"refsource": "MISC",
"name": "http://secunia.com/advisories/28162"
},
{
"url": "http://secunia.com/advisories/28170",
"refsource": "MISC",
"name": "http://secunia.com/advisories/28170"
},
{
"url": "http://secunia.com/advisories/28971",
"refsource": "MISC",
"name": "http://secunia.com/advisories/28971"
},
{
"url": "http://www.debian.org/security/2007/dsa-1428",
"refsource": "MISC",
"name": "http://www.debian.org/security/2007/dsa-1428"
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:226",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:226"
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:232",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:232"
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:008",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:008"
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:105",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:105"
},
{
"url": "http://www.novell.com/linux/security/advisories/2007_59_kernel.html",
"refsource": "MISC",
"name": "http://www.novell.com/linux/security/advisories/2007_59_kernel.html"
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2007-0993.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2007-0993.html"
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2007-1104.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2007-1104.html"
},
{
"url": "http://www.securityfocus.com/bid/26337",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/26337"
},
{
"url": "http://www.ubuntu.com/usn/usn-558-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/usn-558-1"
},
{
"url": "http://www.ubuntu.com/usn/usn-578-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/usn-578-1"
},
{
"url": "http://www.vupen.com/english/advisories/2007/3718",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2007/3718"
},
{
"url": "https://access.redhat.com/errata/RHSA-2007:0993",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2007:0993"
},
{
"url": "https://access.redhat.com/errata/RHSA-2007:1104",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2007:1104"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2007-4997",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2007-4997"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=346341",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=346341"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38247",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38247"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10596",
"refsource": "MISC",
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10596"
}
]
}

136
2007/5xxx/CVE-2007-5961.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-5961",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
"value": "CVE-2007-5961 RHN XSS flaw"
}
]
},
@ -44,38 +21,109 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Network Satellite Server v 5.0",
"version": {
"version_data": [
{
"version_value": "0:2.0s10-3.38.rhn",
"version_affected": "!"
},
{
"version_value": "0:1.4.2.10-1jpp.2.el4",
"version_affected": "!"
},
{
"version_value": "0:0.9.20-3.rhn",
"version_affected": "!"
},
{
"version_value": "0:2.1.30-11.RHEL4.6",
"version_affected": "!"
},
{
"version_value": "0:2.24-1.el4",
"version_affected": "!"
},
{
"version_value": "0:1.3.27-36.rhn.rhel4",
"version_affected": "!"
},
{
"version_value": "0:1.2.23-2rhn.rhel4",
"version_affected": "!"
},
{
"version_value": "0:1.29-16.rhel4",
"version_affected": "!"
},
{
"version_value": "0:2.8.12-8.rhn.10.rhel4",
"version_affected": "!"
},
{
"version_value": "0:5.0.30-0jpp_10rh",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "1020051",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020051"
"url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=396641",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=396641"
"url": "https://access.redhat.com/errata/RHSA-2008:0261",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2008:0261"
},
{
"name": "RHSA-2008:0261",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
"url": "http://osvdb.org/45765",
"refsource": "MISC",
"name": "http://osvdb.org/45765"
},
{
"name": "45765",
"refsource": "OSVDB",
"url": "http://osvdb.org/45765"
"url": "http://www.securitytracker.com/id?1020051",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1020051"
},
{
"name": "redhat-network-channelsearch-xss(42559)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42559"
"url": "https://access.redhat.com/security/cve/CVE-2007-5961",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2007-5961"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=396641",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=396641"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42559",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42559"
}
]
}

339
2010/3xxx/CVE-2010-3864.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3864",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography."
"value": "CVE-2010-3864 OpenSSL TLS extension parsing race condition"
}
]
},
@ -44,228 +21,268 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:1.0.0-4.el6_0.1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "FEDORA-2010-17827",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051170.html"
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "HPSBGN02740",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=132828103218869&w=2"
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "MISC",
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "SSA:2010-326-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793"
"url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
"url": "http://support.apple.com/kb/HT4723",
"refsource": "MISC",
"name": "http://support.apple.com/kb/HT4723"
},
{
"name": "ADV-2010-3041",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3041"
"url": "http://secunia.com/advisories/57353",
"refsource": "MISC",
"name": "http://secunia.com/advisories/57353"
},
{
"name": "http://support.apple.com/kb/HT4723",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4723"
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564",
"refsource": "MISC",
"name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
},
{
"name": "SSRT100741",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=132828103218869&w=2"
"url": "http://secunia.com/advisories/42309",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42309"
},
{
"name": "1024743",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024743"
"url": "http://secunia.com/advisories/42413",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42413"
},
{
"name": "http://blogs.sun.com/security/entry/cve_2010_3864_race_condition",
"refsource": "CONFIRM",
"url": "http://blogs.sun.com/security/entry/cve_2010_3864_race_condition"
"url": "http://secunia.com/advisories/43312",
"refsource": "MISC",
"name": "http://secunia.com/advisories/43312"
},
{
"name": "42413",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42413"
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc",
"refsource": "MISC",
"name": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc"
},
{
"name": "FEDORA-2010-17826",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051255.html"
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793",
"refsource": "MISC",
"name": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793"
},
{
"name": "http://openssl.org/news/secadv_20101116.txt",
"refsource": "CONFIRM",
"url": "http://openssl.org/news/secadv_20101116.txt"
"url": "http://www.vupen.com/english/advisories/2010/3077",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2010/3077"
},
{
"name": "APPLE-SA-2011-06-23-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777",
"refsource": "MISC",
"name": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
},
{
"name": "SUSE-SR:2010:022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
"url": "http://marc.info/?l=bugtraq&m=130497251507577&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=130497251507577&w=2"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
"refsource": "MLIST",
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
"url": "http://secunia.com/advisories/44269",
"refsource": "MISC",
"name": "http://secunia.com/advisories/44269"
},
{
"name": "FEDORA-2010-17847",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051237.html"
"url": "http://www.kb.cert.org/vuls/id/737740",
"refsource": "MISC",
"name": "http://www.kb.cert.org/vuls/id/737740"
},
{
"name": "VU#737740",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/737740"
"url": "http://blogs.sun.com/security/entry/cve_2010_3864_race_condition",
"refsource": "MISC",
"name": "http://blogs.sun.com/security/entry/cve_2010_3864_race_condition"
},
{
"name": "RHSA-2010:0888",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0888.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051170.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051170.html"
},
{
"name": "42397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42397"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051237.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051237.html"
},
{
"name": "SSRT100475",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130497251507577&w=2"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051255.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051255.html"
},
{
"name": "42241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42241"
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=649304",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=649304"
"url": "http://marc.info/?l=bugtraq&m=129916880600544&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=129916880600544&w=2"
},
{
"name": "HPSBMA02658",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
"url": "http://marc.info/?l=bugtraq&m=132828103218869&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=132828103218869&w=2"
},
{
"name": "SSRT100413",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
"url": "http://openssl.org/news/secadv_20101116.txt",
"refsource": "MISC",
"name": "http://openssl.org/news/secadv_20101116.txt"
},
{
"name": "HPSBUX02638",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=129916880600544&w=2"
"url": "http://secunia.com/advisories/42241",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42241"
},
{
"name": "57353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57353"
"url": "http://secunia.com/advisories/42243",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42243"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
"refsource": "MLIST",
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
"url": "http://secunia.com/advisories/42336",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42336"
},
{
"name": "ADV-2010-3097",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3097"
"url": "http://secunia.com/advisories/42352",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42352"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-11.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-11.html"
"url": "http://secunia.com/advisories/42397",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42397"
},
{
"name": "42336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42336"
"url": "http://securitytracker.com/id?1024743",
"refsource": "MISC",
"name": "http://securitytracker.com/id?1024743"
},
{
"name": "42309",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42309"
"url": "http://www.adobe.com/support/security/bulletins/apsb11-11.html",
"refsource": "MISC",
"name": "http://www.adobe.com/support/security/bulletins/apsb11-11.html"
},
{
"name": "ADV-2010-3077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3077"
"url": "http://www.debian.org/security/2010/dsa-2125",
"refsource": "MISC",
"name": "http://www.debian.org/security/2010/dsa-2125"
},
{
"name": "FreeBSD-SA-10:10",
"refsource": "FREEBSD",
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc"
"url": "http://www.vupen.com/english/advisories/2010/3041",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2010/3041"
},
{
"name": "44269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44269"
"url": "http://www.vupen.com/english/advisories/2010/3097",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"name": "43312",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43312"
"url": "http://www.vupen.com/english/advisories/2010/3121",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2010/3121"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
"url": "https://access.redhat.com/errata/RHSA-2010:0888",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0888"
},
{
"name": "42243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42243"
"url": "https://access.redhat.com/security/cve/CVE-2010-3864",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-3864"
},
{
"name": "HPSBOV02670",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130497251507577&w=2"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=649304",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=649304"
},
{
"name": "ADV-2010-3121",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3121"
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html",
"refsource": "MISC",
"name": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
},
{
"name": "SSRT100339",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=129916880600544&w=2"
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html",
"refsource": "MISC",
"name": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
},
{
"name": "42352",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42352"
},
"url": "https://rhn.redhat.com/errata/RHSA-2010-0888.html",
"refsource": "MISC",
"name": "https://rhn.redhat.com/errata/RHSA-2010-0888.html"
}
]
},
"impact": {
"cvss": [
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "DSA-2125",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2125"
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

307
2010/4xxx/CVE-2010-4170.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4170",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file."
"value": "CVE-2010-4170 Systemtap: Insecure loading of modules"
}
]
},
@ -44,108 +21,200 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 4",
"version": {
"version_data": [
{
"version_value": "0:0.6.2-2.el4_8.3",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:1.1-3.el5_5.3",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:1.2-11.el6_0",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "systemtap-staprun-priv-escalation(63344)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63344"
},
{
"name": "[systemtap] 20101117 important systemtap security fix",
"refsource": "MLIST",
"url": "http://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html"
},
{
"name": "FEDORA-2010-17873",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051127.html"
},
{
"name": "15620",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15620"
},
{
"name": "42263",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42263"
},
{
"name": "FEDORA-2010-17865",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051115.html"
},
{
"name": "http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commit;h=b7565b41228bea196cefa3a7d43ab67f8f9152e2",
"refsource": "CONFIRM",
"url": "http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commit;h=b7565b41228bea196cefa3a7d43ab67f8f9152e2"
},
{
"name": "RHSA-2010:0894",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0894.html"
},
{
"name": "RHSA-2010:0895",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0895.html"
},
{
"name": "42306",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42306"
},
{
"name": "44914",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44914"
},
{
"name": "DSA-2348",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2348"
},
{
"name": "1024754",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024754"
},
{
"name": "46920",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46920"
},
{
"name": "42256",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42256"
},
{
"name": "42318",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42318"
},
{
"name": "FEDORA-2010-17868",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051122.html"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051115.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152569/SystemTap-1.3-MODPROBE_OPTIONS-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/152569/SystemTap-1.3-MODPROBE_OPTIONS-Privilege-Escalation.html"
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051115.html"
},
{
"refsource": "EXPLOIT-DB",
"name": "46730",
"url": "https://www.exploit-db.com/exploits/46730/"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051122.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051122.html"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051127.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051127.html"
},
{
"url": "http://packetstormsecurity.com/files/152569/SystemTap-1.3-MODPROBE_OPTIONS-Privilege-Escalation.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152569/SystemTap-1.3-MODPROBE_OPTIONS-Privilege-Escalation.html"
},
{
"url": "http://secunia.com/advisories/42256",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42256"
},
{
"url": "http://secunia.com/advisories/42263",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42263"
},
{
"url": "http://secunia.com/advisories/42306",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42306"
},
{
"url": "http://secunia.com/advisories/42318",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42318"
},
{
"url": "http://secunia.com/advisories/46920",
"refsource": "MISC",
"name": "http://secunia.com/advisories/46920"
},
{
"url": "http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=commit%3Bh=b7565b41228bea196cefa3a7d43ab67f8f9152e2",
"refsource": "MISC",
"name": "http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git%3Ba=commit%3Bh=b7565b41228bea196cefa3a7d43ab67f8f9152e2"
},
{
"url": "http://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html",
"refsource": "MISC",
"name": "http://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html"
},
{
"url": "http://www.debian.org/security/2011/dsa-2348",
"refsource": "MISC",
"name": "http://www.debian.org/security/2011/dsa-2348"
},
{
"url": "http://www.exploit-db.com/exploits/15620",
"refsource": "MISC",
"name": "http://www.exploit-db.com/exploits/15620"
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2010-0894.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2010-0894.html"
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2010-0895.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2010-0895.html"
},
{
"url": "http://www.securityfocus.com/bid/44914",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/44914"
},
{
"url": "http://www.securitytracker.com/id?1024754",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1024754"
},
{
"url": "https://access.redhat.com/errata/RHSA-2010:0894",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0894"
},
{
"url": "https://access.redhat.com/errata/RHSA-2010:0895",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0895"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2010-4170",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-4170"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=653604",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=653604"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63344",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63344"
},
{
"url": "https://www.exploit-db.com/exploits/46730/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/46730/"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.2,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

248
2010/4xxx/CVE-2010-4252.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4252",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol."
"value": "CVE-2010-4252 openssl: session key retrieval flaw in J-PAKE implementation"
}
]
},
@ -44,103 +21,148 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
},
{
"name": "SSA:2010-340-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471"
},
{
"name": "oval:org.mitre.oval:def:19039",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19039"
},
{
"name": "ADV-2010-3120",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3120"
},
{
"name": "ADV-2010-3122",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3122"
},
{
"name": "http://cvs.openssl.org/chngview?cn=20098",
"refsource": "CONFIRM",
"url": "http://cvs.openssl.org/chngview?cn=20098"
},
{
"name": "42469",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42469"
},
{
"name": "SSRT100475",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130497251507577&w=2"
},
{
"name": "45163",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45163"
},
{
"name": "1024823",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024823"
},
{
"name": "HPSBUX02638",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=129916880600544&w=2"
},
{
"name": "57353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57353"
},
{
"name": "http://openssl.org/news/secadv_20101202.txt",
"refsource": "CONFIRM",
"url": "http://openssl.org/news/secadv_20101202.txt"
},
{
"name": "HPSBOV02670",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130497251507577&w=2"
},
{
"name": "SSRT100339",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=129916880600544&w=2"
},
{
"name": "https://github.com/seb-m/jpake",
"url": "http://secunia.com/advisories/57353",
"refsource": "MISC",
"url": "https://github.com/seb-m/jpake"
"name": "http://secunia.com/advisories/57353"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=659297",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=659297"
},
{
"name": "http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf",
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564",
"refsource": "MISC",
"url": "http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf"
"name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
},
{
"url": "http://marc.info/?l=bugtraq&m=130497251507577&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=130497251507577&w=2"
},
{
"url": "http://marc.info/?l=bugtraq&m=129916880600544&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=129916880600544&w=2"
},
{
"url": "http://cvs.openssl.org/chngview?cn=20098",
"refsource": "MISC",
"name": "http://cvs.openssl.org/chngview?cn=20098"
},
{
"url": "http://openssl.org/news/secadv_20101202.txt",
"refsource": "MISC",
"name": "http://openssl.org/news/secadv_20101202.txt"
},
{
"url": "http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf",
"refsource": "MISC",
"name": "http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf"
},
{
"url": "http://secunia.com/advisories/42469",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42469"
},
{
"url": "http://securitytracker.com/id?1024823",
"refsource": "MISC",
"name": "http://securitytracker.com/id?1024823"
},
{
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471",
"refsource": "MISC",
"name": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471"
},
{
"url": "http://www.securityfocus.com/bid/45163",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/45163"
},
{
"url": "http://www.vupen.com/english/advisories/2010/3120",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2010/3120"
},
{
"url": "http://www.vupen.com/english/advisories/2010/3122",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2010/3122"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2010-4252",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-4252"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=659297",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=659297"
},
{
"url": "https://github.com/seb-m/jpake",
"refsource": "MISC",
"name": "https://github.com/seb-m/jpake"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19039",
"refsource": "MISC",
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19039"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

225
2010/4xxx/CVE-2010-4253.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4253",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document."
"value": "CVE-2010-4253 OpenOffice.org: heap based buffer overflow in PPT import"
}
]
},
@ -44,108 +21,184 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "1:3.1.1-19.5.el5_5.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "1:3.2.1-19.6.el6_0.5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "40775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40775"
"url": "http://secunia.com/advisories/40775",
"refsource": "MISC",
"name": "http://secunia.com/advisories/40775"
},
{
"name": "46031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46031"
"url": "http://secunia.com/advisories/43105",
"refsource": "MISC",
"name": "http://secunia.com/advisories/43105"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=658259",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=658259"
"url": "http://secunia.com/advisories/60799",
"refsource": "MISC",
"name": "http://secunia.com/advisories/60799"
},
{
"name": "DSA-2151",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2151"
"url": "http://ubuntu.com/usn/usn-1056-1",
"refsource": "MISC",
"name": "http://ubuntu.com/usn/usn-1056-1"
},
{
"name": "60799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60799"
"url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml",
"refsource": "MISC",
"name": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
"url": "http://www.vupen.com/english/advisories/2011/0230",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2011/0230"
},
{
"name": "GLSA-201408-19",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
"url": "http://www.vupen.com/english/advisories/2011/0279",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2011/0279"
},
{
"name": "http://www.openoffice.org/security/cves/CVE-2010-4253.html",
"refsource": "CONFIRM",
"url": "http://www.openoffice.org/security/cves/CVE-2010-4253.html"
"url": "http://secunia.com/advisories/42999",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42999"
},
{
"name": "43065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43065"
"url": "http://secunia.com/advisories/43065",
"refsource": "MISC",
"name": "http://secunia.com/advisories/43065"
},
{
"name": "ADV-2011-0230",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0230"
"url": "http://www.debian.org/security/2011/dsa-2151",
"refsource": "MISC",
"name": "http://www.debian.org/security/2011/dsa-2151"
},
{
"name": "70717",
"refsource": "OSVDB",
"url": "http://osvdb.org/70717"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027"
},
{
"name": "1025002",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025002"
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "ADV-2011-0232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0232"
"url": "http://www.redhat.com/support/errata/RHSA-2011-0182.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2011-0182.html"
},
{
"name": "RHSA-2011:0182",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0182.html"
"url": "http://www.securityfocus.com/bid/46031",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/46031"
},
{
"name": "USN-1056-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1056-1"
"url": "http://www.securitytracker.com/id?1025002",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1025002"
},
{
"name": "ADV-2011-0279",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0279"
"url": "http://www.vupen.com/english/advisories/2011/0232",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2011/0232"
},
{
"name": "43105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43105"
"url": "https://access.redhat.com/errata/RHSA-2011:0182",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2011:0182"
},
{
"name": "MDVSA-2011:027",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027"
"url": "https://access.redhat.com/errata/RHSA-2011:0183",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2011:0183"
},
{
"name": "42999",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42999"
"url": "http://osvdb.org/70717",
"refsource": "MISC",
"name": "http://osvdb.org/70717"
},
{
"url": "http://www.openoffice.org/security/cves/CVE-2010-4253.html",
"refsource": "MISC",
"name": "http://www.openoffice.org/security/cves/CVE-2010-4253.html"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2010-4253",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-4253"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=658259",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=658259"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

302
2010/4xxx/CVE-2010-4541.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4541",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long \"Number of lights\" field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself."
"value": "CVE-2010-4541 Gimp: Stack-based buffer overflow in SphereDesigner plug-in"
}
]
},
@ -44,103 +21,200 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 4",
"version": {
"version_data": [
{
"version_value": "1:2.0.5-7.0.7.el4.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "2:2.2.13-2.0.7.el5_6.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "2:2.6.9-4.el6_1.1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "DSA-2426",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2426"
},
{
"name": "GLSA-201209-23",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-23.xml"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=666793",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=666793"
},
{
"name": "ADV-2011-0016",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0016"
},
{
"name": "RHSA-2011:0839",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0839.html"
},
{
"name": "RHSA-2011:0837",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0837.html"
},
{
"name": "SUSE-SR:2011:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "RHSA-2011:0838",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0838.html"
},
{
"name": "[oss-security] 20110104 Re: CVE request for buffer overflows in gimp",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/04/7"
},
{
"name": "44750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44750"
},
{
"name": "42771",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42771"
},
{
"name": "70281",
"refsource": "OSVDB",
"url": "http://osvdb.org/70281"
},
{
"name": "50737",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50737"
},
{
"name": "[oss-security] 20110103 CVE request for buffer overflows in gimp",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/03/2"
},
{
"name": "48236",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48236"
},
{
"name": "gimp-sphere-designer-bo(64581)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64581"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497"
"name": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "MDVSA-2011:103",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:103"
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497",
"refsource": "MISC",
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497"
},
{
"url": "http://openwall.com/lists/oss-security/2011/01/03/2",
"refsource": "MISC",
"name": "http://openwall.com/lists/oss-security/2011/01/03/2"
},
{
"url": "http://openwall.com/lists/oss-security/2011/01/04/7",
"refsource": "MISC",
"name": "http://openwall.com/lists/oss-security/2011/01/04/7"
},
{
"url": "http://secunia.com/advisories/42771",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42771"
},
{
"url": "http://secunia.com/advisories/44750",
"refsource": "MISC",
"name": "http://secunia.com/advisories/44750"
},
{
"url": "http://secunia.com/advisories/48236",
"refsource": "MISC",
"name": "http://secunia.com/advisories/48236"
},
{
"url": "http://secunia.com/advisories/50737",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50737"
},
{
"url": "http://security.gentoo.org/glsa/glsa-201209-23.xml",
"refsource": "MISC",
"name": "http://security.gentoo.org/glsa/glsa-201209-23.xml"
},
{
"url": "http://www.debian.org/security/2012/dsa-2426",
"refsource": "MISC",
"name": "http://www.debian.org/security/2012/dsa-2426"
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:103",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:103"
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2011-0838.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2011-0838.html"
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2011-0839.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2011-0839.html"
},
{
"url": "http://www.vupen.com/english/advisories/2011/0016",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2011/0016"
},
{
"url": "https://access.redhat.com/errata/RHSA-2011:0838",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2011:0838"
},
{
"url": "https://access.redhat.com/errata/RHSA-2011:0839",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2011:0839"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=666793",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=666793"
},
{
"url": "http://osvdb.org/70281",
"refsource": "MISC",
"name": "http://osvdb.org/70281"
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2011-0837.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2011-0837.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2011:0837",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2011:0837"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2010-4541",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-4541"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=703403",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=703403"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64581",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64581"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

105
2017/15xxx/CVE-2017-15086.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-10-24T00:00:00",
"ID": "CVE-2017-15086",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gluster Storage for RHEL 6",
"version": {
"version_data": [
{
"version_value": "3.3"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,28 +21,81 @@
"description": [
{
"lang": "eng",
"value": "CWE-300"
"value": "Channel Accessible by Non-Endpoint",
"cweId": "CWE-300"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Gluster Storage 3.3 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:4.6.3-8.el6rhs",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "101555",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101555"
"url": "http://www.securityfocus.com/bid/101555",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/101555"
},
{
"name": "RHSA-2017:3110",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3110"
"url": "https://access.redhat.com/errata/RHSA-2017:3110",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3110"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15086",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15086"
"url": "https://access.redhat.com/security/cve/CVE-2017-15086",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-15086"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1505785",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1505785"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15086",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15086"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
]
}

105
2017/15xxx/CVE-2017-15087.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-10-24T00:00:00",
"ID": "CVE-2017-15087",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gluster Storage for RHEL 6",
"version": {
"version_data": [
{
"version_value": "3.3"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,28 +21,81 @@
"description": [
{
"lang": "eng",
"value": "CWE-200"
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Gluster Storage 3.3 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:4.6.3-8.el6rhs",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:3110",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3110"
"url": "https://access.redhat.com/errata/RHSA-2017:3110",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3110"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15087",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15087"
"url": "http://www.securityfocus.com/bid/101556",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/101556"
},
{
"name": "101556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101556"
"url": "https://access.redhat.com/security/cve/CVE-2017-15087",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-15087"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1505788",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1505788"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15087",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15087"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
]
}

129
2017/15xxx/CVE-2017-15096.json
View File

@ -1,41 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-10-19T00:00:00",
"ID": "CVE-2017-15096",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GlusterFS",
"version": {
"version_data": [
{
"version_value": "Prior to 3.10"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service."
"value": "CVE-2017-15096 glusterfs: Null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c"
}
]
},
@ -45,18 +21,105 @@
"description": [
{
"lang": "eng",
"value": "Null pointer dereference"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Native Client for RHEL 7 for Red Hat Storage",
"version": {
"version_data": [
{
"version_value": "0:6.0-21.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Gluster Storage 3.5 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:6.0-21.el7rhgs",
"version_affected": "!"
},
{
"version_value": "0:7.7-16.el7rhgs",
"version_affected": "!"
},
{
"version_value": "0:70.7.0-3.el7rhgs",
"version_affected": "!"
},
{
"version_value": "0:3.5.0.0-1.el7rhgs",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:6.0-21.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1504255",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1504255"
"url": "https://access.redhat.com/errata/RHEA-2019:3249",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHEA-2019:3249"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-15096",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-15096"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1504255",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1504255"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 1.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
}

1226
2017/15xxx/CVE-2017-15100.json
View File

File diff suppressed because it is too large Load Diff

103
2017/15xxx/CVE-2017-15103.json
View File

@ -1,41 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-12-18T00:00:00",
"ID": "CVE-2017-15103",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Heketi",
"version": {
"version_data": [
{
"version_value": "5.0"
}
]
}
}
]
},
"vendor_name": "Heketi"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation."
"value": "A security-check flaw was found in the way the Heketi server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation."
}
]
},
@ -45,28 +21,77 @@
"description": [
{
"lang": "eng",
"value": "CWE-78"
"value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Gluster Storage 3.3 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:5.0.0-19.el7rhgs",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1510147",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510147"
"url": "https://access.redhat.com/errata/RHSA-2017:3481",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3481"
},
{
"name": "RHSA-2017:3481",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3481"
"url": "https://access.redhat.com/security/cve/CVE-2017-15103",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-15103"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2017-15103",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/cve/CVE-2017-15103"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510147",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1510147"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Markus Krell (NTT Security) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}

109
2017/15xxx/CVE-2017-15104.json
View File

@ -1,41 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-12-18T00:00:00",
"ID": "CVE-2017-15104",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Heketi",
"version": {
"version_data": [
{
"version_value": "5.0"
}
]
}
}
]
},
"vendor_name": "Heketi"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file."
"value": "An access flaw was found in heketi, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file."
}
]
},
@ -45,33 +21,82 @@
"description": [
{
"lang": "eng",
"value": "CWE-552"
"value": "Files or Directories Accessible to External Parties",
"cweId": "CWE-552"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Gluster Storage 3.3 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:5.0.0-19.el7rhgs",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:3481",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3481"
"url": "https://access.redhat.com/errata/RHSA-2017:3481",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3481"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1510149",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510149"
"url": "https://access.redhat.com/security/cve/CVE-2017-15104",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-15104"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2017-15104",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/cve/CVE-2017-15104"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510149",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1510149"
},
{
"name": "https://github.com/heketi/heketi/releases/tag/v5.0.1",
"refsource": "CONFIRM",
"url": "https://github.com/heketi/heketi/releases/tag/v5.0.1"
"url": "https://github.com/heketi/heketi/releases/tag/v5.0.1",
"refsource": "MISC",
"name": "https://github.com/heketi/heketi/releases/tag/v5.0.1"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Siddharth Sharma (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
}

129
2017/15xxx/CVE-2017-15116.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-15116",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux kernel",
"version": {
"version_data": [
{
"version_value": "Linux kernel"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference)."
"value": "A flaw was found in the Linux kernel's random number generator API. A null pointer dereference in the rngapi_reset function may result in denial of service, crashing the system."
}
]
},
@ -44,43 +21,101 @@
"description": [
{
"lang": "eng",
"value": "null pointer dereference"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-862.rt56.804.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-862.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1485815",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1485815"
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1514609",
"url": "https://access.redhat.com/errata/RHSA-2018:0676",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1514609"
"name": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"name": "RHSA-2018:1062",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"name": "RHSA-2018:0676",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6",
"url": "https://access.redhat.com/errata/RHSA-2018:1062",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6"
"name": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"name": "https://github.com/torvalds/linux/commit/94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6",
"url": "https://access.redhat.com/security/cve/CVE-2017-15116",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6"
"name": "https://access.redhat.com/security/cve/CVE-2017-15116"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1485815",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1485815"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1514609",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1514609"
},
{
"url": "https://github.com/torvalds/linux/commit/94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by ChunYu Wang (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
}

139
2017/15xxx/CVE-2017-15121.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-12-05T00:00:00",
"ID": "CVE-2017-15121",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux",
"version": {
"version_data": [
{
"version_value": "6, 7"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,43 +21,112 @@
"description": [
{
"lang": "eng",
"value": "CWE-20"
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-754.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-862.rt56.804.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-862.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1520893",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1520893"
"url": "https://access.redhat.com/errata/RHSA-2018:0676",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"name": "RHSA-2018:1854",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
"url": "https://access.redhat.com/errata/RHSA-2018:1062",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"name": "RHSA-2018:1062",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1062"
"url": "http://www.securityfocus.com/bid/102128",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/102128"
},
{
"name": "RHSA-2018:0676",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
"url": "https://access.redhat.com/errata/RHSA-2018:1854",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name": "102128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102128"
"url": "https://access.redhat.com/security/cve/CVE-2017-15121",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-15121"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K42142782?utm_source=f5support&utm_medium=RSS",
"url": "https://support.f5.com/csp/article/K42142782?utm_source=f5support&utm_medium=RSS"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1520893",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1520893"
},
{
"url": "https://support.f5.com/csp/article/K42142782?utm_source=f5support&amp%3Butm_medium=RSS",
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K42142782?utm_source=f5support&amp%3Butm_medium=RSS"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Miklos Szeredi (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

138
2017/15xxx/CVE-2017-15126.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-15126",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux Kernel before 4.13.6",
"version": {
"version_data": [
{
"version_value": "Linux Kernel before 4.13.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd_ctx_put()."
"value": "A flaw was found in the Linux kernel's handling of fork failure when dealing with event messages in the userfaultfd code. Failure to fork correctly can create a fork event that will be removed from an already freed list of events."
}
]
},
@ -44,53 +21,106 @@
"description": [
{
"lang": "eng",
"value": "CWE-119"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-862.rt56.804.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-862.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "102516",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102516"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=384632e67e0829deb8015ee6ad916b180049d252",
"url": "https://access.redhat.com/errata/RHSA-2018:0676",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=384632e67e0829deb8015ee6ad916b180049d252"
"name": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1523481",
"url": "https://access.redhat.com/errata/RHSA-2018:1062",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523481"
"name": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"name": "RHSA-2018:1062",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"name": "https://github.com/torvalds/linux/commit/384632e67e0829deb8015ee6ad916b180049d252",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=384632e67e0829deb8015ee6ad916b180049d252",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/384632e67e0829deb8015ee6ad916b180049d252"
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=384632e67e0829deb8015ee6ad916b180049d252"
},
{
"name": "RHSA-2018:0676",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6",
"url": "http://www.securityfocus.com/bid/102516",
"refsource": "MISC",
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6"
"name": "http://www.securityfocus.com/bid/102516"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2017-15126",
"url": "https://access.redhat.com/security/cve/CVE-2017-15126",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2017-15126"
"name": "https://access.redhat.com/security/cve/CVE-2017-15126"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523481",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1523481"
},
{
"url": "https://github.com/torvalds/linux/commit/384632e67e0829deb8015ee6ad916b180049d252",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/384632e67e0829deb8015ee6ad916b180049d252"
},
{
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6",
"refsource": "MISC",
"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Andrea Arcangeli (Red Hat Engineering)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}

233
2017/15xxx/CVE-2017-15129.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-15129",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux kernel v4.0-rc1 through v4.15-rc5",
"version": {
"version_data": [
{
"version_value": "Linux kernel v4.0-rc1 through v4.15-rc5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely."
"value": "A use-after-free vulnerability was found in a network namespaces code affecting the Linux kernel since v4.0-rc1 through v4.15-rc5. The function get_net_ns_by_id() does not check for the net::count value after it has found a peer network in netns_ids idr which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely."
}
]
},
@ -44,108 +21,176 @@
"description": [
{
"lang": "eng",
"value": "CWE-362"
"value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
"cweId": "CWE-362"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-862.rt56.804.el7",
"version_affected": "!"
},
{
"version_value": "0:4.14.0-49.el7a",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-862.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.55.1.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-3617-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3617-1/"
},
{
"name": "USN-3619-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3619-2/"
},
{
"name": "USN-3617-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3617-3/"
},
{
"name": "https://marc.info/?l=linux-netdev&m=151370451121029&w=2",
"url": "https://access.redhat.com/errata/RHSA-2018:0676",
"refsource": "MISC",
"url": "https://marc.info/?l=linux-netdev&m=151370451121029&w=2"
"name": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"name": "https://marc.info/?t=151370468900001&r=1&w=2",
"url": "https://access.redhat.com/errata/RHSA-2018:1062",
"refsource": "MISC",
"url": "https://marc.info/?t=151370468900001&r=1&w=2"
"name": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"name": "USN-3632-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3632-1/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1531174",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531174"
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0"
},
{
"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11",
"url": "http://seclists.org/oss-sec/2018/q1/7",
"refsource": "MISC",
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11"
"name": "http://seclists.org/oss-sec/2018/q1/7"
},
{
"name": "https://github.com/torvalds/linux/commit/21b5944350052d2583e82dd59b19a9ba94a007f0",
"url": "http://www.securityfocus.com/bid/102485",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/21b5944350052d2583e82dd59b19a9ba94a007f0"
"name": "http://www.securityfocus.com/bid/102485"
},
{
"name": "RHSA-2018:1062",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"name": "RHSA-2018:0654",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0654"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2017-15129",
"url": "https://access.redhat.com/errata/RHSA-2018:0654",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2017-15129"
"name": "https://access.redhat.com/errata/RHSA-2018:0654"
},
{
"name": "102485",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102485"
},
{
"name": "http://seclists.org/oss-sec/2018/q1/7",
"url": "https://access.redhat.com/errata/RHSA-2019:1946",
"refsource": "MISC",
"url": "http://seclists.org/oss-sec/2018/q1/7"
"name": "https://access.redhat.com/errata/RHSA-2019:1946"
},
{
"name": "RHSA-2018:0676",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0",
"url": "https://access.redhat.com/security/cve/CVE-2017-15129",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0"
"name": "https://access.redhat.com/security/cve/CVE-2017-15129"
},
{
"name": "USN-3617-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3617-2/"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531174",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1531174"
},
{
"name": "USN-3619-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3619-1/"
"url": "https://github.com/torvalds/linux/commit/21b5944350052d2583e82dd59b19a9ba94a007f0",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/21b5944350052d2583e82dd59b19a9ba94a007f0"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1946",
"url": "https://access.redhat.com/errata/RHSA-2019:1946"
"url": "https://marc.info/?l=linux-netdev&m=151370451121029&w=2",
"refsource": "MISC",
"name": "https://marc.info/?l=linux-netdev&m=151370451121029&w=2"
},
{
"url": "https://marc.info/?t=151370468900001&r=1&w=2",
"refsource": "MISC",
"name": "https://marc.info/?t=151370468900001&r=1&w=2"
},
{
"url": "https://usn.ubuntu.com/3617-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3617-1/"
},
{
"url": "https://usn.ubuntu.com/3617-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3617-2/"
},
{
"url": "https://usn.ubuntu.com/3617-3/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3617-3/"
},
{
"url": "https://usn.ubuntu.com/3619-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3619-1/"
},
{
"url": "https://usn.ubuntu.com/3619-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3619-2/"
},
{
"url": "https://usn.ubuntu.com/3632-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3632-1/"
},
{
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11",
"refsource": "MISC",
"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Kirill Tkhai for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
]
}

107
2017/15xxx/CVE-2017-15131.json
View File

@ -1,41 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-05-24T00:00:00",
"ID": "CVE-2017-15131",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RHEL shipped xdg-user-dirs and gnome-session",
"version": {
"version_data": [
{
"version_value": "before 0.15-5"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux."
"value": "It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users."
}
]
},
@ -45,28 +21,81 @@
"description": [
{
"lang": "eng",
"value": "CWE-284"
"value": "Incorrect Privilege Assignment",
"cweId": "CWE-266"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:0.15-5.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1412762",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412762"
"url": "https://access.redhat.com/errata/RHSA-2018:0842",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0842"
},
{
"name": "RHSA-2018:0842",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0842"
"url": "https://access.redhat.com/security/cve/CVE-2017-15131",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-15131"
},
{
"refsource": "MLIST",
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412762",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1412762"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455094",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1455094"
},
{
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
}

174
2017/2xxx/CVE-2017-2583.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2583",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a \"MOV SS, NULL selector\" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application."
"value": "Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest."
}
]
},
@ -44,63 +21,142 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Execution with Unnecessary Privileges",
"cweId": "CWE-250"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.26.1.rt56.442.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-514.26.1.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1414735",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414735"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=33ab91103b3415e12457e3104f0e4517ce12d0f3",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=33ab91103b3415e12457e3104f0e4517ce12d0f3"
},
{
"name": "https://github.com/torvalds/linux/commit/33ab91103b3415e12457e3104f0e4517ce12d0f3",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/33ab91103b3415e12457e3104f0e4517ce12d0f3"
"url": "http://www.debian.org/security/2017/dsa-3791",
"refsource": "MISC",
"name": "http://www.debian.org/security/2017/dsa-3791"
},
{
"name": "RHSA-2017:1615",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1615"
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5"
},
{
"name": "[oss-security] 20170119 CVE-2017-2583 Kernel: Kvm: vmx/svm potential privilege escalation inside guest",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/19/2"
"url": "http://www.openwall.com/lists/oss-security/2017/01/19/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/01/19/2"
},
{
"name": "USN-3754-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3754-1/"
"url": "http://www.securityfocus.com/bid/95673",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/95673"
},
{
"name": "95673",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95673"
"url": "https://access.redhat.com/errata/RHSA-2017:1615",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1615"
},
{
"name": "RHSA-2017:1616",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1616"
"url": "https://access.redhat.com/errata/RHSA-2017:1616",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1616"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=33ab91103b3415e12457e3104f0e4517ce12d0f3",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=33ab91103b3415e12457e3104f0e4517ce12d0f3"
"url": "https://access.redhat.com/security/cve/CVE-2017-2583",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2583"
},
{
"name": "DSA-3791",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3791"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414735",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1414735"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5"
"url": "https://github.com/torvalds/linux/commit/33ab91103b3415e12457e3104f0e4517ce12d0f3",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/33ab91103b3415e12457e3104f0e4517ce12d0f3"
},
{
"url": "https://usn.ubuntu.com/3754-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3754-1/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Xiaohan Zhang (Huawei Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}

302
2017/2xxx/CVE-2017-2625.json
View File

@ -1,106 +1,260 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2625",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libXdmcp",
"version": {
"version_data": [
{
"version_value": "1.1.2"
}
]
}
}
]
},
"vendor_name": "Xorg"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions."
"value": "It was discovered that libXdmcp used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-331"
"value": "Insufficient Entropy",
"cweId": "CWE-331"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.4.74-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.3.1-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.5.6-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.3-3.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.9-9.el7",
"version_affected": "!"
},
{
"version_value": "0:1.6.3-2.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.1-3.el7",
"version_affected": "!"
},
{
"version_value": "0:0.24-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.6.5-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.13-4.el7",
"version_affected": "!"
},
{
"version_value": "0:1.12-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.14-8.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.2-6.el7",
"version_affected": "!"
},
{
"version_value": "0:5.0.3-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.5.2-1.el7",
"version_affected": "!"
},
{
"version_value": "0:2.0.1-2.el7",
"version_affected": "!"
},
{
"version_value": "0:1.7.9-1.el7",
"version_affected": "!"
},
{
"version_value": "0:0.7.1-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.9-3.el7",
"version_affected": "!"
},
{
"version_value": "0:3.5.12-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.5.1-2.el7",
"version_affected": "!"
},
{
"version_value": "0:0.9.10-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.5-3.el7",
"version_affected": "!"
},
{
"version_value": "0:1.2.3-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.11-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.10-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.4-1.el7",
"version_affected": "!"
},
{
"version_value": "0:17.0.1-6.20170307.el7",
"version_affected": "!"
},
{
"version_value": "0:3.9.1-3.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.39.1-2.el7",
"version_affected": "!"
},
{
"version_value": "0:1.12-2.el7",
"version_affected": "!"
},
{
"version_value": "0:2.20-1.el7",
"version_affected": "!"
},
{
"version_value": "0:7.7-20.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "GLSA-201704-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-03"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625"
},
{
"name": "RHSA-2017:1865",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1865"
},
{
"name": "1037919",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037919"
},
{
"name": "https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f"
},
{
"name": "96480",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96480"
},
{
"name": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/",
"url": "http://www.securityfocus.com/bid/96480",
"refsource": "MISC",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"
"name": "http://www.securityfocus.com/bid/96480"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191125 [SECURITY] [DLA 2006-1] libxdmcp security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00024.html"
"url": "http://www.securitytracker.com/id/1037919",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037919"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:1865",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1865"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-2625",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2625"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1424987",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1424987"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625"
},
{
"url": "https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f",
"refsource": "MISC",
"name": "https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00024.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2019/11/msg00024.html"
},
{
"url": "https://security.gentoo.org/glsa/201704-03",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201704-03"
},
{
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/",
"refsource": "MISC",
"name": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Eric Sesterhenn (X41 D-Sec GmbH) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
]
}

308
2017/2xxx/CVE-2017-2626.json
View File

@ -1,111 +1,265 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2626",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libICE",
"version": {
"version_data": [
{
"version_value": "1.0.9-8"
}
]
}
}
]
},
"vendor_name": "Xorg"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list."
"value": "It was discovered that libICE used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.2/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-331"
"value": "Insufficient Entropy",
"cweId": "CWE-331"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.4.74-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.3.1-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.5.6-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.3-3.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.9-9.el7",
"version_affected": "!"
},
{
"version_value": "0:1.6.3-2.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.1-3.el7",
"version_affected": "!"
},
{
"version_value": "0:0.24-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.6.5-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.13-4.el7",
"version_affected": "!"
},
{
"version_value": "0:1.12-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.14-8.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.2-6.el7",
"version_affected": "!"
},
{
"version_value": "0:5.0.3-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.5.2-1.el7",
"version_affected": "!"
},
{
"version_value": "0:2.0.1-2.el7",
"version_affected": "!"
},
{
"version_value": "0:1.7.9-1.el7",
"version_affected": "!"
},
{
"version_value": "0:0.7.1-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.9-3.el7",
"version_affected": "!"
},
{
"version_value": "0:3.5.12-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.5.1-2.el7",
"version_affected": "!"
},
{
"version_value": "0:0.9.10-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.5-3.el7",
"version_affected": "!"
},
{
"version_value": "0:1.2.3-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.11-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.10-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.4-1.el7",
"version_affected": "!"
},
{
"version_value": "0:17.0.1-6.20170307.el7",
"version_affected": "!"
},
{
"version_value": "0:3.9.1-3.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.39.1-2.el7",
"version_affected": "!"
},
{
"version_value": "0:1.12-2.el7",
"version_affected": "!"
},
{
"version_value": "0:2.20-1.el7",
"version_affected": "!"
},
{
"version_value": "0:7.7-20.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://cgit.freedesktop.org/xorg/lib/libICE/commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/xorg/lib/libICE/commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b"
},
{
"name": "GLSA-201704-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-03"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2626",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2626"
},
{
"name": "RHSA-2017:1865",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1865"
},
{
"name": "1037919",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037919"
},
{
"name": "96480",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96480"
},
{
"name": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/",
"url": "http://www.securityfocus.com/bid/96480",
"refsource": "MISC",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"
"name": "http://www.securityfocus.com/bid/96480"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190714 Fwd: [ANNOUNCE] libICE 1.0.10",
"url": "http://www.openwall.com/lists/oss-security/2019/07/14/3"
"url": "http://www.securitytracker.com/id/1037919",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037919"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191123 [SECURITY] [DLA 2002-1] libice security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00022.html"
"url": "https://access.redhat.com/errata/RHSA-2017:1865",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1865"
},
{
"url": "https://security.gentoo.org/glsa/201704-03",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201704-03"
},
{
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/",
"refsource": "MISC",
"name": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2019/07/14/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2019/07/14/3"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-2626",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2626"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1424992",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1424992"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2626",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2626"
},
{
"url": "https://cgit.freedesktop.org/xorg/lib/libICE/commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b",
"refsource": "MISC",
"name": "https://cgit.freedesktop.org/xorg/lib/libICE/commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00022.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2019/11/msg00022.html"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Eric Sesterhenn (X41 D-Sec GmbH) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L",
"version": "3.0"
}
]
}

233
2017/2xxx/CVE-2017-2637.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2637",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rhosp-director",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,69 +15,201 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "9.9/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306"
"value": "Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform director 7.0 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:0.8.6-135.el7ost",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-6.el7ost",
"version_affected": "!"
},
{
"version_value": "0:0.0.10-34.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"version": {
"version_data": [
{
"version_value": "1:14.0.3-9.el7ost",
"version_affected": "!"
},
{
"version_value": "0:5.4.1-6.el7ost",
"version_affected": "!"
},
{
"version_value": "0:5.2.0-15.el7ost",
"version_affected": "!"
},
{
"version_value": "0:5.2.0-3.el7ost",
"version_affected": "!"
},
{
"version_value": "0:9.5.0-4.el7ost",
"version_affected": "!"
},
{
"version_value": "0:5.5.0-12.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty) director",
"version": {
"version_data": [
{
"version_value": "0:0.8.14-29.el7ost",
"version_affected": "!"
},
{
"version_value": "0:0.0.5-2.el7ost",
"version_affected": "!"
},
{
"version_value": "0:0.3.4-14.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka) director",
"version": {
"version_data": [
{
"version_value": "0:2.0.0-57.el7ost",
"version_affected": "!"
},
{
"version_value": "0:2.0.0-6.el7ost",
"version_affected": "!"
},
{
"version_value": "0:2.0.0-14.el7ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1546",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1546"
"url": "http://www.securityfocus.com/bid/98576",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/98576"
},
{
"name": "RHSA-2017:1537",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1537"
"url": "https://access.redhat.com/errata/RHSA-2017:1242",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1242"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2637",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2637"
"url": "https://access.redhat.com/errata/RHSA-2017:1504",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1504"
},
{
"name": "98576",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98576"
"url": "https://access.redhat.com/errata/RHSA-2017:1537",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1537"
},
{
"name": "https://wiki.openstack.org/wiki/OSSN/OSSN-0007",
"refsource": "CONFIRM",
"url": "https://wiki.openstack.org/wiki/OSSN/OSSN-0007"
"url": "https://access.redhat.com/errata/RHSA-2017:1546",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1546"
},
{
"name": "https://access.redhat.com/solutions/3022771",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/solutions/3022771"
"url": "https://access.redhat.com/security/cve/CVE-2017-2637",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2637"
},
{
"name": "RHSA-2017:1242",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1242"
"url": "https://access.redhat.com/solutions/3022771",
"refsource": "MISC",
"name": "https://access.redhat.com/solutions/3022771"
},
{
"name": "RHSA-2017:1504",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1504"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1428240",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1428240"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2637",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2637"
},
{
"url": "https://wiki.openstack.org/wiki/OSSN/OSSN-0007",
"refsource": "MISC",
"name": "https://wiki.openstack.org/wiki/OSSN/OSSN-0007"
}
]
},
"work_around": [
{
"lang": "en",
"value": "A KCS article with more details on this flaw is available at: https://access.redhat.com/solutions/3022771"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by David Gurtner (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.0"
}
]
}

327
2017/2xxx/CVE-2017-2639.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2639",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CloudForms",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,55 +15,293 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
[
{
"vectorString": "7.1/AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295"
"value": "Improper Certificate Validation",
"cweId": "CWE-295"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "CloudForms Management Engine 5.8",
"version": {
"version_data": [
{
"version_value": "0:2.2.1.0-2.el7",
"version_affected": "!"
},
{
"version_value": "0:3.1.2-1.el7at",
"version_affected": "!"
},
{
"version_value": "0:0.1.7-1.el7",
"version_affected": "!"
},
{
"version_value": "0:5.8.0.17-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:19.0.4-1.el7at",
"version_affected": "!"
},
{
"version_value": "0:1.5.1-2.el7cf",
"version_affected": "!"
},
{
"version_value": "0:2.0.0-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.17-23.el7",
"version_affected": "!"
},
{
"version_value": "0:0.42.0-4.el7",
"version_affected": "!"
},
{
"version_value": "1:1.10.2-1.el7at",
"version_affected": "!"
},
{
"version_value": "0:9.4.11-2PGDG.el7at",
"version_affected": "!"
},
{
"version_value": "0:9.0r2-10.el7cf",
"version_affected": "!"
},
{
"version_value": "0:2.6.1-7.el7",
"version_affected": "!"
},
{
"version_value": "0:0.11-4.el7",
"version_affected": "!"
},
{
"version_value": "0:0.9.1-2.1.el7",
"version_affected": "!"
},
{
"version_value": "0:0.71c-2.el7",
"version_affected": "!"
},
{
"version_value": "0:0.6.10-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.15.2-3.el7",
"version_affected": "!"
},
{
"version_value": "0:1.6.5-1.1.el7",
"version_affected": "!"
},
{
"version_value": "0:3.6.5-1.el7at",
"version_affected": "!"
},
{
"version_value": "0:1.2.1-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:3.1.3-2.el7cf",
"version_affected": "!"
},
{
"version_value": "0:3.1.10-3.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.0.7-6.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.9.8-4.el7cf",
"version_affected": "!"
},
{
"version_value": "0:2.7.2-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.6.0-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:2.0.2-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.2.1-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.1.0-2.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.1.0-3.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.6.8-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:4.1.5-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.18.2-5.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.1.7-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:3.3.0-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.1.0-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.25.0-b10.2.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.7.0-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.0.7.1-3.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.6.3-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.4-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.06-1.el7",
"version_affected": "!"
},
{
"version_value": "0:3.1.3-3.el7",
"version_affected": "!"
},
{
"version_value": "0:1.3.14-7.el7cf",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "98769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98769"
"url": "http://www.securityfocus.com/bid/98769",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/98769"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2639",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2639"
"url": "http://www.securitytracker.com/id/1038599",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1038599"
},
{
"name": "RHSA-2017:1367",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1367"
"url": "https://access.redhat.com/errata/RHSA-2017:1367",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1367"
},
{
"name": "1038599",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038599"
"url": "https://access.redhat.com/security/cve/CVE-2017-2639",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-2639"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429632",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1429632"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2639",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2639"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
}

229
2017/5xxx/CVE-2017-5579.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-5579",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations."
"value": "CVE-2017-5579 Qemu: serial: host memory leakage 16550A UART emulation"
}
]
},
@ -44,53 +21,199 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Missing Release of Resource after Effective Lifetime",
"cweId": "CWE-772"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 11.0 (Ocata)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-14.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
"url": "https://access.redhat.com/errata/RHSA-2017:2392",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "[oss-security] 20170124 CVE request Qemu: serial: host memory leakage in 16550A UART emulation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/24/8"
"url": "https://access.redhat.com/errata/RHSA-2017:2408",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201702-28",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-28"
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b",
"refsource": "MISC",
"name": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b"
},
{
"name": "95780",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95780"
"url": "http://www.openwall.com/lists/oss-security/2017/01/24/8",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/01/24/8"
},
{
"name": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b",
"refsource": "CONFIRM",
"url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b"
"url": "http://www.openwall.com/lists/oss-security/2017/01/25/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/01/25/3"
},
{
"name": "[oss-security] 20170125 Re: CVE request Qemu: serial: host memory leakage in 16550A UART emulation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/25/3"
"url": "http://www.securityfocus.com/bid/95780",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/95780"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
"url": "https://access.redhat.com/security/cve/CVE-2017-5579",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-5579"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416157",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1416157"
},
{
"url": "https://security.gentoo.org/glsa/201702-28",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201702-28"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Li Qiang (360.cn Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
]
}

130
2017/5xxx/CVE-2017-5884.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-5884",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile."
"value": "It was found that gtk-vnc lacked proper bounds checking while processing messages using RRE, hextile, or copyrect encodings. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library."
}
]
},
@ -44,48 +21,101 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:0.7.0-2.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170203 CVE request for two input validation flaws in gtk-vnc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/03/5"
"url": "http://www.openwall.com/lists/oss-security/2017/02/03/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/02/03/5"
},
{
"name": "96016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96016"
"url": "http://www.openwall.com/lists/oss-security/2017/02/05/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/02/05/5"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=778048",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=778048"
"url": "http://www.securityfocus.com/bid/96016",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/96016"
},
{
"name": "RHSA-2017:2258",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2258"
"url": "https://access.redhat.com/errata/RHSA-2017:2258",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2258"
},
{
"name": "FEDORA-2017-ab04a91edd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LGPQ5MQR6SN4DYTEFACHP2PP5RR26KYK/"
"url": "https://access.redhat.com/security/cve/CVE-2017-5884",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-5884"
},
{
"name": "https://git.gnome.org/browse/gtk-vnc/commit/?id=ea0386933214c9178aaea9f2f85049ea3fa3e14a",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/gtk-vnc/commit/?id=ea0386933214c9178aaea9f2f85049ea3fa3e14a"
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=778048",
"refsource": "MISC",
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=778048"
},
{
"name": "[oss-security] 20170204 Re: CVE request for two input validation flaws in gtk-vnc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/05/5"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418944",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1418944"
},
{
"url": "https://git.gnome.org/browse/gtk-vnc/commit/?id=ea0386933214c9178aaea9f2f85049ea3fa3e14a",
"refsource": "MISC",
"name": "https://git.gnome.org/browse/gtk-vnc/commit/?id=ea0386933214c9178aaea9f2f85049ea3fa3e14a"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGPQ5MQR6SN4DYTEFACHP2PP5RR26KYK/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGPQ5MQR6SN4DYTEFACHP2PP5RR26KYK/"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
}

130
2017/5xxx/CVE-2017-5885.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-5885",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow."
"value": "An integer overflow flaw was found in gtk-vnc. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library."
}
]
},
@ -44,48 +21,101 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Integer Overflow or Wraparound",
"cweId": "CWE-190"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:0.7.0-2.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://git.gnome.org/browse/gtk-vnc/commit/?id=c8583fd3783c5b811590fcb7bae4ce6e7344963e",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/gtk-vnc/commit/?id=c8583fd3783c5b811590fcb7bae4ce6e7344963e"
"url": "http://www.openwall.com/lists/oss-security/2017/02/03/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/02/03/5"
},
{
"name": "[oss-security] 20170203 CVE request for two input validation flaws in gtk-vnc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/03/5"
"url": "http://www.openwall.com/lists/oss-security/2017/02/05/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/02/05/5"
},
{
"name": "96016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96016"
"url": "http://www.securityfocus.com/bid/96016",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/96016"
},
{
"name": "RHSA-2017:2258",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2258"
"url": "https://access.redhat.com/errata/RHSA-2017:2258",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2258"
},
{
"name": "FEDORA-2017-ab04a91edd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LGPQ5MQR6SN4DYTEFACHP2PP5RR26KYK/"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGPQ5MQR6SN4DYTEFACHP2PP5RR26KYK/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGPQ5MQR6SN4DYTEFACHP2PP5RR26KYK/"
},
{
"name": "[oss-security] 20170204 Re: CVE request for two input validation flaws in gtk-vnc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/05/5"
"url": "https://access.redhat.com/security/cve/CVE-2017-5885",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-5885"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=778050",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=778050"
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=778050",
"refsource": "MISC",
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=778050"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418952",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1418952"
},
{
"url": "https://git.gnome.org/browse/gtk-vnc/commit/?id=c8583fd3783c5b811590fcb7bae4ce6e7344963e",
"refsource": "MISC",
"name": "https://git.gnome.org/browse/gtk-vnc/commit/?id=c8583fd3783c5b811590fcb7bae4ce6e7344963e"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
}

188
2017/7xxx/CVE-2017-7472.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7472",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux kernel before 4.10.13",
"version": {
"version_data": [
{
"version_value": "Linux kernel before 4.10.13"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls."
"value": "A vulnerability was found in the Linux kernel where the keyctl_set_reqkey_keyring() function leaks the thread keyring. This allows an unprivileged local user to exhaust kernel memory and thus cause a DoS."
}
]
},
@ -44,88 +21,151 @@
"description": [
{
"lang": "eng",
"value": "exhaust kernel memory"
"value": "Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.17.1.rt56.636.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-693.17.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-693.17.1.rt56.604.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c9f838d104fed6f2f61d68164712e3204bf5271b",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c9f838d104fed6f2f61d68164712e3204bf5271b"
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"name": "https://lkml.org/lkml/2017/4/3/724",
"refsource": "CONFIRM",
"url": "https://lkml.org/lkml/2017/4/3/724"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c9f838d104fed6f2f61d68164712e3204bf5271b",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c9f838d104fed6f2f61d68164712e3204bf5271b"
},
{
"name": "RHSA-2018:0181",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0181"
"url": "http://openwall.com/lists/oss-security/2017/05/11/1",
"refsource": "MISC",
"name": "http://openwall.com/lists/oss-security/2017/05/11/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1442086",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1442086"
"url": "http://www.securityfocus.com/bid/98422",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/98422"
},
{
"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.13",
"refsource": "CONFIRM",
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.13"
"url": "http://www.securitytracker.com/id/1038471",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1038471"
},
{
"name": "SUSE-SU-2018:0011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
"url": "https://access.redhat.com/errata/RHSA-2018:0151",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0151"
},
{
"name": "RHSA-2018:0152",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0152"
"url": "https://access.redhat.com/errata/RHSA-2018:0152",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0152"
},
{
"name": "https://github.com/torvalds/linux/commit/c9f838d104fed6f2f61d68164712e3204bf5271b",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/c9f838d104fed6f2f61d68164712e3204bf5271b"
"url": "https://access.redhat.com/errata/RHSA-2018:0181",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0181"
},
{
"name": "98422",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98422"
"url": "https://access.redhat.com/security/cve/CVE-2017-7472",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-7472"
},
{
"name": "1038471",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038471"
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1034862",
"refsource": "MISC",
"name": "https://bugzilla.novell.com/show_bug.cgi?id=1034862"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=1034862",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1034862"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1442086",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1442086"
},
{
"name": "42136",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42136/"
"url": "https://github.com/torvalds/linux/commit/c9f838d104fed6f2f61d68164712e3204bf5271b",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/c9f838d104fed6f2f61d68164712e3204bf5271b"
},
{
"name": "http://openwall.com/lists/oss-security/2017/05/11/1",
"refsource": "CONFIRM",
"url": "http://openwall.com/lists/oss-security/2017/05/11/1"
"url": "https://lkml.org/lkml/2017/4/1/235",
"refsource": "MISC",
"name": "https://lkml.org/lkml/2017/4/1/235"
},
{
"name": "RHSA-2018:0151",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0151"
"url": "https://lkml.org/lkml/2017/4/3/724",
"refsource": "MISC",
"name": "https://lkml.org/lkml/2017/4/3/724"
},
{
"name": "https://lkml.org/lkml/2017/4/1/235",
"refsource": "CONFIRM",
"url": "https://lkml.org/lkml/2017/4/1/235"
"url": "https://www.exploit-db.com/exploits/42136/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/42136/"
},
{
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.13",
"refsource": "MISC",
"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.13"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

153
2017/7xxx/CVE-2017-7502.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7502",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nss",
"version": {
"version_data": [
{
"version_value": "since 3.24.0"
}
]
}
}
]
},
"vendor_name": "NSS project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker."
"value": "A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library."
}
]
},
@ -44,58 +21,122 @@
"description": [
{
"lang": "eng",
"value": "CWE-476"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:3.28.4-3.el6_9",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.28.4-1.2.el7_3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1365",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1365"
"url": "http://www.debian.org/security/2017/dsa-3872",
"refsource": "MISC",
"name": "http://www.debian.org/security/2017/dsa-3872"
},
{
"name": "1038579",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038579"
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "98744",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98744"
"url": "http://www.securityfocus.com/bid/98744",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/98744"
},
{
"name": "RHSA-2017:1712",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1712"
"url": "http://www.securitytracker.com/id/1038579",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1038579"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"url": "https://access.redhat.com/errata/RHSA-2017:1364",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1364"
},
{
"name": "https://hg.mozilla.org/projects/nss/rev/55ea60effd0d",
"refsource": "CONFIRM",
"url": "https://hg.mozilla.org/projects/nss/rev/55ea60effd0d"
"url": "https://access.redhat.com/errata/RHSA-2017:1365",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1365"
},
{
"name": "RHSA-2017:1364",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1364"
"url": "https://access.redhat.com/errata/RHSA-2017:1567",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1567"
},
{
"name": "RHSA-2017:1567",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1567"
"url": "https://access.redhat.com/errata/RHSA-2017:1712",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1712"
},
{
"name": "DSA-3872",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3872"
"url": "https://access.redhat.com/security/cve/CVE-2017-7502",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-7502"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446631",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1446631"
},
{
"url": "https://hg.mozilla.org/projects/nss/rev/55ea60effd0d",
"refsource": "MISC",
"name": "https://hg.mozilla.org/projects/nss/rev/55ea60effd0d"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

999
2017/7xxx/CVE-2017-7514.json
View File

File diff suppressed because it is too large Load Diff

268
2017/7xxx/CVE-2017-7533.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7533",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux kernel through 4.12.4",
"version": {
"version_data": [
{
"version_value": "Linux kernel through 4.12.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions."
"value": "A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation."
}
]
},
@ -44,113 +21,204 @@
"description": [
{
"lang": "eng",
"value": "race condition"
"value": "External Control of Critical State Data",
"cweId": "CWE-642"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.2.1.rt56.620.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-693.1.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.2 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-327.61.3.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.3 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.32.2.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-693.2.1.rt56.585.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "DSA-3927",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3927"
},
{
"name": "https://patchwork.kernel.org/patch/9755757/",
"url": "https://source.android.com/security/bulletin/2017-12-01",
"refsource": "MISC",
"url": "https://patchwork.kernel.org/patch/9755757/"
"name": "https://source.android.com/security/bulletin/2017-12-01"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1468283",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468283"
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e"
},
{
"name": "100123",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100123"
},
{
"name": "RHSA-2017:2669",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"name": "RHSA-2017:2473",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2473"
},
{
"name": "http://openwall.com/lists/oss-security/2017/08/03/2",
"url": "http://openwall.com/lists/oss-security/2017/08/03/2",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/08/03/2"
"name": "http://openwall.com/lists/oss-security/2017/08/03/2"
},
{
"name": "RHSA-2017:2585",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2585"
},
{
"name": "https://patchwork.kernel.org/patch/9755753/",
"url": "http://www.debian.org/security/2017/dsa-3927",
"refsource": "MISC",
"url": "https://patchwork.kernel.org/patch/9755753/"
"name": "http://www.debian.org/security/2017/dsa-3927"
},
{
"name": "https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e",
"url": "http://www.debian.org/security/2017/dsa-3945",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e"
"name": "http://www.debian.org/security/2017/dsa-3945"
},
{
"name": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1408967.html",
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/7",
"refsource": "MISC",
"url": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1408967.html"
"name": "http://www.openwall.com/lists/oss-security/2019/06/27/7"
},
{
"name": "DSA-3945",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3945"
},
{
"name": "https://source.android.com/security/bulletin/2017-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-12-01"
},
{
"name": "1039075",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039075"
},
{
"name": "RHSA-2017:2770",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2770"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e",
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/1",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e"
"name": "http://www.openwall.com/lists/oss-security/2019/06/28/1"
},
{
"name": "RHSA-2017:2869",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2869"
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft",
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/7"
"url": "http://www.securityfocus.com/bid/100123",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/100123"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/1"
"url": "http://www.securitytracker.com/id/1039075",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1039075"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
"url": "https://access.redhat.com/errata/RHSA-2017:2473",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2473"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2585",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2585"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2669",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2770",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2770"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2869",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2869"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-7533",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-7533"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468283",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1468283"
},
{
"url": "https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e"
},
{
"url": "https://patchwork.kernel.org/patch/9755753/",
"refsource": "MISC",
"name": "https://patchwork.kernel.org/patch/9755753/"
},
{
"url": "https://patchwork.kernel.org/patch/9755757/",
"refsource": "MISC",
"name": "https://patchwork.kernel.org/patch/9755757/"
},
{
"url": "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html",
"refsource": "MISC",
"name": "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Andrew Aday (Columbia University), Fan Wu (The University of Hong Kong), Leilei Lin (Alibaba Group), Shankara Pailoor (Columbia University), and Shixiong Zhao (The University of Hong Kong) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}

148
2017/7xxx/CVE-2017-7562.json
View File

@ -1,109 +1,121 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7562",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "krb5",
"version": {
"version_data": [
{
"version_value": "1.16.1"
}
]
}
}
]
},
"vendor_name": "MIT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances."
"value": "An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-287"
"value": "Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.15.1-18.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2",
"refsource": "CONFIRM",
"url": "https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2"
"url": "http://www.securityfocus.com/bid/100511",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/100511"
},
{
"name": "100511",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100511"
"url": "https://access.redhat.com/errata/RHSA-2018:0666",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0666"
},
{
"name": "https://github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aefcc196",
"refsource": "CONFIRM",
"url": "https://github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aefcc196"
"url": "https://access.redhat.com/security/cve/CVE-2017-7562",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-7562"
},
{
"name": "https://github.com/krb5/krb5/pull/694",
"refsource": "CONFIRM",
"url": "https://github.com/krb5/krb5/pull/694"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1485510",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1485510"
},
{
"name": "RHSA-2018:0666",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0666"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7562",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7562"
},
{
"name": "https://github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430bf627d",
"refsource": "CONFIRM",
"url": "https://github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430bf627d"
"url": "https://github.com/krb5/krb5/pull/694",
"refsource": "MISC",
"name": "https://github.com/krb5/krb5/pull/694"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7562",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7562"
"url": "https://github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aefcc196",
"refsource": "MISC",
"name": "https://github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aefcc196"
},
{
"url": "https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2",
"refsource": "MISC",
"name": "https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2"
},
{
"url": "https://github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430bf627d",
"refsource": "MISC",
"name": "https://github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430bf627d"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
]
}

167
2018/10xxx/CVE-2018-10841.json
View File

@ -1,96 +1,149 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10841",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "glusterfs",
"version": {
"version_data": [
{
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes."
"value": "A flaw was found in glusterfs which can lead to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.6/CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288"
"value": "Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Native Client for RHEL 6 for Red Hat Storage",
"version": {
"version_data": [
{
"version_value": "0:3.8.4-54.11.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Native Client for RHEL 7 for Red Hat Storage",
"version": {
"version_data": [
{
"version_value": "0:3.8.4-54.10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Gluster Storage 3.3 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:3.8.4-54.11.el6rhs",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Gluster Storage 3.3 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:3.8.4-54.10.el7rhgs",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10841",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10841"
"url": "https://access.redhat.com/errata/RHSA-2018:1954",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1954"
},
{
"name": "RHSA-2018:1955",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1955"
"url": "https://access.redhat.com/errata/RHSA-2018:1955",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1955"
},
{
"name": "https://review.gluster.org/#/c/20328/",
"refsource": "CONFIRM",
"url": "https://review.gluster.org/#/c/20328/"
"url": "https://access.redhat.com/security/cve/CVE-2018-10841",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10841"
},
{
"name": "RHSA-2018:1954",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1954"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1582043",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1582043"
},
{
"refsource": "GENTOO",
"name": "GLSA-201904-06",
"url": "https://security.gentoo.org/glsa/201904-06"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10841",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10841"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
},
{
"url": "https://review.gluster.org/#/c/20328/",
"refsource": "MISC",
"name": "https://review.gluster.org/#/c/20328/"
},
{
"url": "https://security.gentoo.org/glsa/201904-06",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201904-06"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}

182
2018/10xxx/CVE-2018-10880.json
View File

@ -1,136 +1,156 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10880",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service."
"value": "A flaw was found in the Linux kernel's ext4 filesystem code. A stack-out-of-bounds write in ext4_update_inline_data() is possible when mounting and writing to a crafted ext4 image. An attacker could use this to cause a system crash and a denial of service."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
"value": "Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:4.14.0-115.el7a",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-3821-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3821-1/"
"url": "http://patchwork.ozlabs.org/patch/930639/",
"refsource": "MISC",
"name": "http://patchwork.ozlabs.org/patch/930639/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10880",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10880"
"url": "http://www.securityfocus.com/bid/104907",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/104907"
},
{
"name": "USN-3871-5",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-5/"
"url": "http://www.securityfocus.com/bid/106503",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/106503"
},
{
"name": "USN-3871-4",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-4/"
"url": "https://access.redhat.com/errata/RHSA-2018:2948",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
"url": "https://access.redhat.com/security/cve/CVE-2018-10880",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10880"
},
{
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=200005",
"refsource": "MISC",
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=200005"
},
{
"name": "USN-3821-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3821-2/"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596812",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1596812"
},
{
"name": "http://patchwork.ozlabs.org/patch/930639/",
"refsource": "CONFIRM",
"url": "http://patchwork.ozlabs.org/patch/930639/"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10880",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10880"
},
{
"name": "USN-3871-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-1/"
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cdb5240ec5928b20490a2bb34cb87e9a5f40226",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cdb5240ec5928b20490a2bb34cb87e9a5f40226"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cdb5240ec5928b20490a2bb34cb87e9a5f40226",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cdb5240ec5928b20490a2bb34cb87e9a5f40226"
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=200005",
"refsource": "CONFIRM",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=200005"
"url": "https://usn.ubuntu.com/3821-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3821-1/"
},
{
"name": "106503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106503"
"url": "https://usn.ubuntu.com/3821-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3821-2/"
},
{
"name": "USN-3871-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-3/"
"url": "https://usn.ubuntu.com/3871-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3871-1/"
},
{
"refsource": "BID",
"name": "104907",
"url": "http://www.securityfocus.com/bid/104907"
"url": "https://usn.ubuntu.com/3871-3/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3871-3/"
},
{
"url": "https://usn.ubuntu.com/3871-4/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3871-4/"
},
{
"url": "https://usn.ubuntu.com/3871-5/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3871-5/"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

194
2018/10xxx/CVE-2018-10881.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10881",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,104 +15,155 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.2/CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
"value": "Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-957.rt56.910.el7",
"version_affected": "!"
},
{
"version_value": "0:4.14.0-115.el7a",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-957.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-3752-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-2/"
"url": "https://usn.ubuntu.com/3754-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3754-1/"
},
{
"name": "RHSA-2018:3083",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
"url": "https://access.redhat.com/errata/RHSA-2018:2948",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "USN-3752-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-3/"
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881"
"url": "http://patchwork.ozlabs.org/patch/929792/",
"refsource": "MISC",
"name": "http://patchwork.ozlabs.org/patch/929792/"
},
{
"name": "http://patchwork.ozlabs.org/patch/929792/",
"refsource": "CONFIRM",
"url": "http://patchwork.ozlabs.org/patch/929792/"
"url": "http://www.securityfocus.com/bid/104901",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/104901"
},
{
"name": "USN-3753-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3753-2/"
"url": "https://access.redhat.com/errata/RHSA-2018:3083",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b"
"url": "https://access.redhat.com/errata/RHSA-2018:3096",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name": "104901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104901"
"url": "https://access.redhat.com/security/cve/CVE-2018-10881",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10881"
},
{
"name": "USN-3754-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3754-1/"
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=200015",
"refsource": "MISC",
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=200015"
},
{
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596828",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1596828"
},
{
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=200015",
"refsource": "CONFIRM",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=200015"
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b"
},
{
"name": "USN-3752-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-1/"
"url": "https://usn.ubuntu.com/3752-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3752-1/"
},
{
"name": "RHSA-2018:3096",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
"url": "https://usn.ubuntu.com/3752-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3752-2/"
},
{
"name": "USN-3753-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3753-1/"
"url": "https://usn.ubuntu.com/3752-3/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3752-3/"
},
{
"url": "https://usn.ubuntu.com/3753-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3753-1/"
},
{
"url": "https://usn.ubuntu.com/3753-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3753-2/"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

303
2018/10xxx/CVE-2018-10902.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10902",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,124 +15,214 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
"value": "Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-754.11.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-957.rt56.910.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-957.el7",
"version_affected": "!"
},
{
"version_value": "0:4.14.0-115.14.1.el7a",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-862.44.2.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-693.46.1.rt56.639.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:3083",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name": "USN-3776-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3776-1/"
},
{
"name": "USN-3776-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3776-2/"
},
{
"name": "USN-3847-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3847-1/"
},
{
"name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
},
{
"name": "USN-3847-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3847-2/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902"
},
{
"name": "USN-3849-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3849-1/"
},
{
"name": "RHSA-2019:0415",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0415"
},
{
"name": "USN-3849-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3849-2/"
},
{
"name": "1041529",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041529"
},
{
"name": "DSA-4308",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4308"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39675f7a7c7e7702f7d5341f1e0d01db746543a0",
"url": "https://access.redhat.com/errata/RHSA-2018:3083",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39675f7a7c7e7702f7d5341f1e0d01db746543a0"
"name": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name": "USN-3847-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3847-3/"
"url": "https://access.redhat.com/errata/RHSA-2018:3096",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name": "RHSA-2018:3096",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
"url": "http://www.securityfocus.com/bid/105119",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/105119"
},
{
"name": "105119",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105119"
"url": "http://www.securitytracker.com/id/1041529",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1041529"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:0641",
"url": "https://access.redhat.com/errata/RHSA-2019:0641"
"url": "https://access.redhat.com/errata/RHSA-2019:0415",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:0415"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3217",
"url": "https://access.redhat.com/errata/RHSA-2019:3217"
"url": "https://access.redhat.com/errata/RHSA-2019:0641",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:0641"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3967",
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
"url": "https://access.redhat.com/errata/RHSA-2019:3217",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:3217"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:3967",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-10902",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10902"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590720",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1590720"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39675f7a7c7e7702f7d5341f1e0d01db746543a0",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39675f7a7c7e7702f7d5341f1e0d01db746543a0"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
},
{
"url": "https://usn.ubuntu.com/3776-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3776-1/"
},
{
"url": "https://usn.ubuntu.com/3776-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3776-2/"
},
{
"url": "https://usn.ubuntu.com/3847-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3847-1/"
},
{
"url": "https://usn.ubuntu.com/3847-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3847-2/"
},
{
"url": "https://usn.ubuntu.com/3847-3/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3847-3/"
},
{
"url": "https://usn.ubuntu.com/3849-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3849-1/"
},
{
"url": "https://usn.ubuntu.com/3849-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3849-2/"
},
{
"url": "https://www.debian.org/security/2018/dsa-4308",
"refsource": "MISC",
"name": "https://www.debian.org/security/2018/dsa-4308"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Trend Micro Zero Day Initiative for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}

1388
2018/10xxx/CVE-2018-10917.json
View File

File diff suppressed because it is too large Load Diff

213
2018/1xxx/CVE-2018-1088.json
View File

@ -1,41 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-04-18T00:00:00",
"ID": "CVE-2018-1088",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "glusterfs",
"version": {
"version_data": [
{
"version_value": "3.x"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink."
"value": "A privilege escalation flaw was found in gluster snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink."
}
]
},
@ -45,53 +21,182 @@
"description": [
{
"lang": "eng",
"value": "CWE-266"
"value": "Incorrect Privilege Assignment",
"cweId": "CWE-266"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Native Client for RHEL 6 for Red Hat Storage",
"version": {
"version_data": [
{
"version_value": "0:3.8.4-54.7.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Native Client for RHEL 7 for Red Hat Storage",
"version": {
"version_data": [
{
"version_value": "0:3.8.4-54.6.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Gluster Storage 3.3 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:3.8.4-54.7.el6rhs",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Gluster Storage 3.3 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:3.8.4-54.6.el7rhgs",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:4.1-11.0.el7",
"version_affected": "!"
},
{
"version_value": "0:4.1-20180426.0",
"version_affected": "!"
},
{
"version_value": "0:1.0.16-0.1.el7ev",
"version_affected": "!"
},
{
"version_value": "0:4.2.0-0.20170814.0.el7",
"version_affected": "!"
},
{
"version_value": "0:4.2-3.0.el7",
"version_affected": "!"
},
{
"version_value": "0:4.2-20180508.0",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:1137",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1137"
"url": "https://access.redhat.com/errata/RHSA-2018:1524",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1524"
},
{
"name": "RHSA-2018:1275",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1275"
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
},
{
"name": "RHSA-2018:1524",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1524"
"url": "https://security.gentoo.org/glsa/201904-06",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201904-06"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1558721",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558721"
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html"
},
{
"name": "RHSA-2018:1136",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1136"
"url": "https://access.redhat.com/articles/3414511",
"refsource": "MISC",
"name": "https://access.redhat.com/articles/3414511"
},
{
"refsource": "GENTOO",
"name": "GLSA-201904-06",
"url": "https://security.gentoo.org/glsa/201904-06"
"url": "https://access.redhat.com/errata/RHSA-2018:1136",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1136"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0079",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html"
"url": "https://access.redhat.com/errata/RHSA-2018:1137",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1137"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
"url": "https://access.redhat.com/errata/RHSA-2018:1275",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1275"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-1088",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-1088"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558721",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1558721"
}
]
},
"work_around": [
{
"lang": "en",
"value": "To limit exposure of gluster server nodes : \n\n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates between gluster server nodes and clients. \n\nCaveat: This would only mitigate attacks from unauthorized malicious clients. gluster clients allowed by auth.allow or having signed TLS client certificates would still be able to trigger this attack."
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by John Strunk (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
}