admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-12 23:02:30 +00:00
parent ea96d54a39
commit 4d8a87abfe
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
57 changed files with 1445 additions and 3958 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
2015/5xxx/CVE-2015-5278.json
View File

@ -1,12 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5278",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -39,6 +39,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "before 2.4.0.1"
}
]
@ -53,44 +54,44 @@
"references": {
"reference_data": [
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
},
{
"url": "http://www.ubuntu.com/usn/USN-2745-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2745-1",
"url": "http://www.ubuntu.com/usn/USN-2745-1"
"name": "http://www.ubuntu.com/usn/USN-2745-1"
},
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html"
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html"
"name": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2015/09/15/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/09/15/2",
"url": "http://www.openwall.com/lists/oss-security/2015/09/15/2"
"name": "http://www.openwall.com/lists/oss-security/2015/09/15/2"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html",
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
"name": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html"
}
]
}

86
2015/5xxx/CVE-2015-5286.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A race-condition flaw was discovered in the OpenStack Image service (glance). When images in the upload state were deleted using a token close to expiration, untracked image data could accumulate in the back end. Because untracked data does not count towards the storage quota, an attacker could use this flaw to cause a denial of service through resource exhaustion."
"value": "OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption",
"cweId": "CWE-400"
"value": "n/a"
}
]
}
@ -32,49 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2014.1.5-3.el6ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2014.1.5-3.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2014.2.3-3.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2015.1.1-3.el7ost",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -92,61 +58,21 @@
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1897.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1897",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1897"
},
{
"url": "http://www.securityfocus.com/bid/76943",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/76943"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5286",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5286"
},
{
"url": "https://bugs.launchpad.net/bugs/1498163",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/bugs/1498163"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1267516",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1267516"
},
{
"url": "https://security.openstack.org/ossa/OSSA-2015-020.html",
"refsource": "MISC",
"name": "https://security.openstack.org/ossa/OSSA-2015-020.html"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}
}

131
2015/5xxx/CVE-2015-5287.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5287",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,47 +27,71 @@
}
]
},
"references": {
"reference_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"name": "RHSA-2015:2505",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2505.html"
},
"vendor_name": "n/a",
"product": {
"product_data": [
{
"name": "38832",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38832/"
},
"product_name": "n/a",
"version": {
"version_data": [
{
"name": "[oss-security] 20151201 CVE-2015-5273 + CVE-2015-5287, abrt local root in Centos/Fedora/RHEL",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/01/1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1266837",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1266837"
},
{
"name": "78137",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78137"
},
{
"name": "https://github.com/abrt/abrt/commit/3c1b60cfa62d39e5fff5a53a5bc53dae189e740e",
"refsource": "CONFIRM",
"url": "https://github.com/abrt/abrt/commit/3c1b60cfa62d39e5fff5a53a5bc53dae189e740e"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154592/ABRT-sosreport-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/154592/ABRT-sosreport-Privilege-Escalation.html"
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-2505.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2505.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2015/12/01/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/12/01/1"
},
{
"url": "http://packetstormsecurity.com/files/154592/ABRT-sosreport-Privilege-Escalation.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154592/ABRT-sosreport-Privilege-Escalation.html"
},
{
"url": "http://www.securityfocus.com/bid/78137",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/78137"
},
{
"url": "https://github.com/abrt/abrt/commit/3c1b60cfa62d39e5fff5a53a5bc53dae189e740e",
"refsource": "MISC",
"name": "https://github.com/abrt/abrt/commit/3c1b60cfa62d39e5fff5a53a5bc53dae189e740e"
},
{
"url": "https://www.exploit-db.com/exploits/38832/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/38832/"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1266837",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1266837"
}
]
}

59
2015/5xxx/CVE-2015-5306.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was discovered that enabling debug mode in openstack-ironic-discoverd also enabled debug mode in the underlying Flask framework. If errors were encountered while Flask was in debug mode, a user experiencing an error might be able to access the debug console (effectively, a command shell)."
"value": "OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Exposed Dangerous Method or Function",
"cweId": "CWE-749"
"value": "n/a"
}
]
}
@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:0.2.5-2.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform director 7.0 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:1.1.0-8.el7ost",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -75,16 +63,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1929"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2685",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2685"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5306",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5306"
},
{
"url": "https://bugs.launchpad.net/ironic-inspector/+bug/1506419",
"refsource": "MISC",
@ -96,30 +74,5 @@
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1273698"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
}
}

261
2016/2xxx/CVE-2016-2782.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2782",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,112 +27,136 @@
}
]
},
"references": {
"reference_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
"vendor_name": "n/a",
"product": {
"product_data": [
{
"name": "USN-2930-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2930-1"
},
"product_name": "n/a",
"version": {
"version_data": [
{
"name": "USN-2967-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2967-1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0"
},
{
"name": "https://github.com/torvalds/linux/commit/cac9b50b0d75a1d50d6c056ff65c005f3224c8e0",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/cac9b50b0d75a1d50d6c056ff65c005f3224c8e0"
},
{
"name": "USN-2930-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2930-2"
},
{
"name": "39539",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39539/"
},
{
"name": "USN-2967-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2967-2"
},
{
"name": "SUSE-SU-2016:1764",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-2930-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2930-3"
},
{
"name": "[oss-security] 20160228 Re: CVE request -- linux kernel: visor: crash on invalid USB device descriptors in treo_attach() in visor driver",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/02/28/9"
},
{
"name": "SUSE-SU-2016:1707",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "SUSE-SU-2016:1019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
},
{
"name": "USN-2929-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2929-1"
},
{
"name": "USN-2932-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2932-1"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "USN-2948-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2948-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1312670",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1312670"
},
{
"name": "USN-2929-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2929-2"
},
{
"name": "USN-2948-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2948-2"
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"url": "http://www.ubuntu.com/usn/USN-2929-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2929-1"
},
{
"url": "http://www.ubuntu.com/usn/USN-2929-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2929-2"
},
{
"url": "http://www.ubuntu.com/usn/USN-2930-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2930-1"
},
{
"url": "http://www.ubuntu.com/usn/USN-2930-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2930-2"
},
{
"url": "http://www.ubuntu.com/usn/USN-2930-3",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2930-3"
},
{
"url": "http://www.ubuntu.com/usn/USN-2932-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2932-1"
},
{
"url": "http://www.ubuntu.com/usn/USN-2948-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2948-1"
},
{
"url": "http://www.ubuntu.com/usn/USN-2948-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2948-2"
},
{
"url": "http://www.ubuntu.com/usn/USN-2967-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2967-1"
},
{
"url": "http://www.ubuntu.com/usn/USN-2967-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2967-2"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
},
{
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0"
},
{
"url": "http://www.openwall.com/lists/oss-security/2016/02/28/9",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/02/28/9"
},
{
"url": "https://github.com/torvalds/linux/commit/cac9b50b0d75a1d50d6c056ff65c005f3224c8e0",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/cac9b50b0d75a1d50d6c056ff65c005f3224c8e0"
},
{
"url": "https://www.exploit-db.com/exploits/39539/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/39539/"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1312670",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1312670"
}
]
}

97
2016/2xxx/CVE-2016-2847.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It is possible for a single process to cause an OOM condition by filling large pipes with data that are never read. A typical process filling 4096 pipes with 1 MB of data will use 4 GB of memory and there can be multiple such processes, up to a per-user-limit."
"value": "fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption",
"cweId": "CWE-400"
"value": "n/a"
}
]
}
@ -32,31 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.rt56.420.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-514.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.2 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-327.46.1.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -114,16 +98,6 @@
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2574",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2574"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2584",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2584"
},
{
"url": "http://www.debian.org/security/2016/dsa-3503",
"refsource": "MISC",
@ -210,69 +184,14 @@
"name": "http://www.ubuntu.com/usn/USN-2949-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0217",
"url": "https://github.com/torvalds/linux/commit/759c01142a5d0f364a462346168a56de28a80f52",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0217"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-2847",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-2847"
"name": "https://github.com/torvalds/linux/commit/759c01142a5d0f364a462346168a56de28a80f52"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1313428",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1313428"
},
{
"url": "https://github.com/torvalds/linux/commit/759c01142a5d0f364a462346168a56de28a80f52",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/759c01142a5d0f364a462346168a56de28a80f52"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Tetsuo Handa for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

228
2016/2xxx/CVE-2016-2857.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service)."
"value": "The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read",
"cweId": "CWE-125"
"value": "n/a"
}
]
}
@ -32,126 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.491.el6_8.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:1.5.3-126.el7_3.3",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.491.el6_8.7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-27.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-27.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-27.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-27.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-27.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-28.el7_3.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.491.el6_8.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-7",
"version": {
"version_data": [
{
"version_value": "10:2.6.0-28.el7_3.6",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -194,26 +83,6 @@
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0309",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0309"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0334",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0334"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0344",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0344"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0350",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0350"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html",
"refsource": "MISC",
@ -239,31 +108,6 @@
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2706.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2670",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2670"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2671",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2671"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2704",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2704"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2705",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2705"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2706",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2706"
},
{
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b",
"refsource": "MISC",
@ -288,66 +132,6 @@
"url": "http://www.securityfocus.com/bid/84130",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/84130"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0083",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0083"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-2857",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-2857"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296567",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1296567"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Ling Liu (Qihoo 360 Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L",
"version": "3.0"
}
]
}

69
2016/3xxx/CVE-2016-3070.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A security flaw was found in the Linux kernel that an attempt to move page mapped by AIO ring buffer to the other node triggers NULL pointer dereference at trace_writeback_dirty_page(), because aio_fs_backing_dev_info.dev is 0."
"value": "The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
"value": "n/a"
}
]
}
@ -32,20 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.rt56.420.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-514.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -73,16 +68,6 @@
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2574",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2574"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2584",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2584"
},
{
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=42cb14b110a5698ccf26ce59c4441722605a3743",
"refsource": "MISC",
@ -128,16 +113,6 @@
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3037-1"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-3070",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3070"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308846",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1308846"
},
{
"url": "https://github.com/torvalds/linux/commit/42cb14b110a5698ccf26ce59c4441722605a3743",
"refsource": "MISC",
@ -147,37 +122,11 @@
"url": "https://security-tracker.debian.org/tracker/CVE-2016-3070",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2016-3070"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Jan Stancek (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.7,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308846",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1308846"
}
]
}

47
2016/3xxx/CVE-2016-3072.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An input sanitization flaw was found in the scoped search parameters sort_by and sort_order in the REST API. An authenticated user could use this flaw to perform an SQL injection attack on the Katello back end database."
"value": "Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 6.1",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.2.0.86-1.el7sat",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -60,44 +59,14 @@
"name": "https://access.redhat.com/errata/RHSA-2016:1083"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-3072",
"url": "https://github.com/Katello/katello/pull/6051",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3072"
"name": "https://github.com/Katello/katello/pull/6051"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1322050",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1322050"
},
{
"url": "https://github.com/Katello/katello/pull/6051",
"refsource": "MISC",
"name": "https://github.com/Katello/katello/pull/6051"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
}

81
2016/3xxx/CVE-2016-3076.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3076",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,22 +27,46 @@
}
]
},
"references": {
"reference_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"name": "http://pillow.readthedocs.io/en/4.1.x/releasenotes/3.1.2.html",
"refsource": "CONFIRM",
"url": "http://pillow.readthedocs.io/en/4.1.x/releasenotes/3.1.2.html"
},
"vendor_name": "n/a",
"product": {
"product_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1321929",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1321929"
},
"product_name": "n/a",
"version": {
"version_data": [
{
"name": "98042",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98042"
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "http://pillow.readthedocs.io/en/4.1.x/releasenotes/3.1.2.html",
"refsource": "MISC",
"name": "http://pillow.readthedocs.io/en/4.1.x/releasenotes/3.1.2.html"
},
{
"url": "http://www.securityfocus.com/bid/98042",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/98042"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1321929",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1321929"
}
]
}

65
2016/3xxx/CVE-2016-3077.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3077",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,12 +27,36 @@
}
]
},
"references": {
"reference_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1321972",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1321972"
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1321972",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1321972"
}
]
}

121
2016/3xxx/CVE-2016-3078.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3078",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,42 +27,66 @@
}
]
},
"references": {
"reference_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"name": "https://bugs.php.net/bug.php?id=71923",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=71923"
},
"vendor_name": "n/a",
"product": {
"product_data": [
{
"name": "https://github.com/php/php-src/commit/3b8d4de300854b3517c7acb239b84f7726c1353c?w=1",
"refsource": "CONFIRM",
"url": "https://github.com/php/php-src/commit/3b8d4de300854b3517c7acb239b84f7726c1353c?w=1"
},
"product_name": "n/a",
"version": {
"version_data": [
{
"name": "[oss-security] 20160428 CVE-2016-3078: php: integer overflow in ZipArchive::getFrom*",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/28/1"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2016-3078",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-3078"
},
{
"name": "39742",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39742/"
},
{
"name": "https://php.net/ChangeLog-7.php",
"refsource": "CONFIRM",
"url": "https://php.net/ChangeLog-7.php"
},
{
"name": "1035701",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035701"
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "http://www.openwall.com/lists/oss-security/2016/04/28/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/04/28/1"
},
{
"url": "http://www.securitytracker.com/id/1035701",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1035701"
},
{
"url": "https://bugs.php.net/bug.php?id=71923",
"refsource": "MISC",
"name": "https://bugs.php.net/bug.php?id=71923"
},
{
"url": "https://github.com/php/php-src/commit/3b8d4de300854b3517c7acb239b84f7726c1353c?w=1",
"refsource": "MISC",
"name": "https://github.com/php/php-src/commit/3b8d4de300854b3517c7acb239b84f7726c1353c?w=1"
},
{
"url": "https://php.net/ChangeLog-7.php",
"refsource": "MISC",
"name": "https://php.net/ChangeLog-7.php"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2016-3078",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2016-3078"
},
{
"url": "https://www.exploit-db.com/exploits/39742/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/39742/"
}
]
}

60
2016/3xxx/CVE-2016-3079.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) flaws were found in the way certain form data was handled in Red Hat Satellite. A user able to enter form data could use these flaws to perform XSS attacks against other Satellite users."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM)."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 5.7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.3.8-134.el6sat",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -59,16 +58,6 @@
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0590.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0590",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0590"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-3079",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3079"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1320444",
"refsource": "MISC",
@ -79,11 +68,6 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1320452"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1320940",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1320940"
},
{
"url": "https://github.com/spacewalkproject/spacewalk/commit/7920542f",
"refsource": "MISC",
@ -103,37 +87,11 @@
"url": "https://github.com/spacewalkproject/spacewalk/commit/b6491eba",
"refsource": "MISC",
"name": "https://github.com/spacewalkproject/spacewalk/commit/b6491eba"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Jan Huta\u0159 (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1320940",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1320940"
}
]
}

68
2016/3xxx/CVE-2016-3097.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A stored cross-site scripting (XSS) flaw was found in the way spacewalk-java displayed group names. An attacker can embed HTML and Javascript in the values for group names in Satellite, allowing them to inject malicious content into the web page that is then displayed when viewing the snapshot data."
"value": "Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 5.7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.3.8-147.el6sat",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -59,66 +58,11 @@
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1484.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1484",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1484"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-3097",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3097"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1322747",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1322747"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Jan Huta\u0159 (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
]
}
}

586
2016/3xxx/CVE-2016-3107.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was found that the private key for the node certificate was contained in a world-readable file. A local user could possibly use this flaw to gain access to the private key information in the file."
"value": "The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the \"/etc/pki/pulp/nodes/\" directory, which allows local users to gain access to sensitive data."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
"value": "n/a"
}
]
}
@ -32,547 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 6.2 for RHEL 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:0.9.54.7-1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.49-1.el6sat",
"version_affected": "!"
},
{
"version_value": "1:1.11.0.9-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.4-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.7.6-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0-10.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.5.0-5.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.0-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0.56-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.1.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.8.3.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.1.1-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.1-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.8.3.5-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.8.6-2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.3-10.el6",
"version_affected": "!"
},
{
"version_value": "0:4.2.1-1.20140510git08b00d9.el6_6sat",
"version_affected": "!"
},
{
"version_value": "0:3.1.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.5.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.30-9.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.30-11.el6",
"version_affected": "!"
},
{
"version_value": "0:0.4-13.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.9-16.el6",
"version_affected": "!"
},
{
"version_value": "0:0.30-5.el6",
"version_affected": "!"
},
{
"version_value": "0:0.30-4.el6",
"version_affected": "!"
},
{
"version_value": "0:0.0.14-2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.6-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.10.0-1.el6_6sat",
"version_affected": "!"
},
{
"version_value": "1:1.3.6-27.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.3-3.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.5-4.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.3.6-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.2.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.2-2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.3-18.el6sat",
"version_affected": "!"
},
{
"version_value": "0:6.2.0-21.1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:6.2.0.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.2.0.9-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.8.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:6.1.0.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:5.0.0.8-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.1.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.3.17-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.10-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.0.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.14.6-3.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.25-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1.11-4.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.0.1-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1.9-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.2.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.5.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.10.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.22.23-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0.68-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.4.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.30.0-7.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.el6sat",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Satellite 6.2 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:0.9.54.7-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.49-1.el7sat",
"version_affected": "!"
},
{
"version_value": "1:1.11.0.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.4-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.7.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0-10.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.5.0-5.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0.56-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.1.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.8-3.el7",
"version_affected": "!"
},
{
"version_value": "0:2016.5-3.atomic.el7",
"version_affected": "!"
},
{
"version_value": "0:2.8.3.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.1.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.1.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.8.3.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.8.6-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.3-10.el7sat",
"version_affected": "!"
},
{
"version_value": "0:4.2.1-1.20140510git08b00d9.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.5.1-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.30-11.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.4-13.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.9-16.el7",
"version_affected": "!"
},
{
"version_value": "0:0.30-5.el7",
"version_affected": "!"
},
{
"version_value": "0:0.30-4.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.14-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.3-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.5-4.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.3.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.2.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.2-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.2.0-21.1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.2.0.11-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.2.0.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.8.11-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.1.0.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.0.0.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.1.11-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.11-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.3.17-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.10-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.0.11-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.14.6-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.25-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1.11-4.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.0.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.2.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.5.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.10.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.22.23-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0.68-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.4.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.30.0-7.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.el7sat",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -595,56 +63,20 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2016:1501"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-3107",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3107"
},
{
"url": "https://bugzilla.redhat.com/attachment.cgi?id=1146471",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/attachment.cgi?id=1146471"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1325930",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1325930"
},
{
"url": "https://pulp.plan.io/issues/1833",
"refsource": "MISC",
"name": "https://pulp.plan.io/issues/1833"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Jeremy Cline (Red Hat) and Randy Barlow (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1325930",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1325930"
}
]
}

131
2016/3xxx/CVE-2016-3697.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3697",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,47 +27,71 @@
}
]
},
"references": {
"reference_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"name": "RHSA-2016:1034",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1034.html"
},
"vendor_name": "n/a",
"product": {
"product_data": [
{
"name": "https://github.com/opencontainers/runc/releases/tag/v0.1.0",
"refsource": "CONFIRM",
"url": "https://github.com/opencontainers/runc/releases/tag/v0.1.0"
},
"product_name": "n/a",
"version": {
"version_data": [
{
"name": "openSUSE-SU-2016:1417",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html"
},
{
"name": "https://github.com/docker/docker/issues/21436",
"refsource": "CONFIRM",
"url": "https://github.com/docker/docker/issues/21436"
},
{
"name": "https://github.com/opencontainers/runc/pull/708",
"refsource": "CONFIRM",
"url": "https://github.com/opencontainers/runc/pull/708"
},
{
"name": "RHSA-2016:2634",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2634.html"
},
{
"name": "https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091",
"refsource": "CONFIRM",
"url": "https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091"
},
{
"name": "GLSA-201612-28",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-28"
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-1034.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1034.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-2634.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2634.html"
},
{
"url": "https://github.com/docker/docker/issues/21436",
"refsource": "MISC",
"name": "https://github.com/docker/docker/issues/21436"
},
{
"url": "https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091",
"refsource": "MISC",
"name": "https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091"
},
{
"url": "https://github.com/opencontainers/runc/pull/708",
"refsource": "MISC",
"name": "https://github.com/opencontainers/runc/pull/708"
},
{
"url": "https://github.com/opencontainers/runc/releases/tag/v0.1.0",
"refsource": "MISC",
"name": "https://github.com/opencontainers/runc/releases/tag/v0.1.0"
},
{
"url": "https://security.gentoo.org/glsa/201612-28",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201612-28"
}
]
}

65
2016/3xxx/CVE-2016-3702.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3702",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,12 +27,36 @@
}
]
},
"references": {
"reference_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1330179",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330179"
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330179",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1330179"
}
]
}

131
2016/3xxx/CVE-2016-3706.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3706",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,47 +27,71 @@
}
]
},
"references": {
"reference_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"name": "openSUSE-SU-2016:1779",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html"
},
"vendor_name": "n/a",
"product": {
"product_data": [
{
"name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9",
"refsource": "CONFIRM",
"url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9"
},
"product_name": "n/a",
"version": {
"version_data": [
{
"name": "88440",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88440"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=20010",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20010"
},
{
"name": "https://source.android.com/security/bulletin/2017-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-12-01"
},
{
"name": "openSUSE-SU-2016:1527",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html"
},
{
"name": "102073",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102073"
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html"
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
"refsource": "MISC",
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"url": "http://www.securityfocus.com/bid/102073",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/102073"
},
{
"url": "http://www.securityfocus.com/bid/88440",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/88440"
},
{
"url": "https://source.android.com/security/bulletin/2017-12-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2017-12-01"
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20010",
"refsource": "MISC",
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=20010"
},
{
"url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9",
"refsource": "MISC",
"name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9"
}
]
}

54
2016/3xxx/CVE-2016-3707.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the way the realtime kernel processed specially crafted ICMP echo requests. A remote attacker could use this flaw to trigger a sysrql function based on values in the ICMP packet, allowing them to remotely restart the system. Note that this feature is not enabled by default and requires elevated privileges to be configured."
"value": "The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information",
"cweId": "CWE-312"
"value": "n/a"
}
]
}
@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-327.22.2.rt56.230.el7_2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-327.rt56.190.el6rt",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -95,41 +83,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1341"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-3707",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3707"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327484",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1327484"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
]
}
}

58
2016/3xxx/CVE-2016-3708.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in OpenShift Enterprise when multi-tenant SDN is enabled and a build is run within a namespace that would normally be isolated from pods in other namespaces. If an s2i build is run in such an environment the container being built can access network resources on pods that should not be available to it."
"value": "Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Access Control",
"cweId": "CWE-284"
"value": "n/a"
}
]
}
@ -32,20 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 3.2",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.2.0.44-1.git.0.a4463d9.el7",
"version_affected": "!"
},
{
"version_value": "0:1.4.7-1.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -62,47 +57,6 @@
"url": "https://access.redhat.com/errata/RHSA-2016:1094",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1094"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-3708",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3708"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331229",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1331229"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Ben Parees (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
]
}

271
2016/3xxx/CVE-2016-3710.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3710",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,117 +27,141 @@
}
]
},
"references": {
"reference_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"name": "http://xenbits.xen.org/xsa/advisory-179.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-179.html"
},
"vendor_name": "n/a",
"product": {
"product_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
"product_name": "n/a",
"version": {
"version_data": [
{
"name": "RHSA-2016:0999",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0999.html"
},
{
"name": "90316",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90316"
},
{
"name": "RHSA-2016:0725",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0725.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1000",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1000.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"name": "http://support.citrix.com/article/CTX212736",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX212736"
},
{
"name": "RHSA-2016:1002",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1002.html"
},
{
"name": "RHSA-2016:1001",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1001.html"
},
{
"name": "RHSA-2016:0997",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0997.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862"
},
{
"name": "1035794",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035794"
},
{
"name": "RHSA-2016:1943",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1943.html"
},
{
"name": "RHSA-2016:1019",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1019.html"
},
{
"name": "USN-2974-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "[oss-security] 20160509 CVE-2016-3710 Qemu: vga: out-of-bounds r/w access issue",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/09/3"
},
{
"name": "RHSA-2016:0724",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0724.html"
},
{
"name": "[Qemu-devel] 20160509 [PULL 1/5] vga: fix banked access bounds checking (CVE-2016-3710)",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html"
},
{
"name": "RHSA-2016:1224",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1224"
},
{
"name": "DSA-3573",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3573"
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "http://www.ubuntu.com/usn/USN-2974-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-0724.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0724.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-0725.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0725.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-0997.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0997.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-0999.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0999.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-1000.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1000.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-1001.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1001.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-1002.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1002.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-1019.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1019.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-1943.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1943.html"
},
{
"url": "http://support.citrix.com/article/CTX212736",
"refsource": "MISC",
"name": "http://support.citrix.com/article/CTX212736"
},
{
"url": "http://www.debian.org/security/2016/dsa-3573",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3573"
},
{
"url": "http://www.openwall.com/lists/oss-security/2016/05/09/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/05/09/3"
},
{
"url": "http://www.securityfocus.com/bid/90316",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/90316"
},
{
"url": "http://www.securitytracker.com/id/1035794",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1035794"
},
{
"url": "http://xenbits.xen.org/xsa/advisory-179.html",
"refsource": "MISC",
"name": "http://xenbits.xen.org/xsa/advisory-179.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1224",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1224"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html"
}
]
}

52
2016/3xxx/CVE-2016-3711.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An information disclosure flaw was discovered in haproxy as used by OpenShift Enterprise; a cookie with the name \"OPENSHIFT_[namespace]_SERVERID\" was set, which contained the internal IP address of a pod."
"value": "HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the \"OPENSHIFT_[namespace]_SERVERID\" cookie."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
"value": "n/a"
}
]
}
@ -32,20 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 3.2",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:0.0.20-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:1.0.8-2.el7aos",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -63,46 +58,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1064"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-3711",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3711"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1322718",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1322718"
},
{
"url": "https://github.com/openshift/origin/pull/8334",
"refsource": "MISC",
"name": "https://github.com/openshift/origin/pull/8334"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 1.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
]
}
}

75
2016/3xxx/CVE-2016-3712.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU's VGA emulator set certain VGA registers while in VBE mode. A privileged guest user could use this flaw to crash the QEMU process instance."
"value": "Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read",
"cweId": "CWE-125"
"value": "n/a"
}
]
}
@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.503.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:1.5.3-126.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -80,11 +68,6 @@
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2585.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2585",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2585"
},
{
"url": "http://support.citrix.com/article/CTX212736",
"refsource": "MISC",
@ -120,57 +103,11 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/90314"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0621",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0621"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-3712",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3712"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318712",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1318712"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01196.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01196.html"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Zuozhi Fzz (Alibaba Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:N/A:P",
"version": "2.0"
}
]
}
}

70
2016/3xxx/CVE-2016-3716.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to move arbitrary files."
"value": "The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
"value": "n/a"
}
]
}
@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:6.7.2.7-4.el6_7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:6.7.8.9-13.el7_2",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -130,11 +118,6 @@
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2990-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0726",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0726"
},
{
"url": "https://security.gentoo.org/glsa/201611-21",
"refsource": "MISC",
@ -155,52 +138,11 @@
"refsource": "MISC",
"name": "https://www.imagemagick.org/script/changelog.php"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-3716",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3716"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332504",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332504"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\n\nRed Hat Enterprise Linux 6 and 7\n================================\n\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT,\nSHOW, WIN and PLT commands within image files, simply add the following lines:\n\n<policy domain=\"coder\" rights=\"none\" pattern=\"EPHEMERAL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"HTTPS\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"HTTP\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"URL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"FTP\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"MVG\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"MSL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"TEXT\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"LABEL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"SHOW\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"WIN\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"PLT\" />\n<policy domain=\"path\" rights=\"none\" pattern=\"@*\" />\n\nwithin the policy map stanza:\n\n<policymap>\n...\n</policymap>\n\n\nRed Hat Enterprise Linux 5\n==========================\n\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\n\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak"
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}
}

70
2016/3xxx/CVE-2016-3717.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to disclose the contents of arbitrary files."
"value": "The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
"value": "n/a"
}
]
}
@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:6.7.2.7-4.el6_7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:6.7.8.9-13.el7_2",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -135,11 +123,6 @@
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2990-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0726",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0726"
},
{
"url": "https://security.gentoo.org/glsa/201611-21",
"refsource": "MISC",
@ -164,47 +147,6 @@
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-3717",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3717"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332505",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332505"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\n\nRed Hat Enterprise Linux 6 and 7\n================================\n\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT,\nSHOW, WIN and PLT commands within image files, simply add the following lines:\n\n<policy domain=\"coder\" rights=\"none\" pattern=\"EPHEMERAL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"HTTPS\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"HTTP\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"URL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"FTP\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"MVG\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"MSL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"TEXT\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"LABEL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"SHOW\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"WIN\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"PLT\" />\n<policy domain=\"path\" rights=\"none\" pattern=\"@*\" />\n\nwithin the policy map stanza:\n\n<policymap>\n...\n</policymap>\n\n\nRed Hat Enterprise Linux 5\n==========================\n\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\n\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak"
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
]
}

70
2016/3xxx/CVE-2016-3718.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images."
"value": "The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
"value": "n/a"
}
]
}
@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:6.7.2.7-4.el6_7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:6.7.8.9-13.el7_2",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -135,11 +123,6 @@
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2990-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0726",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0726"
},
{
"url": "https://security.gentoo.org/glsa/201611-21",
"refsource": "MISC",
@ -164,47 +147,6 @@
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-3718",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3718"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332802",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332802"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\n\nRed Hat Enterprise Linux 6 and 7\n================================\n\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT,\nSHOW, WIN and PLT commands within image files, simply add the following lines:\n\n<policy domain=\"coder\" rights=\"none\" pattern=\"EPHEMERAL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"HTTPS\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"HTTP\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"URL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"FTP\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"MVG\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"MSL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"TEXT\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"LABEL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"SHOW\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"WIN\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"PLT\" />\n<policy domain=\"path\" rights=\"none\" pattern=\"@*\" />\n\nwithin the policy map stanza:\n\n<policymap>\n...\n</policymap>\n\n\nRed Hat Enterprise Linux 5\n==========================\n\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\n\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak"
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

585
2016/3xxx/CVE-2016-3728.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was found that the \u201cvariant\u201d parameter in the TFTP API of Foreman was passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary code with the privileges of the Foreman user."
"value": "Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
"value": "n/a"
}
]
}
@ -32,547 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 6.2 for RHEL 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:0.9.54.7-1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.49-1.el6sat",
"version_affected": "!"
},
{
"version_value": "1:1.11.0.9-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.4-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.7.6-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0-10.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.5.0-5.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.0-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0.56-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.1.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.8.3.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.1.1-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.1-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.8.3.5-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.8.6-2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.3-10.el6",
"version_affected": "!"
},
{
"version_value": "0:4.2.1-1.20140510git08b00d9.el6_6sat",
"version_affected": "!"
},
{
"version_value": "0:3.1.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.5.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.30-9.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.30-11.el6",
"version_affected": "!"
},
{
"version_value": "0:0.4-13.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.9-16.el6",
"version_affected": "!"
},
{
"version_value": "0:0.30-5.el6",
"version_affected": "!"
},
{
"version_value": "0:0.30-4.el6",
"version_affected": "!"
},
{
"version_value": "0:0.0.14-2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.6-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.10.0-1.el6_6sat",
"version_affected": "!"
},
{
"version_value": "1:1.3.6-27.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.3-3.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.5-4.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.3.6-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.2.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.2-2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.3-18.el6sat",
"version_affected": "!"
},
{
"version_value": "0:6.2.0-21.1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:6.2.0.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.2.0.9-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.8.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:6.1.0.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:5.0.0.8-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.1.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.3.17-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.10-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.0.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.14.6-3.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.25-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1.11-4.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.0.1-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1.9-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.2.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.5.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.10.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.22.23-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0.68-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.4.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.30.0-7.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.el6sat",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Satellite 6.2 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:0.9.54.7-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.49-1.el7sat",
"version_affected": "!"
},
{
"version_value": "1:1.11.0.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.4-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.7.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0-10.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.5.0-5.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0.56-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.1.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.8-3.el7",
"version_affected": "!"
},
{
"version_value": "0:2016.5-3.atomic.el7",
"version_affected": "!"
},
{
"version_value": "0:2.8.3.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.1.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.1.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.8.3.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.8.6-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.3-10.el7sat",
"version_affected": "!"
},
{
"version_value": "0:4.2.1-1.20140510git08b00d9.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.5.1-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.30-11.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.4-13.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.9-16.el7",
"version_affected": "!"
},
{
"version_value": "0:0.30-5.el7",
"version_affected": "!"
},
{
"version_value": "0:0.30-4.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.14-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.3-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.5-4.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.3.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.2.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.2-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.2.0-21.1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.2.0.11-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.2.0.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.8.11-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.1.0.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.0.0.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.1.11-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.11-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.3.17-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.10-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.0.11-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.14.6-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.25-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1.11-4.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.0.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.2.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.5.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.10.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.22.23-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0.68-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.4.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.30.0-7.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.el7sat",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -605,52 +73,11 @@
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/05/19/2"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-3728",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3728"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333378",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1333378"
},
{
"url": "https://github.com/theforeman/smart-proxy/commit/eef532aa668d656b9d61d9c6edf7c2505f3f43c7",
"refsource": "MISC",
"name": "https://github.com/theforeman/smart-proxy/commit/eef532aa668d656b9d61d9c6edf7c2505f3f43c7"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank the Foreman project for reporting this issue. Upstream acknowledges Lukas Zapletal (Red Hat) as the original reporter."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}
}

91
2016/3xxx/CVE-2016-3737.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3737",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,27 +27,51 @@
}
]
},
"references": {
"reference_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"name": "https://www.tenable.com/security/research/tra-2016-22",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2016-22"
},
"vendor_name": "n/a",
"product": {
"product_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1333618",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333618"
},
"product_name": "n/a",
"version": {
"version_data": [
{
"name": "RHSA-2016:1519",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1519.html"
},
{
"name": "1036507",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036507"
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.tenable.com/security/research/tra-2016-22",
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2016-22"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-1519.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1519.html"
},
{
"url": "http://www.securitytracker.com/id/1036507",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1036507"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333618",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1333618"
}
]
}

81
2017/7xxx/CVE-2017-7554.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7554",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,22 +27,46 @@
}
]
},
"references": {
"reference_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"name": "RHSA-2017:2674",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2674"
},
"vendor_name": "n/a",
"product": {
"product_data": [
{
"name": "RHSA-2017:2675",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2675"
},
"product_name": "n/a",
"version": {
"version_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1478770",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1478770"
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2017:2674",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2674"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2675",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2675"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1478770",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1478770"
}
]
}

71
2017/7xxx/CVE-2017-7556.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-08-09T00:00:00",
"ID": "CVE-2017-7556",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "hawtio",
"version": {
"version_data": [
{
"version_value": "up to and including 1.5.3"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,23 +21,48 @@
"description": [
{
"lang": "eng",
"value": "CWE-352"
"value": "CWE-352",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "hawtio",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "up to and including 1.5.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1480060",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480060"
"url": "http://www.securityfocus.com/bid/100411",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/100411"
},
{
"name": "100411",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100411"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480060",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1480060"
}
]
}

41
2017/7xxx/CVE-2017-7558.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read",
"value": "CWE-125",
"cweId": "CWE-125"
}
]
@ -32,31 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.5.2.rt56.626.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-693.5.2.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-693.5.2.rt56.592.el6rt",
"version_affected": "!"
"version_affected": "=",
"version_value": "4.7-rc1 through 4.13"
}
]
}
@ -99,16 +84,6 @@
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1039221"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-7558",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-7558"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480266",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1480266"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7558",
"refsource": "MISC",
@ -126,12 +101,6 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Stefano Brivio (Red Hat)."
}
],
"impact": {
"cvss": [
{

69
2017/7xxx/CVE-2017-7560.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-08-11T00:00:00",
"ID": "CVE-2017-7560",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rhnsd",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,18 +21,43 @@
"description": [
{
"lang": "eng",
"value": "CWE-377"
"value": "CWE-377",
"cweId": "CWE-377"
}
]
}
]
},
"references": {
"reference_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1480550",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480550"
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "rhnsd",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480550",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1480550"
}
]
}

31
2017/7xxx/CVE-2017-7562.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances."
"value": "An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances."
}
]
},
@ -21,7 +21,16 @@
"description": [
{
"lang": "eng",
"value": "Improper Authentication",
"value": "CWE-295",
"cweId": "CWE-295"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-287",
"cweId": "CWE-287"
}
]
@ -32,16 +41,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "MIT",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "krb5",
"version": {
"version_data": [
{
"version_value": "0:1.15.1-18.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "1.16.1"
}
]
}
@ -64,16 +73,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0666"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-7562",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-7562"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1485510",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1485510"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7562",
"refsource": "MISC",

84
2021/3xxx/CVE-2021-3527.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3527",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
@ -30,67 +52,47 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955695",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1955695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955695"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1955695"
},
{
"url": "https://www.openwall.com/lists/oss-security/2021/05/05/5",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2021/05/05/5",
"url": "https://www.openwall.com/lists/oss-security/2021/05/05/5"
"name": "https://www.openwall.com/lists/oss-security/2021/05/05/5"
},
{
"url": "https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986",
"refsource": "MISC",
"name": "https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986",
"url": "https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986"
"name": "https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986"
},
{
"url": "https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c",
"refsource": "MISC",
"name": "https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c",
"url": "https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c"
"name": "https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210708-0008/",
"url": "https://security.netapp.com/advisory/ntap-20210708-0008/"
"url": "https://security.gentoo.org/glsa/202208-27",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202208-27"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210902 [SECURITY] [DLA 2753-1] qemu security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html"
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202208-27",
"url": "https://security.gentoo.org/glsa/202208-27"
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service."
"url": "https://security.netapp.com/advisory/ntap-20210708-0008/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20210708-0008/"
}
]
}

64
2021/3xxx/CVE-2021-3530.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3530",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-674",
"cweId": "CWE-674"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "GNU Binutils version before and including 2.36"
}
]
@ -30,47 +52,27 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-674"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956423",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956423"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956423"
},
{
"url": "https://security.gentoo.org/glsa/202208-30",
"refsource": "MISC",
"name": "https://src.fedoraproject.org/rpms/binutils/blob/rawhide/f/binutils-CVE-2021-3530.patch",
"url": "https://src.fedoraproject.org/rpms/binutils/blob/rawhide/f/binutils-CVE-2021-3530.patch"
"name": "https://security.gentoo.org/glsa/202208-30"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210716-0006/",
"url": "https://security.netapp.com/advisory/ntap-20210716-0006/"
"url": "https://security.netapp.com/advisory/ntap-20210716-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20210716-0006/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202208-30",
"url": "https://security.gentoo.org/glsa/202208-30"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash."
"url": "https://src.fedoraproject.org/rpms/binutils/blob/rawhide/f/binutils-CVE-2021-3530.patch",
"refsource": "MISC",
"name": "https://src.fedoraproject.org/rpms/binutils/blob/rawhide/f/binutils-CVE-2021-3530.patch"
}
]
}

48
2021/3xxx/CVE-2021-3532.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3532",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ansible Tower 3.7 and Ansible Automation Platform 1.2"
}
]
@ -30,32 +52,12 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956464",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956464"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2."
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956464"
}
]
}

48
2021/3xxx/CVE-2021-3533.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3533",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-367",
"cweId": "CWE-367"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ansible Tower 3.7 and Ansible Automation Platform 1.2"
}
]
@ -30,32 +52,12 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-367"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956477",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956477",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956477"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2."
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956477"
}
]
}

56
2021/3xxx/CVE-2021-3538.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3538",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-338",
"cweId": "CWE-338"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All satori/go.uuid versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45"
}
]
@ -30,42 +52,22 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-338"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954376",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1954376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954376"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1954376"
},
{
"url": "https://github.com/satori/go.uuid/issues/73",
"refsource": "MISC",
"name": "https://github.com/satori/go.uuid/issues/73",
"url": "https://github.com/satori/go.uuid/issues/73"
"name": "https://github.com/satori/go.uuid/issues/73"
},
{
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488",
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker."
"name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488"
}
]
}

72
2021/3xxx/CVE-2021-3544.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3544",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401",
"cweId": "CWE-401"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All QEMU versions up to and including 6.0"
}
]
@ -30,52 +52,32 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[oss-security] 20210531 QEMU: security issues in vhost-user-gpu",
"url": "http://www.openwall.com/lists/oss-security/2021/05/31/1"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958935",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1958935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958935"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1958935"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210720-0008/",
"url": "https://security.netapp.com/advisory/ntap-20210720-0008/"
"url": "https://security.gentoo.org/glsa/202208-27",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202208-27"
},
{
"refsource": "DEBIAN",
"name": "DSA-4980",
"url": "https://www.debian.org/security/2021/dsa-4980"
"url": "https://security.netapp.com/advisory/ntap-20210720-0008/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20210720-0008/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202208-27",
"url": "https://security.gentoo.org/glsa/202208-27"
}
]
"url": "http://www.openwall.com/lists/oss-security/2021/05/31/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2021/05/31/1"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime."
"url": "https://www.debian.org/security/2021/dsa-4980",
"refsource": "MISC",
"name": "https://www.debian.org/security/2021/dsa-4980"
}
]
}

72
2021/3xxx/CVE-2021-3545.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3545",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-908->CWE-200",
"cweId": "CWE-908"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All QEMU versions up to and including 6.0"
}
]
@ -30,52 +52,32 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-908->CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[oss-security] 20210531 QEMU: security issues in vhost-user-gpu",
"url": "http://www.openwall.com/lists/oss-security/2021/05/31/1"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958955",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1958955",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958955"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1958955"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210720-0008/",
"url": "https://security.netapp.com/advisory/ntap-20210720-0008/"
"url": "https://security.gentoo.org/glsa/202208-27",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202208-27"
},
{
"refsource": "DEBIAN",
"name": "DSA-4980",
"url": "https://www.debian.org/security/2021/dsa-4980"
"url": "https://security.netapp.com/advisory/ntap-20210720-0008/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20210720-0008/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202208-27",
"url": "https://security.gentoo.org/glsa/202208-27"
}
]
"url": "http://www.openwall.com/lists/oss-security/2021/05/31/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2021/05/31/1"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host."
"url": "https://www.debian.org/security/2021/dsa-4980",
"refsource": "MISC",
"name": "https://www.debian.org/security/2021/dsa-4980"
}
]
}

72
2021/3xxx/CVE-2021-3546.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3546",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All QEMU versions up to and including 6.0"
}
]
@ -30,52 +52,32 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[oss-security] 20210531 QEMU: security issues in vhost-user-gpu",
"url": "http://www.openwall.com/lists/oss-security/2021/05/31/1"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958978",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1958978",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958978"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1958978"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210720-0008/",
"url": "https://security.netapp.com/advisory/ntap-20210720-0008/"
"url": "https://security.gentoo.org/glsa/202208-27",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202208-27"
},
{
"refsource": "DEBIAN",
"name": "DSA-4980",
"url": "https://www.debian.org/security/2021/dsa-4980"
"url": "https://security.netapp.com/advisory/ntap-20210720-0008/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20210720-0008/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202208-27",
"url": "https://security.gentoo.org/glsa/202208-27"
}
]
"url": "http://www.openwall.com/lists/oss-security/2021/05/31/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2021/05/31/1"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process."
"url": "https://www.debian.org/security/2021/dsa-4980",
"refsource": "MISC",
"name": "https://www.debian.org/security/2021/dsa-4980"
}
]
}

48
2021/3xxx/CVE-2021-3548.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3548",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in dmg2img through 20170502. dmg2img did not validate the size of the read buffer during memcpy() inside the main() function. This possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "dmg2img through 20170502"
}
]
@ -30,32 +52,12 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959585",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1959585",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959585"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in dmg2img through 20170502. dmg2img did not validate the size of the read buffer during memcpy() inside the main() function. This possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution."
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1959585"
}
]
}

54
2021/3xxx/CVE-2021-3549.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3549",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "GNU binutils version 2.36"
}
]
@ -30,37 +52,17 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960717",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1960717",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960717"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1960717"
},
{
"refsource": "GENTOO",
"name": "GLSA-202208-30",
"url": "https://security.gentoo.org/glsa/202208-30"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability."
"url": "https://security.gentoo.org/glsa/202208-30",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202208-30"
}
]
}

74
2021/3xxx/CVE-2021-3561.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3561",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "fig2dev 3.2.8a"
}
]
@ -30,57 +52,37 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sourceforge.net/p/mcj/tickets/116/",
"refsource": "MISC",
"name": "https://sourceforge.net/p/mcj/tickets/116/",
"url": "https://sourceforge.net/p/mcj/tickets/116/"
"name": "https://sourceforge.net/p/mcj/tickets/116/"
},
{
"url": "https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/",
"refsource": "MISC",
"name": "https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/",
"url": "https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/"
"name": "https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955675",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1955675",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955675"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1955675"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-dab56300b1",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKMOIQX6GULVSYXLYW5JQY6KJNTWV3E4/"
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00002.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2021/10/msg00002.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-b71f405f40",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C44WSY5KAQXC3Y2NMSVXXZS3M5U5U2E6/"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C44WSY5KAQXC3Y2NMSVXXZS3M5U5U2E6/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C44WSY5KAQXC3Y2NMSVXXZS3M5U5U2E6/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211004 [SECURITY] [DLA 2778-1] fig2dev security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00002.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability."
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKMOIQX6GULVSYXLYW5JQY6KJNTWV3E4/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKMOIQX6GULVSYXLYW5JQY6KJNTWV3E4/"
}
]
}

60
2021/3xxx/CVE-2021-3563.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3563",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 - Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Not-known"
}
]
@ -30,47 +52,27 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 - Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugs.launchpad.net/ossa/+bug/1901891",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/ossa/+bug/1901891",
"url": "https://bugs.launchpad.net/ossa/+bug/1901891"
"name": "https://bugs.launchpad.net/ossa/+bug/1901891"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962908",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1962908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962908"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1962908"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-3563",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3563",
"url": "https://access.redhat.com/security/cve/CVE-2021-3563"
"name": "https://access.redhat.com/security/cve/CVE-2021-3563"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2021-3563",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2021-3563",
"url": "https://security-tracker.debian.org/tracker/CVE-2021-3563"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity."
"name": "https://security-tracker.debian.org/tracker/CVE-2021-3563"
}
]
}

96
2021/3xxx/CVE-2021-3564.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system."
"value": "A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Double Free",
"value": "CWE-415",
"cweId": "CWE-415"
}
]
@ -32,35 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-1160.59.1.rt56.1200.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-1160.59.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:4.18.0-348.rt7.130.el8",
"version_affected": "!"
},
{
"version_value": "0:4.18.0-348.el8",
"version_affected": "!"
"version_affected": "=",
"version_value": "All Linux kernel versions starting from 3.13"
}
]
}
@ -73,6 +54,11 @@
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964139",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1964139"
},
{
"url": "https://www.openwall.com/lists/oss-security/2021/05/25/1",
"refsource": "MISC",
@ -88,16 +74,6 @@
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:4140",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:4140"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:4356",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:4356"
},
{
"url": "http://www.openwall.com/lists/oss-security/2021/05/25/1",
"refsource": "MISC",
@ -107,56 +83,6 @@
"url": "http://www.openwall.com/lists/oss-security/2021/06/01/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2021/06/01/2"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:0620",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:0620"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:0622",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:0622"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-3564",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3564"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964139",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1964139"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank HaoXiong, LinMa (ckSec) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
]
}

50
2021/3xxx/CVE-2021-3575.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A heap-based buffer overflow was found in OpenJPEG. This flaw allows an attacker to execute arbitrary code with the permissions of the application compiled against OpenJPEG."
"value": "A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write",
"value": "CWE-787",
"cweId": "CWE-787"
}
]
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"product_name": "OpenJPEG",
"version": {
"version_data": [
{
"version_value": "0:2.4.0-4.el8",
"version_affected": "!"
"version_affected": "=",
"version_value": "Afeects v2.4.0 and prior."
}
]
}
@ -54,6 +54,11 @@
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957616",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1957616"
},
{
"url": "https://github.com/uclouvain/openjpeg/issues/1347",
"refsource": "MISC",
@ -64,21 +69,6 @@
"refsource": "MISC",
"name": "https://ubuntu.com/security/CVE-2021-3575"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:4251",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:4251"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-3575",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3575"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957616",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1957616"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/",
"refsource": "MISC",
@ -90,23 +80,5 @@
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

64
2021/3xxx/CVE-2021-3585.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3585",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Fixed in openstack-tripleo-heat-templates-8.4.1"
}
]
@ -30,52 +52,32 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961709",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1961709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961709"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1961709"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968247",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1968247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968247"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1968247"
},
{
"url": "https://bugs.launchpad.net/tripleo/+bug/1931132",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/tripleo/+bug/1931132",
"url": "https://bugs.launchpad.net/tripleo/+bug/1931132"
"name": "https://bugs.launchpad.net/tripleo/+bug/1931132"
},
{
"url": "https://review.opendev.org/c/openstack/tripleo-heat-templates/+/791988",
"refsource": "MISC",
"name": "https://review.opendev.org/c/openstack/tripleo-heat-templates/+/791988",
"url": "https://review.opendev.org/c/openstack/tripleo-heat-templates/+/791988"
"name": "https://review.opendev.org/c/openstack/tripleo-heat-templates/+/791988"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-3585",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3585",
"url": "https://access.redhat.com/security/cve/CVE-2021-3585"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager."
"name": "https://access.redhat.com/security/cve/CVE-2021-3585"
}
]
}

52
2021/3xxx/CVE-2021-3589.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3589",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 - Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Affects foreman_ansible-2.0.0 and above."
}
]
@ -30,37 +52,17 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 - Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2021-3589",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3589",
"url": "https://access.redhat.com/security/cve/CVE-2021-3589"
"name": "https://access.redhat.com/security/cve/CVE-2021-3589"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1969265",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1969265",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1969265"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1969265"
}
]
}

52
2021/3xxx/CVE-2021-3590.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3590",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Affects foreman-1.6.0 onwards"
}
]
@ -30,37 +52,17 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1969258",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1969258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1969258"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1969258"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-3590",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3590",
"url": "https://access.redhat.com/security/cve/CVE-2021-3590"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
"name": "https://access.redhat.com/security/cve/CVE-2021-3590"
}
]
}

143
2021/3xxx/CVE-2021-3609.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges."
"value": ".A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
"value": "CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
"cweId": "CWE-362"
}
]
@ -32,57 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "0:4.18.0-305.12.1.rt7.84.el8_4",
"version_affected": "!"
},
{
"version_value": "0:4.18.0-305.12.1.el8_4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:4.18.0-147.54.2.el8_1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:4.18.0-193.64.1.rt13.115.el8_2",
"version_affected": "!"
},
{
"version_value": "0:4.18.0-193.64.1.el8_2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:4.4.7-20210804.0.el8_4",
"version_affected": "!"
"version_affected": "=",
"version_value": "Affects kernel v2.6.25 to v5.13-rc6"
}
]
}
@ -95,6 +54,11 @@
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971651",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1971651"
},
{
"url": "https://www.openwall.com/lists/oss-security/2021/06/19/1",
"refsource": "MISC",
@ -110,96 +74,11 @@
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/d5f9023fa61ee8b94f37a93f08e94b136cf1e463"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:3044",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:3044"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:3057",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:3057"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:3088",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:3088"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:3235",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:3235"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:3363",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:3363"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:3375",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:3375"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:3380",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:3380"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:3442",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:3442"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:3444",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:3444"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-3609",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3609"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971651",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1971651"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220419-0004/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20220419-0004/"
}
]
},
"work_around": [
{
"lang": "en",
"value": "As the CAN module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\n\n# echo \"install can-bcm /bin/true\" >> /etc/modprobe.d/disable-can-bcm.conf\n\nThe system will need to be restarted if the CAN modules are loaded. In most circumstances, the CAN kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use.\n\nIf the system requires this module to work correctly, this mitigation may not be suitable.\n\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services."
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Norbert Slusarek for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

58
2021/3xxx/CVE-2021-3611.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability."
"value": "A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write",
"cweId": "CWE-787"
"value": "CWE-119",
"cweId": "CWE-119"
}
]
}
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 9",
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "17:7.0.0-13.el9",
"version_affected": "!"
"version_affected": "=",
"version_value": "QEMU versions prior to 7.0.0"
}
]
}
@ -54,26 +54,16 @@
},
"references": {
"reference_data": [
{
"url": "https://security.gentoo.org/glsa/202208-27",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202208-27"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:7967",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:7967"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-3611",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3611"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973784",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1973784"
},
{
"url": "https://security.gentoo.org/glsa/202208-27",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202208-27"
},
{
"url": "https://gitlab.com/qemu-project/qemu/-/issues/542",
"refsource": "MISC",
@ -85,29 +75,5 @@
"name": "https://security.netapp.com/advisory/ntap-20220624-0001/"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
]
}
}

167
2021/3xxx/CVE-2021-3620.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Generation of Error Message Containing Sensitive Information",
"value": "CWE-209 - Generation of Error Message Containing Sensitive Information",
"cweId": "CWE-209"
}
]
@ -32,109 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Ansible Automation Platform 2.0 for RHEL 8",
"product_name": "ansible",
"version": {
"version_data": [
{
"version_value": "0:2.9.27-1.el8ap",
"version_affected": "!"
},
{
"version_value": "0:2.11.6-1.el8ap",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Ansible Engine 2.9 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2.9.27-1.el7ae",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Ansible Engine 2.9 for RHEL 8",
"version": {
"version_data": [
{
"version_value": "0:2.9.27-1.el8ae",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Ansible Engine 2 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2.9.27-1.el7ae",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Ansible Engine 2 for RHEL 8",
"version": {
"version_data": [
{
"version_value": "0:2.9.27-1.el8ae",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:2.9.27-1.el8ae",
"version_affected": "!"
},
{
"version_value": "0:1.6.5-1.el8ev",
"version_affected": "!"
},
{
"version_value": "0:4.4.9-202111172338_8.5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:1.6.5-1.el8ev",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization Engine 4.4",
"version": {
"version_data": [
{
"version_value": "0:2.9.27-1.el8ae",
"version_affected": "!"
},
{
"version_value": "0:1.6.5-1.el8ev",
"version_affected": "!"
"version_affected": "=",
"version_value": "Fixed in Ansible Engine v2.9.27"
}
]
}
@ -147,6 +54,11 @@
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767"
},
{
"url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes",
"refsource": "MISC",
@ -156,65 +68,6 @@
"url": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0",
"refsource": "MISC",
"name": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:3871",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:3871"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:3872",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:3872"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:3874",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:3874"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:4703",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:4703"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:4750",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:4750"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-3620",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3620"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Dalton Rardin for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

48
2021/3xxx/CVE-2021-3624.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3624",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20->CWE-190->CWE-787",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "dcraw 9.28-2"
}
]
@ -30,32 +52,12 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20->CWE-190->CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984761",
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984761",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984761"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system."
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984761"
}
]
}

64
2021/3xxx/CVE-2021-3632.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3632",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 - Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Fixed in v15.1.0"
}
]
@ -30,52 +52,32 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 - Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://issues.redhat.com/browse/KEYCLOAK-18500",
"refsource": "MISC",
"name": "https://issues.redhat.com/browse/KEYCLOAK-18500",
"url": "https://issues.redhat.com/browse/KEYCLOAK-18500"
"name": "https://issues.redhat.com/browse/KEYCLOAK-18500"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978196",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1978196",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978196"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1978196"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-3632",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3632",
"url": "https://access.redhat.com/security/cve/CVE-2021-3632"
"name": "https://access.redhat.com/security/cve/CVE-2021-3632"
},
{
"url": "https://github.com/keycloak/keycloak/pull/8203",
"refsource": "MISC",
"name": "https://github.com/keycloak/keycloak/pull/8203",
"url": "https://github.com/keycloak/keycloak/pull/8203"
"name": "https://github.com/keycloak/keycloak/pull/8203"
},
{
"url": "https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4",
"refsource": "MISC",
"name": "https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4",
"url": "https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow."
"name": "https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4"
}
]
}

74
2021/3xxx/CVE-2021-3638.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3638",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 - Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Affects qemu v4.0 to v6.1"
}
]
@ -30,57 +52,37 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 - Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1979858",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1979858",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1979858"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1979858"
},
{
"url": "https://ubuntu.com/security/CVE-2021-3638",
"refsource": "MISC",
"name": "https://ubuntu.com/security/CVE-2021-3638",
"url": "https://ubuntu.com/security/CVE-2021-3638"
"name": "https://ubuntu.com/security/CVE-2021-3638"
},
{
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg01682.html",
"refsource": "MISC",
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg01682.html",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg01682.html"
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg01682.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220407-0003/",
"url": "https://security.netapp.com/advisory/ntap-20220407-0003/"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-22b1f8dae2",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2023-c8a60f6f80",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service."
"url": "https://security.netapp.com/advisory/ntap-20220407-0003/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20220407-0003/"
}
]
}

43
2021/3xxx/CVE-2021-3639.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "URL Redirection to Untrusted Site ('Open Redirect')",
"value": "CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')",
"cweId": "CWE-601"
}
]
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"product_name": "mod_auth_mellon",
"version": {
"version_data": [
{
"version_value": "0:0.14.0-12.el8.1",
"version_affected": "!"
"version_affected": "=",
"version_value": "Fixed in v0.18.0"
}
]
}
@ -54,6 +54,11 @@
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980648",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1980648"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-3639",
"refsource": "MISC",
@ -63,34 +68,6 @@
"url": "https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5",
"refsource": "MISC",
"name": "https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:1934",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:1934"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980648",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1980648"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
]
}