admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-12 23:02:41 +00:00
parent 4d8a87abfe
commit 4c00973e31
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
17 changed files with 401 additions and 1302 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

148
2015/5xxx/CVE-2015-5307.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #AC (alignment check exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel."
"value": "The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Loop with Unreachable Exit Condition ('Infinite Loop')",
"cweId": "CWE-835"
"value": "n/a"
}
]
}
@ -32,82 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-573.12.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-220.65.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.4 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-358.69.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-431.68.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.6 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-504.40.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-327.3.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.1 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-229.24.2.ael7b",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -301,79 +234,14 @@
"name": "http://xenbits.xen.org/xsa/advisory-156.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2552",
"url": "https://github.com/torvalds/linux/commit/54a20552e1eae07aa240fa370a0293e006b5faed",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2552"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2587",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2587"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2636",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2636"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2645",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2645"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0004",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0004"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0024",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0024"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0046",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0046"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5307",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5307"
"name": "https://github.com/torvalds/linux/commit/54a20552e1eae07aa240fa370a0293e006b5faed"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277172",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1277172"
},
{
"url": "https://github.com/torvalds/linux/commit/54a20552e1eae07aa240fa370a0293e006b5faed",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/54a20552e1eae07aa240fa370a0293e006b5faed"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.2,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
]
}

73
2015/5xxx/CVE-2015-5327.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5327",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,22 +27,46 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20151127 CVE-2015-5327 kernel: User triggerable out-of-bounds read",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/11/27/1"
"url": "http://www.openwall.com/lists/oss-security/2015/11/27/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/11/27/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1278978",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1278978"
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc25b994acfbc901429da682d0f73c190e960206",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc25b994acfbc901429da682d0f73c190e960206"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc25b994acfbc901429da682d0f73c190e960206",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc25b994acfbc901429da682d0f73c190e960206"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1278978",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1278978"
}
]
}

103
2015/6xxx/CVE-2015-6496.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-6496",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,47 +27,71 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-5eb2131441",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174875.html"
"url": "http://bugzilla.netfilter.org/show_bug.cgi?id=910",
"refsource": "MISC",
"name": "http://bugzilla.netfilter.org/show_bug.cgi?id=910"
},
{
"name": "[oss-security] 20150817 Re: CVE request: conntrackd denial of service with unusual network traffic",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/18/1"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174875.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174875.html"
},
{
"name": "https://git.netfilter.org/conntrack-tools/commit/?id=c392c159605956c7bd4a264ab4490e2b2704c0cd",
"refsource": "CONFIRM",
"url": "https://git.netfilter.org/conntrack-tools/commit/?id=c392c159605956c7bd4a264ab4490e2b2704c0cd"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174883.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174883.html"
},
{
"name": "FEDORA-2015-1aee5e6f0b",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174883.html"
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00015.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00015.html"
},
{
"name": "[oss-security] 20150814 CVE request: conntrackd denial of service with unusual network traffic",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/14/4"
"url": "http://www.debian.org/security/2015/dsa-3341",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3341"
},
{
"name": "openSUSE-SU-2015:1688",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00015.html"
"url": "http://www.openwall.com/lists/oss-security/2015/08/14/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/08/14/4"
},
{
"name": "http://bugzilla.netfilter.org/show_bug.cgi?id=910",
"refsource": "CONFIRM",
"url": "http://bugzilla.netfilter.org/show_bug.cgi?id=910"
"url": "http://www.openwall.com/lists/oss-security/2015/08/18/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/08/18/1"
},
{
"name": "DSA-3341",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3341"
"url": "https://git.netfilter.org/conntrack-tools/commit/?id=c392c159605956c7bd4a264ab4490e2b2704c0cd",
"refsource": "MISC",
"name": "https://git.netfilter.org/conntrack-tools/commit/?id=c392c159605956c7bd4a264ab4490e2b2704c0cd"
}
]
}

79
2015/7xxx/CVE-2015-7497.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash."
"value": "Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
"value": "n/a"
}
]
}
@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.7.6-20.el6_7.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.9.1-6.el7_2.2",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -120,21 +108,6 @@
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2834-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2549",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2549"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2550",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2550"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1089",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1089"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172",
"refsource": "MISC",
@ -151,50 +124,14 @@
"name": "http://www.securityfocus.com/bid/79508"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-7497",
"url": "https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-7497"
"name": "https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281862",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281862"
},
{
"url": "https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9",
"refsource": "MISC",
"name": "https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank the GNOME project for reporting this issue. Upstream acknowledges Kostya Serebryany as the original reporter."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}

58
2016/3xxx/CVE-2016-3738.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in the STI build process in OpenShift Enterprise. Access to STI builds was not properly restricted, allowing an attacker to use STI builds to access the Docker socket and escalate their privileges."
"value": "Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Access Control",
"cweId": "CWE-284"
"value": "n/a"
}
]
}
@ -32,20 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 3.2",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.2.0.44-1.git.0.a4463d9.el7",
"version_affected": "!"
},
{
"version_value": "0:1.4.7-1.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -62,47 +57,6 @@
"url": "https://access.redhat.com/errata/RHSA-2016:1094",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1094"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-3738",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3738"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333461",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1333461"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by David Eads (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
}

121
2016/4xxx/CVE-2016-4037.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4037",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,62 +27,86 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160418 Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/18/3"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=1ae3f2f178087711f9591350abad133525ba93f2",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=1ae3f2f178087711f9591350abad133525ba93f2"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html"
},
{
"name": "FEDORA-2016-48e72b7bc5",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html"
},
{
"name": "FEDORA-2016-35d7b09908",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html"
"url": "http://www.ubuntu.com/usn/USN-2974-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "[qemu-devel] 20160418 [PATCH 1/2] ehci: apply limit to itd/sidt descriptors",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html"
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "FEDORA-2016-75063477ca",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html"
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1ae3f2f178087711f9591350abad133525ba93f2",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1ae3f2f178087711f9591350abad133525ba93f2"
},
{
"name": "USN-2974-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2974-1"
"url": "http://www.openwall.com/lists/oss-security/2016/04/18/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/04/18/3"
},
{
"name": "86283",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/86283"
"url": "http://www.openwall.com/lists/oss-security/2016/04/18/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/04/18/6"
},
{
"name": "[qemu-devel] 20160418 Re: [PATCH 1/2] ehci: apply limit to itd/sidt descriptors",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02734.html"
"url": "http://www.securityfocus.com/bid/86283",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/86283"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html"
},
{
"name": "[oss-security] 20160418 Re: Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/18/6"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02734.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02734.html"
}
]
}

64
2016/4xxx/CVE-2016-4447.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName"
"value": "The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
"value": "n/a"
}
]
}
@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.7.6-21.el6_8.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.9.1-6.el7_2.3",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -140,11 +128,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1292"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2957",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2957"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709",
"refsource": "MISC",
@ -200,46 +183,11 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/90864"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-4447",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-4447"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1338686",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1338686"
},
{
"url": "https://git.gnome.org/browse/libxml2/commit/?id=00906759053986b8079985644172085f74331f83",
"refsource": "MISC",
"name": "https://git.gnome.org/browse/libxml2/commit/?id=00906759053986b8079985644172085f74331f83"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}
}

262
2016/4xxx/CVE-2016-4457.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CloudForms includes a default SSL/TLS certificate for the web server. This certificate is replaced at install time. However if an attacker were able to man-in-the-middle an administrator while installing the new certificate, the attacker could get a copy of the uploaded private key allowing for future attacks."
"value": "CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials",
"cweId": "CWE-798"
"value": "n/a"
}
]
}
@ -32,215 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CloudForms Management Engine 5.7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:5.7.3.2-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.7.2-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:4.1.5-1.el7cf",
"version_affected": "!"
}
]
}
},
{
"product_name": "CloudForms Management Engine 5.8",
"version": {
"version_data": [
{
"version_value": "0:2.2.1.0-2.el7",
"version_affected": "!"
},
{
"version_value": "0:3.1.2-1.el7at",
"version_affected": "!"
},
{
"version_value": "0:0.1.7-1.el7",
"version_affected": "!"
},
{
"version_value": "0:5.8.0.17-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:19.0.4-1.el7at",
"version_affected": "!"
},
{
"version_value": "0:1.5.1-2.el7cf",
"version_affected": "!"
},
{
"version_value": "0:2.0.0-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.17-23.el7",
"version_affected": "!"
},
{
"version_value": "0:0.42.0-4.el7",
"version_affected": "!"
},
{
"version_value": "1:1.10.2-1.el7at",
"version_affected": "!"
},
{
"version_value": "0:9.4.11-2PGDG.el7at",
"version_affected": "!"
},
{
"version_value": "0:9.0r2-10.el7cf",
"version_affected": "!"
},
{
"version_value": "0:2.6.1-7.el7",
"version_affected": "!"
},
{
"version_value": "0:0.11-4.el7",
"version_affected": "!"
},
{
"version_value": "0:0.9.1-2.1.el7",
"version_affected": "!"
},
{
"version_value": "0:0.71c-2.el7",
"version_affected": "!"
},
{
"version_value": "0:0.6.10-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.15.2-3.el7",
"version_affected": "!"
},
{
"version_value": "0:1.6.5-1.1.el7",
"version_affected": "!"
},
{
"version_value": "0:3.6.5-1.el7at",
"version_affected": "!"
},
{
"version_value": "0:1.2.1-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:3.1.3-2.el7cf",
"version_affected": "!"
},
{
"version_value": "0:3.1.10-3.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.0.7-6.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.9.8-4.el7cf",
"version_affected": "!"
},
{
"version_value": "0:2.7.2-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.6.0-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:2.0.2-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.2.1-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.1.0-2.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.1.0-3.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.6.8-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:4.1.5-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.18.2-5.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.1.7-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:3.3.0-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.1.0-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.25.0-b10.2.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.7.0-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.0.7.1-3.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.6.3-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.4-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.06-1.el7",
"version_affected": "!"
},
{
"version_value": "0:3.1.3-3.el7",
"version_affected": "!"
},
{
"version_value": "0:1.3.14-7.el7cf",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -268,61 +68,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1601"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-4457",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-4457"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341308",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1341308"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Simon Lukasik (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
]
}
}

193
2016/4xxx/CVE-2016-4470.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation."
"value": "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Incorrect Check of Function Return Value",
"cweId": "CWE-253"
"value": "n/a"
}
]
}
@ -32,97 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-642.6.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.4 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-358.75.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-431.74.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.6 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-504.54.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.7 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-573.35.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-327.28.2.rt56.234.el7_2",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-327.28.2.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.1 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-229.40.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-327.rt56.194.el6rt",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -170,21 +88,6 @@
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1541.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1532",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1532"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1539",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1539"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1541",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1541"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html",
"refsource": "MISC",
@ -381,94 +284,14 @@
"name": "http://www.ubuntu.com/usn/USN-3057-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1657",
"url": "https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1657"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2006",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2006"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2074",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2074"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2076",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2076"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2128",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2128"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2133",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2133"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-4470",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-4470"
"name": "https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341716",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1341716"
},
{
"url": "https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by David Howells (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}

67
2016/4xxx/CVE-2016-4471.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4471",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,17 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/ManageIQ/manageiq/pull/7856",
"refsource": "CONFIRM",
"url": "https://github.com/ManageIQ/manageiq/pull/7856"
"url": "https://github.com/ManageIQ/manageiq/pull/7856",
"refsource": "MISC",
"name": "https://github.com/ManageIQ/manageiq/pull/7856"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1340763",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340763"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340763",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1340763"
}
]
}

99
2016/4xxx/CVE-2016-4472.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4472",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716."
"value": "The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716."
}
]
},
@ -50,42 +27,66 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/tns-2016-20",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-20"
"url": "https://security.gentoo.org/glsa/201701-21",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201701-21"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1344251",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344251"
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365",
"refsource": "MISC",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365"
},
{
"name": "USN-3013-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3013-1"
"url": "https://www.tenable.com/security/tns-2016-20",
"refsource": "MISC",
"name": "https://www.tenable.com/security/tns-2016-20"
},
{
"name": "91528",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91528"
"url": "http://www.securityfocus.com/bid/91528",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/91528"
},
{
"name": "https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde"
"url": "http://www.ubuntu.com/usn/USN-3013-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3013-1"
},
{
"name": "GLSA-201701-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-21"
"url": "https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde",
"refsource": "MISC",
"name": "https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde"
},
{
"refsource": "CONFIRM",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344251",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1344251"
}
]
}

95
2021/3xxx/CVE-2021-3640.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Use After Free",
"cweId": "CWE-416"
"value": "CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), CWE-416 - Use After Free.",
"cweId": "CWE-362"
}
]
}
@ -32,35 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "0:4.18.0-425.3.1.rt7.213.el8",
"version_affected": "!"
},
{
"version_value": "0:4.18.0-425.3.1.el8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "0:5.14.0-162.6.1.rt21.168.el9_1",
"version_affected": "!"
},
{
"version_value": "0:5.14.0-162.6.1.el9_1",
"version_affected": "!"
"version_affected": "=",
"version_value": "Affects kernel v5.15.3 and prior, Fixed in v5.16-rc1 and above."
}
]
}
@ -73,6 +54,11 @@
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980646",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1980646"
},
{
"url": "https://ubuntu.com/security/CVE-2021-3640",
"refsource": "MISC",
@ -93,36 +79,6 @@
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/99c23da0eed4fd20cae8243f2b51e10e66aa0951"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:7444",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:7444"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:7683",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:7683"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:7933",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:7933"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8267",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:8267"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-3640",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3640"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980646",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1980646"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html",
"refsource": "MISC",
@ -133,11 +89,6 @@
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
},
{
"url": "https://lkml.org/lkml/2021/8/28/238",
"refsource": "MISC",
"name": "https://lkml.org/lkml/2021/8/28/238"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220419-0003/",
"refsource": "MISC",
@ -149,29 +100,5 @@
"name": "https://www.debian.org/security/2022/dsa-5096"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

73
2021/3xxx/CVE-2021-3643.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3643",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "sox 14.4.1"
}
]
@ -30,57 +52,12 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980626",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1980626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980626"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20230203 sox: patches for old vulnerabilities",
"url": "http://www.openwall.com/lists/oss-security/2023/02/03/3"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20230204 Re: sox: patches for old vulnerabilities",
"url": "http://www.openwall.com/lists/oss-security/2023/02/04/2"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20230205 Re: sox: patches for old vulnerabilities",
"url": "http://www.openwall.com/lists/oss-security/2023/02/05/1"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20230206 Re: sox: patches for old vulnerabilities",
"url": "http://www.openwall.com/lists/oss-security/2023/02/06/1"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230210 [SECURITY] [DLA 3315-1] sox security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00009.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information."
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1980626"
}
]
}

68
2021/3xxx/CVE-2021-3644.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3644",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Fixed in 16.0.1.Final, 17.0.0.Final and later."
}
]
@ -30,57 +52,37 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976052",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1976052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976052"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1976052"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-3644",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3644",
"url": "https://access.redhat.com/security/cve/CVE-2021-3644"
"name": "https://access.redhat.com/security/cve/CVE-2021-3644"
},
{
"url": "https://issues.redhat.com/browse/WFCORE-5511",
"refsource": "MISC",
"name": "https://issues.redhat.com/browse/WFCORE-5511",
"url": "https://issues.redhat.com/browse/WFCORE-5511"
"name": "https://issues.redhat.com/browse/WFCORE-5511"
},
{
"url": "https://github.com/wildfly/wildfly-core/pull/4668",
"refsource": "MISC",
"name": "https://github.com/wildfly/wildfly-core/pull/4668",
"url": "https://github.com/wildfly/wildfly-core/pull/4668"
"name": "https://github.com/wildfly/wildfly-core/pull/4668"
},
{
"url": "https://github.com/wildfly/wildfly-core/commit/6d8db43cd43b5994b7a14003db978064e086090b",
"refsource": "MISC",
"name": "https://github.com/wildfly/wildfly-core/commit/6d8db43cd43b5994b7a14003db978064e086090b",
"url": "https://github.com/wildfly/wildfly-core/commit/6d8db43cd43b5994b7a14003db978064e086090b"
"name": "https://github.com/wildfly/wildfly-core/commit/6d8db43cd43b5994b7a14003db978064e086090b"
},
{
"url": "https://github.com/wildfly/wildfly-core/commit/06dd9884f6ba50470b1fb5a35198a8784f037714",
"refsource": "MISC",
"name": "https://github.com/wildfly/wildfly-core/commit/06dd9884f6ba50470b1fb5a35198a8784f037714",
"url": "https://github.com/wildfly/wildfly-core/commit/06dd9884f6ba50470b1fb5a35198a8784f037714"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity."
"name": "https://github.com/wildfly/wildfly-core/commit/06dd9884f6ba50470b1fb5a35198a8784f037714"
}
]
}

66
2021/3xxx/CVE-2021-3658.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3658",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Fixedin - 5.61 and above."
}
]
@ -30,52 +52,32 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/issues/89",
"refsource": "MISC",
"name": "https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/issues/89",
"url": "https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/issues/89"
"name": "https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/issues/89"
},
{
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055",
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055"
"name": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055"
},
{
"url": "https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055",
"refsource": "MISC",
"name": "https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055",
"url": "https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055"
"name": "https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1984728",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1984728",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1984728"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1984728"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220407-0002/",
"url": "https://security.netapp.com/advisory/ntap-20220407-0002/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers."
"url": "https://security.netapp.com/advisory/ntap-20220407-0002/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20220407-0002/"
}
]
}

48
2021/3xxx/CVE-2021-3660.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Rendered UI Layers or Frames",
"value": "CWE-1021 - Improper Restriction of Rendered UI Layers or Frames",
"cweId": "CWE-1021"
}
]
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"product_name": "cockpit",
"version": {
"version_data": [
{
"version_value": "0:264.1-1.el8",
"version_affected": "!"
"version_affected": "=",
"version_value": "Fixed in cockpit v254 and later."
}
]
}
@ -54,6 +54,11 @@
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980688",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1980688"
},
{
"url": "https://github.com/cockpit-project/cockpit/issues/16122",
"refsource": "MISC",
@ -63,39 +68,6 @@
"url": "https://github.com/cockpit-project/cockpit/commit/8d9bc10d8128aae03dfde62fd00075fe492ead10",
"refsource": "MISC",
"name": "https://github.com/cockpit-project/cockpit/commit/8d9bc10d8128aae03dfde62fd00075fe492ead10"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:2008",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:2008"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-3660",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3660"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980688",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1980688"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

86
2021/3xxx/CVE-2021-3667.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Locking",
"value": "CWE-667 (improper Locking)",
"cweId": "CWE-667"
}
]
@ -32,38 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Advanced Virtualization for RHEL 8.2.1",
"product_name": "libvirt",
"version": {
"version_data": [
{
"version_value": "8020120210917153657.863bb0db",
"version_affected": "!"
}
]
}
},
{
"product_name": "Advanced Virtualization for RHEL 8.4.0.Z",
"version": {
"version_data": [
{
"version_value": "8040020210922084349.522a0ee4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "8050020211001230723.b4937e53",
"version_affected": "!"
"version_affected": "=",
"version_value": "Fixedin - libvert v7.6.0-rc1 and above"
}
]
}
@ -76,36 +54,16 @@
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/libvirt/libvirt/-/commit/447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87",
"refsource": "MISC",
"name": "https://gitlab.com/libvirt/libvirt/-/commit/447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:3703",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:3703"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:3704",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:3704"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:4191",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:4191"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-3667",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3667"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986094",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1986094"
},
{
"url": "https://gitlab.com/libvirt/libvirt/-/commit/447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87",
"refsource": "MISC",
"name": "https://gitlab.com/libvirt/libvirt/-/commit/447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87"
},
{
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87",
"refsource": "MISC",
@ -122,29 +80,5 @@
"name": "https://security.netapp.com/advisory/ntap-20220331-0005/"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}
}