admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-02 21:02:25 +00:00
parent a327e27148
commit 5017acfadc
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
54 changed files with 3791 additions and 1253 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

202
2016/8xxx/CVE-2016-8650.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8650",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent."
"value": "A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key."
}
]
},
@ -44,73 +21,168 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-754.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.16.1.rt56.437.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-514.16.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-514.rt56.219.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/f5527fffff3f002b0a6b376163613b82f69de073",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/f5527fffff3f002b0a6b376163613b82f69de073"
"url": "https://access.redhat.com/errata/RHSA-2018:1854",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
"url": "http://www.securitytracker.com/id/1037968",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037968"
},
{
"name": "20161115 OS-S 2016-21 - Local DoS: Linux Kernel Nullpointer Dereference via keyctl",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Nov/76"
"url": "https://source.android.com/security/bulletin/2017-03-01.html",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2017-03-01.html"
},
{
"name": "[oss-security] 20161125 Linux kernel: CVE-2016-8650 : Local denial of service with in key subsystem",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/24/8"
"url": "https://access.redhat.com/errata/RHSA-2017:0931",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0931"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1395187",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395187"
"url": "https://access.redhat.com/errata/RHSA-2017:0932",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0932"
},
{
"name": "RHSA-2018:1854",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
"url": "https://access.redhat.com/errata/RHSA-2017:0933",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0933"
},
{
"name": "RHSA-2017:0932",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0932"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5527fffff3f002b0a6b376163613b82f69de073",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5527fffff3f002b0a6b376163613b82f69de073"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5527fffff3f002b0a6b376163613b82f69de073",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5527fffff3f002b0a6b376163613b82f69de073"
"url": "http://seclists.org/fulldisclosure/2016/Nov/76",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2016/Nov/76"
},
{
"name": "RHSA-2017:0933",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0933"
"url": "http://www.openwall.com/lists/oss-security/2016/11/24/8",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/11/24/8"
},
{
"name": "RHSA-2017:0931",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0931"
"url": "http://www.securityfocus.com/bid/94532",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94532"
},
{
"name": "94532",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94532"
"url": "https://access.redhat.com/security/cve/CVE-2016-8650",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8650"
},
{
"name": "https://source.android.com/security/bulletin/2017-03-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395187",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1395187"
},
{
"url": "https://github.com/torvalds/linux/commit/f5527fffff3f002b0a6b376163613b82f69de073",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/f5527fffff3f002b0a6b376163613b82f69de073"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
}

349
2016/8xxx/CVE-2016-8657.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8657",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,48 +21,322 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5",
"version": {
"version_data": [
{
"version_value": "0:5.2.0-23.ep5.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:5.2.0-23.ep5.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5",
"version": {
"version_data": [
{
"version_value": "0:2.7.18-6.SP5_redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:2.3.25-19.SP17_redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:5.2.21-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:7.5.14-2.Final_redhat_2.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:1.3.8-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:1.1.7-1.SP1_redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:3.3.9-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "1:4.17.39-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:7.5.21-2.Final_redhat_2.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:4.1.4-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:2.3.17-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:1.1.34-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2.7.18-6.SP5_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:2.3.25-19.SP17_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:5.2.21-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:7.5.14-2.Final_redhat_2.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:1.3.8-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:1.1.7-1.SP1_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:3.3.9-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "1:4.17.39-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:7.5.21-2.Final_redhat_2.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:4.1.4-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:2.3.17-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:1.1.34-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:7.5.14-2.Final_redhat_2.ep6.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2.7.18-6.SP5_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:2.3.25-19.SP17_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:5.2.21-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:7.5.14-2.Final_redhat_2.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:1.3.8-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.7-1.SP1_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:3.3.9-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "1:4.17.39-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:7.5.21-2.Final_redhat_2.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:4.1.4-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:2.3.17-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.34-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0828",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0828.html"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0826.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0826.html"
},
{
"name": "RHSA-2017:0827",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0827.html"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0827.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0827.html"
},
{
"name": "RHSA-2018:1609",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1609"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0828.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0828.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8657",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8657"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0829.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0829.html"
},
{
"name": "RHSA-2017:0826",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0826.html"
"url": "http://www.securityfocus.com/bid/96896",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/96896"
},
{
"name": "RHSA-2017:0829",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0829.html"
"url": "https://access.redhat.com/errata/RHSA-2017:0826",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0826"
},
{
"name": "96896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96896"
"url": "https://access.redhat.com/errata/RHSA-2017:0827",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0827"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0828",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0828"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0829",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0829"
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:1609",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1609"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-8657",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8657"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400343",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1400343"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8657",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8657"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}

235
2016/8xxx/CVE-2016-8909.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8909",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position."
"value": "CVE-2016-8909 Qemu: audio: intel-hda: infinite loop in processing dma buffer stream"
}
]
},
@ -44,58 +21,204 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Loop with Unreachable Exit Condition ('Infinite Loop')",
"cweId": "CWE-835"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 11.0 (Ocata)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-14.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161024 Re: CVE request Qemu: audio: intel-hda: infinite loop in processing dma buffer stream",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/24/4"
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "GLSA-201611-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-11"
"url": "https://access.redhat.com/errata/RHSA-2017:2392",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "[oss-security] 20161024 CVE request Qemu: audio: intel-hda: infinite loop in processing dma buffer stream",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/24/1"
"url": "https://access.redhat.com/errata/RHSA-2017:2408",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "openSUSE-SU-2016:3237",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
"url": "https://security.gentoo.org/glsa/201611-11",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[qemu-devel] 20161020 [PATCH] audio: intel-hda: check stream entry count during transfer",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04682.html"
"url": "http://www.openwall.com/lists/oss-security/2016/10/24/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/10/24/1"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
"url": "http://www.openwall.com/lists/oss-security/2016/10/24/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/10/24/4"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
"url": "http://www.securityfocus.com/bid/93842",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/93842"
},
{
"name": "93842",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93842"
"url": "https://access.redhat.com/security/cve/CVE-2016-8909",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8909"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388052",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1388052"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04682.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04682.html"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank PSIRT (Huawei Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
]
}

235
2016/8xxx/CVE-2016-8910.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8910",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count."
"value": "CVE-2016-8910 Qemu: net: rtl8139: infinite loop while transmit in C+ mode"
}
]
},
@ -44,58 +21,204 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Loop with Unreachable Exit Condition ('Infinite Loop')",
"cweId": "CWE-835"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 11.0 (Ocata)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-14.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "GLSA-201611-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-11"
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[oss-security] 20161024 Re: CVE request Qemu: net: rtl8139: infinite loop while transmit in C+ mode",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/24/5"
"url": "https://access.redhat.com/errata/RHSA-2017:2392",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
"url": "https://access.redhat.com/errata/RHSA-2017:2408",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "openSUSE-SU-2016:3237",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "93844",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93844"
"url": "https://security.gentoo.org/glsa/201611-11",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[qemu-devel] 20161024 [PATCH] net: rtl8139: limit processing of ring descript",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html"
"url": "http://www.openwall.com/lists/oss-security/2016/10/24/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/10/24/2"
},
{
"name": "[oss-security] 20161024 CVE request Qemu: net: rtl8139: infinite loop while transmit in C+ mode",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/24/2"
"url": "http://www.openwall.com/lists/oss-security/2016/10/24/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/10/24/5"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
"url": "http://www.securityfocus.com/bid/93844",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/93844"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
"url": "https://access.redhat.com/security/cve/CVE-2016-8910",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8910"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388046",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1388046"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Andrew Henderson (Intelligent Automation Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
]
}

178
2016/9xxx/CVE-2016-9573.json
View File

@ -1,107 +1,153 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9573",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openjpeg",
"version": {
"version_data": [
{
"version_value": "2.1.2"
}
]
}
}
]
},
"vendor_name": "The OpenJPEG Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap."
"value": "An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
}
],
[
{
"vectorString": "4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
"value": "Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.5.1-16.el7_3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/uclouvain/openjpeg/issues/862",
"refsource": "CONFIRM",
"url": "https://github.com/uclouvain/openjpeg/issues/862"
"url": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"refsource": "MISC",
"name": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d"
},
{
"name": "GLSA-201710-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-26"
"url": "https://security.gentoo.org/glsa/201710-26",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201710-26"
},
{
"name": "97073",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97073"
"url": "https://www.debian.org/security/2017/dsa-3768",
"refsource": "MISC",
"name": "https://www.debian.org/security/2017/dsa-3768"
},
{
"name": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"refsource": "CONFIRM",
"url": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0838.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0838.html"
},
{
"name": "RHSA-2017:0838",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0838.html"
"url": "http://www.securityfocus.com/bid/97073",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/97073"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573"
"url": "https://access.redhat.com/errata/RHSA-2017:0838",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0838"
},
{
"name": "DSA-3768",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3768"
"url": "https://access.redhat.com/security/cve/CVE-2016-9573",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-9573"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402711",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1402711"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573"
},
{
"url": "https://github.com/uclouvain/openjpeg/issues/862",
"refsource": "MISC",
"name": "https://github.com/uclouvain/openjpeg/issues/862"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Liu Bingchang (IIE) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
}
]
}

249
2016/9xxx/CVE-2016-9576.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9576",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device."
"value": "It was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device."
}
]
},
@ -44,108 +21,208 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-696.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.rt56.617.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-693.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-693.2.1.rt56.585.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:3118",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00057.html"
"url": "https://access.redhat.com/errata/RHSA-2017:2669",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"name": "SUSE-SU-2016:3248",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00088.html"
"url": "https://access.redhat.com/errata/RHSA-2017:1842",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1842"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0ac402cfcdc904f9772e1762b3fda112dcc56a0",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0ac402cfcdc904f9772e1762b3fda112dcc56a0"
"url": "https://access.redhat.com/errata/RHSA-2017:2077",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"name": "openSUSE-SU-2016:3085",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00040.html"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0817.html"
},
{
"name": "https://github.com/torvalds/linux/commit/a0ac402cfcdc904f9772e1762b3fda112dcc56a0",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/a0ac402cfcdc904f9772e1762b3fda112dcc56a0"
"url": "https://access.redhat.com/errata/RHSA-2017:0817",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0817"
},
{
"name": "RHSA-2017:2669",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0ac402cfcdc904f9772e1762b3fda112dcc56a0",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0ac402cfcdc904f9772e1762b3fda112dcc56a0"
},
{
"name": "SUSE-SU-2016:3188",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00072.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00040.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00040.html"
},
{
"name": "openSUSE-SU-2016:3086",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00041.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00041.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00041.html"
},
{
"name": "SUSE-SU-2016:3146",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00062.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00057.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00057.html"
},
{
"name": "SUSE-SU-2016:3203",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00075.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00062.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00062.html"
},
{
"name": "RHSA-2017:0817",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00072.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00072.html"
},
{
"name": "SUSE-SU-2016:3217",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00081.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00075.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00075.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1403145",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403145"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00081.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00081.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00088.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00088.html"
},
{
"name": "[oss-security] 20161209 Linux Kernel use-after-free in SCSI generic device interface",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/19"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00091.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00091.html"
},
{
"name": "RHSA-2017:2077",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2077"
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14"
},
{
"name": "RHSA-2017:1842",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1842"
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/19",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/12/08/19"
},
{
"name": "94821",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94821"
"url": "http://www.securityfocus.com/bid/94821",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94821"
},
{
"name": "SUSE-SU-2016:3252",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00091.html"
"url": "https://access.redhat.com/security/cve/CVE-2016-9576",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-9576"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403145",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1403145"
},
{
"url": "https://github.com/torvalds/linux/commit/a0ac402cfcdc904f9772e1762b3fda112dcc56a0",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/a0ac402cfcdc904f9772e1762b3fda112dcc56a0"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.2,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}

211
2016/9xxx/CVE-2016-9907.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9907",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host."
"value": "CVE-2016-9907 Qemu: usb: redirector: memory leakage when destroying redirector"
}
]
},
@ -44,43 +21,183 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Clearing of Heap Memory Before Release ('Heap Inspection')",
"cweId": "CWE-244"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 11.0 (Ocata)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-14.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "94759",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94759"
"url": "https://access.redhat.com/errata/RHSA-2017:2392",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
"url": "https://access.redhat.com/errata/RHSA-2017:2408",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201701-49",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-49"
"url": "https://security.gentoo.org/glsa/201701-49",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "[oss-security] 20161208 Re: CVE request Qemu: usb: redirector: memory leakage when destroying",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/3"
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/12/08/3"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
"url": "http://www.securityfocus.com/bid/94759",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94759"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-9907",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-9907"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402265",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1402265"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
]
}

133
2017/12xxx/CVE-2017-12168.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-12168",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux kernel before 4.9",
"version": {
"version_data": [
{
"version_value": "Linux kernel before 4.9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR)."
"value": "An assertion failure issue was found in the Linux kernel's KVM hypervisor module built to support visualization on ARM64 architecture platforms. The failure could occur while accessing Performance Monitors Cycle Count Register (PMCCNTR) from a guest. A privileged guest user could use this flaw to crash the host kernel resulting in denial of service."
}
]
},
@ -44,33 +21,107 @@
"description": [
{
"lang": "eng",
"value": "assert failure CWE-617"
"value": "Reachable Assertion",
"cweId": "CWE-617"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:4.11.0-44.el7a",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/9e3f7a29694049edd728e2400ab57ad7553e5aa9",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/9e3f7a29694049edd728e2400ab57ad7553e5aa9"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9e3f7a29694049edd728e2400ab57ad7553e5aa9",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9e3f7a29694049edd728e2400ab57ad7553e5aa9"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.11",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.11"
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.11",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.11"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9e3f7a29694049edd728e2400ab57ad7553e5aa9",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9e3f7a29694049edd728e2400ab57ad7553e5aa9"
"url": "https://access.redhat.com/errata/RHEA-2017:3163",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHEA-2017:3163"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1492984",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492984"
"url": "https://access.redhat.com/security/cve/CVE-2017-12168",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-12168"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492984",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1492984"
},
{
"url": "https://github.com/torvalds/linux/commit/9e3f7a29694049edd728e2400ab57ad7553e5aa9",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/9e3f7a29694049edd728e2400ab57ad7553e5aa9"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.2,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
]
}

128
2017/12xxx/CVE-2017-12171.json
View File

@ -1,86 +1,112 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-12171",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "httpd",
"version": {
"version_data": [
{
"version_value": "2.2.15-60"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the \"Allow\" and \"Deny\" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource."
"value": "A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the \"Allow\" and \"Deny\" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
"value": "Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.2.15-60.el6_9.6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "101516",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101516"
"url": "http://www.securityfocus.com/bid/101516",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/101516"
},
{
"name": "RHSA-2017:2972",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2972"
"url": "http://www.securitytracker.com/id/1039633",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1039633"
},
{
"name": "1039633",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039633"
"url": "https://access.redhat.com/errata/RHSA-2017:2972",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2972"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12171",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12171"
"url": "https://access.redhat.com/security/cve/CVE-2017-12171",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-12171"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493056",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1493056"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12171",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12171"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank KAWAHARA Masashi for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
]
}

109
2020/1xxx/CVE-2020-1706.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1706",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insecure modification vulnerability in the /etc/passwd file was found in the openshift/apb-tools. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -15,61 +36,89 @@
"product": {
"product_data": [
{
"product_name": "openshift/apb-tools-container",
"product_name": "Red Hat OpenShift Container Platform 4.2",
"version": {
"version_data": [
{
"version_value": "openshift-enterprise version 3.11"
},
{
"version_value": "from openshift-enterprise version 4.1 to, including 4.3"
}
]
}
}
]
}
"version_value": "v4.2.34-202005252115",
"version_affected": "!"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
"product_name": "Red Hat OpenShift Container Platform 4.3",
"version": {
"version_data": [
{
"lang": "eng",
"value": "CWE-732"
"version_value": "v4.3.24-202006011815",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1706",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1706",
"refsource": "CONFIRM"
}
]
"url": "https://access.redhat.com/articles/4859371",
"refsource": "MISC",
"name": "https://access.redhat.com/articles/4859371"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/apb-tools-container."
"url": "https://access.redhat.com/errata/RHSA-2020:2305",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:2305"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:2442",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:2442"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-1706",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2020-1706"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793302",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793302"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1706",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1706"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Joseph LaMagna-Reiter (SPR Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "7/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
]
}
}

154
2020/1xxx/CVE-2020-1708.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1708",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mysql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Privilege Assignment",
"cweId": "CWE-266"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -15,76 +36,121 @@
"product": {
"product_data": [
{
"product_name": "openshift/mysql-apb",
"product_name": "Red Hat OpenShift Container Platform 3.11",
"version": {
"version_data": [
{
"version_value": "openshift-enterprise version 3.11"
},
{
"version_value": "from openshift-enterprise version 4.1 to, including 4.3"
}
]
}
}
]
}
"version_value": "v3.11.188-4",
"version_affected": "!"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
"product_name": "Red Hat OpenShift Container Platform 4.1",
"version": {
"version_data": [
{
"lang": "eng",
"value": "CWE-266"
"version_value": "v4.1.37-202003021622",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.2",
"version": {
"version_data": [
{
"version_value": "v4.2.21-202002240343",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.3",
"version": {
"version_data": [
{
"version_value": "v4.3.5-202003020549",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/articles/4859371",
"refsource": "MISC",
"name": "https://access.redhat.com/articles/4859371"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0617",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0617"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0681",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0681"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0694",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0694"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0800",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0800"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-1708",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2020-1708"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793299",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793299"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1708",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1708",
"refsource": "CONFIRM"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0681",
"url": "https://access.redhat.com/errata/RHSA-2020:0681"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0617",
"url": "https://access.redhat.com/errata/RHSA-2020:0617"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0694",
"url": "https://access.redhat.com/errata/RHSA-2020:0694"
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1708"
}
]
},
"description": {
"description_data": [
"credits": [
{
"lang": "eng",
"value": "It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/mysql-apb."
"lang": "en",
"value": "Red Hat would like to thank Joseph LaMagna-Reiter (SPR Inc.) for reporting this issue."
}
]
},
],
"impact": {
"cvss": [
[
{
"vectorString": "7/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
]
}
}

105
2020/1xxx/CVE-2020-1722.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1722",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in IPA. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -15,58 +36,88 @@
"product": {
"product_data": [
{
"product_name": "ipa",
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "all ipa versions 4.x.x through 4.8.0"
}
]
}
}
]
}
"version_value": "0:4.6.8-5.el7",
"version_affected": "!"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"lang": "eng",
"value": "CWE-400"
"version_value": "8030020200923172426.05ac3f11",
"version_affected": "!"
},
{
"version_value": "8030020200923172343.9c827e52",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1722",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1722",
"refsource": "CONFIRM"
}
]
"url": "https://access.redhat.com/errata/RHSA-2020:3936",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:3936"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability."
"url": "https://access.redhat.com/errata/RHSA-2020:4670",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:4670"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-1722",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2020-1722"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793071",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793071"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1722",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1722"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Pritam Singh (Red Hat)."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
]
}
}

144
2020/1xxx/CVE-2020-1726.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1726",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"description": {
"description_data": [
{
"vendor_name": "The ",
"product": {
"product_data": [
{
"product_name": "podman",
"version": {
"version_data": [
{
"version_value": "from 1.6.0 onwards"
"lang": "eng",
"value": "A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
@ -36,52 +21,115 @@
"description": [
{
"lang": "eng",
"value": "CWE-552"
"value": "Files or Directories Accessible to External Parties",
"cweId": "CWE-552"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "8020020200324071414.0d58ad57",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.3",
"version": {
"version_data": [
{
"version_value": "0:1.6.4-7.el8",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00097.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00097.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00103.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00103.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0680",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0680"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:1650",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:1650"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-1726",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2020-1726"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801152",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1801152"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1726",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1726",
"refsource": "CONFIRM"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0680",
"url": "https://access.redhat.com/errata/RHSA-2020:0680"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1552",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00097.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1559",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00103.html"
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1726"
}
]
},
"description": {
"description_data": [
"work_around": [
{
"lang": "eng",
"value": "A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0."
"lang": "en",
"value": "If a volume needs to be attached as read-only to an untrusted container or container image, first attach it to a trusted container. Using the volume for the first time will make the attack impossible for other containers that are going to use the volume."
}
]
},
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Tristan De Cacqueray (Red Hat)."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "5.9/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
]
}
}

161
2020/1xxx/CVE-2020-1734.json
View File

@ -1,61 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1734",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Ansible",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734",
"refsource": "CONFIRM"
},
{
"url": "https://github.com/ansible/ansible/issues/67792",
"name": "https://github.com/ansible/ansible/issues/67792",
"refsource": "MISC"
}
]
},
"description": {
"description_data": [
{
@ -64,14 +15,116 @@
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Ansible Tower 3.4 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "1.4.15-28",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Ansible Tower 3.5 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "3.5.6-1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHBA-2020:0547",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"url": "https://access.redhat.com/errata/RHBA-2020:1539",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2020:1539"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-1734",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2020-1734"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801804",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1801804"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734"
},
{
"url": "https://github.com/ansible/ansible/issues/67792",
"refsource": "MISC",
"name": "https://github.com/ansible/ansible/issues/67792"
}
]
},
"work_around": [
{
"lang": "en",
"value": "This issue can be avoided by escaping variables which are used in the lookup."
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Damien Aumaitre (Quarkslab) and Nicolas Surbayrole (Quarkslab) for reporting this issue."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "7.4/CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.0"
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
]
]
}
}

129
2020/1xxx/CVE-2020-1741.json
View File

@ -1,56 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1741",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "openshift-ansible",
"version": {
"version_data": [
{
"version_value": "openshift-ansible-3.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-185"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1741",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1741",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
@ -59,14 +15,89 @@
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Regular Expression",
"cweId": "CWE-185"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 3.11",
"version": {
"version_data": [
{
"version_value": "0:3.11.272-1.git.0.79ab6e9.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2020:3541",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:3541"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-1741",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2020-1741"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802381",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1802381"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1741",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1741"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Ensure that the corsAllowedOrigin definition within master-config.yaml contains elements in the form \n\n~~~\ncorsAllowedOrigins:\n- ^(?i)https://my\\.subdomain\\.domain\\.com(:|\\z)\n~~~\n\nand not the form\n\n~~~\ncorsAllowedOrigins:\n- (?i)//my\\.subdomain\\.domain\\.com(:|\\z)\n~~~\n\nas the first will permit cross origin requests only if the host and protocol matches, whereas the second will permit a downgrade to http protocol for example."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "5.9/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
]
]
}
}

120
2020/25xxx/CVE-2020-25657.json
View File

@ -1,56 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25657",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "m2crypto",
"version": {
"version_data": [
{
"version_value": "All released versions of m2crypto"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-385"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1889823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889823"
}
]
},
"description": {
"description_data": [
{
@ -58,5 +14,79 @@
"value": "A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Observable Discrepancy",
"cweId": "CWE-203"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Virtualization Engine 4.4",
"version": {
"version_data": [
{
"version_value": "0:4.4.5.9-1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2021:1169",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:1169"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-25657",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2020-25657"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889823",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1889823"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}
}

153
2020/25xxx/CVE-2020-25658.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25658",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"description": {
"description_data": [
{
"vendor_name": "Sybren A. St\u00fcvel",
"product": {
"product_data": [
{
"product_name": "python-rsa",
"version": {
"version_data": [
{
"version_value": "after 3.0 (inclusive)"
"lang": "eng",
"value": "A flaw was found in python-rsa, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption API, to decrypt parts of the ciphertext encrypted with RSA. The highest threat from this vulnerability is to confidentiality."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
@ -36,57 +21,135 @@
"description": [
{
"lang": "eng",
"value": "CWE-385"
"value": "Covert Timing Channel",
"cweId": "CWE-385"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Ceph Storage 4.3",
"version": {
"version_data": [
{
"version_value": "0:4.8-1.el8cp",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 3.11",
"version": {
"version_data": [
{
"version_value": "0:4.5-3.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.7",
"version": {
"version_data": [
{
"version_value": "0:4.7-1.el8",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658",
"refsource": "CONFIRM"
},
{
"url": "https://github.com/sybrenstuvel/python-rsa/issues/165",
"refsource": "MISC",
"name": "https://github.com/sybrenstuvel/python-rsa/issues/165"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-783a157adc",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/"
"url": "https://access.redhat.com/errata/RHSA-2020:5634",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:5634"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-c1fef03e71",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/"
"url": "https://access.redhat.com/errata/RHSA-2021:0637",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:0637"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-15e50503d6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/"
"url": "https://access.redhat.com/errata/RHSA-2022:1716",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:1716"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-25658",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2020-25658"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889972",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1889972"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/"
}
]
},
"description": {
"description_data": [
"credits": [
{
"lang": "eng",
"value": "It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA."
"lang": "en",
"value": "This issue was discovered by Hubert Kario (Red Hat)."
}
]
},
],
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
]
}
}

158
2020/25xxx/CVE-2020-25661.json
View File

@ -1,66 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25661",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel-4.18.0-240.el8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/vulnerabilities/BleedingTooth",
"name": "https://access.redhat.com/security/vulnerabilities/BleedingTooth",
"refsource": "CONFIRM"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25661",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25661",
"refsource": "CONFIRM"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-12351",
"name": "https://access.redhat.com/security/cve/CVE-2020-12351",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
@ -69,14 +15,108 @@
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Access of Resource Using Incompatible Type ('Type Confusion')",
"cweId": "CWE-843"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:4.18.0-240.1.1.rt7.55.el8_3",
"version_affected": "!"
},
{
"version_value": "0:4.18.0-240.1.1.el8_3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2020:4685",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:4685"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:4686",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:4686"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-12351",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2020-12351"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-25661",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2020-25661"
},
{
"url": "https://access.redhat.com/security/vulnerabilities/BleedingTooth",
"refsource": "MISC",
"name": "https://access.redhat.com/security/vulnerabilities/BleedingTooth"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891483",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1891483"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25661",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25661"
}
]
},
"work_around": [
{
"lang": "en",
"value": "To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at https://access.redhat.com/solutions/2682931.\n\nAlternatively, Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
]
}
}

166
2020/25xxx/CVE-2020-25662.json
View File

@ -1,74 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25662",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel-4.18.0-240.el8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-665"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/vulnerabilities/BleedingTooth",
"name": "https://access.redhat.com/security/vulnerabilities/BleedingTooth",
"refsource": "CONFIRM"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25662",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25662",
"refsource": "CONFIRM"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-12352",
"name": "https://access.redhat.com/security/cve/CVE-2020-12352",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
@ -77,14 +15,108 @@
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Initialization",
"cweId": "CWE-665"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:4.18.0-240.1.1.rt7.55.el8_3",
"version_affected": "!"
},
{
"version_value": "0:4.18.0-240.1.1.el8_3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2020:4685",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:4685"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:4686",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:4686"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-12352",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2020-12352"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-25662",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2020-25662"
},
{
"url": "https://access.redhat.com/security/vulnerabilities/BleedingTooth",
"refsource": "MISC",
"name": "https://access.redhat.com/security/vulnerabilities/BleedingTooth"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891484",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1891484"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25662",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25662"
}
]
},
"work_around": [
{
"lang": "en",
"value": "To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at https://access.redhat.com/solutions/2682931.\n\nAlternatively, Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
]
}
}

196
2020/27xxx/CVE-2020-27820.json
View File

@ -1,76 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27820",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "to be fixed in RHEL-9 release"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1901726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901726"
},
{
"refsource": "MISC",
"name": "https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline@redhat.com/",
"url": "https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline@redhat.com/"
},
{
"refsource": "MISC",
"name": "https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline@redhat.com/",
"url": "https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline@redhat.com/"
},
{
"refsource": "MISC",
"name": "https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline@redhat.com/",
"url": "https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline@redhat.com/"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
},
"description": {
"description_data": [
{
@ -78,5 +14,135 @@
"value": "A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if \"unbind\" the driver)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:4.18.0-372.9.1.rt7.166.el8",
"version_affected": "!"
},
{
"version_value": "0:4.18.0-372.9.1.el8",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline@redhat.com/",
"refsource": "MISC",
"name": "https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline@redhat.com/"
},
{
"url": "https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline@redhat.com/",
"refsource": "MISC",
"name": "https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline@redhat.com/"
},
{
"url": "https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline@redhat.com/",
"refsource": "MISC",
"name": "https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline@redhat.com/"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:1975",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:1988",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:1988"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-27820",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2020-27820"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901726",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1901726"
},
{
"url": "https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline%40redhat.com/",
"refsource": "MISC",
"name": "https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline%40redhat.com/"
},
{
"url": "https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline%40redhat.com/",
"refsource": "MISC",
"name": "https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline%40redhat.com/"
},
{
"url": "https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline%40redhat.com/",
"refsource": "MISC",
"name": "https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline%40redhat.com/"
}
]
},
"work_around": [
{
"lang": "en",
"value": "To mitigate this issue, prevent the module nouveau from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically."
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Jeremy Cline (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}
}

96
2020/35xxx/CVE-2020-35492.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35492",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"description": {
"description_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "cairo",
"version": {
"version_data": [
{
"version_value": "All cairo versions"
"lang": "eng",
"value": "A flaw was found in cairo's image-compositor.c. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
@ -36,26 +21,83 @@
"description": [
{
"lang": "eng",
"value": "CWE-121"
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:1.15.12-6.el8",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2022:1961",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396"
"name": "https://access.redhat.com/errata/RHSA-2022:1961"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-35492",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2020-35492"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396"
}
]
},
"description": {
"description_data": [
"work_around": [
{
"lang": "eng",
"value": "A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability."
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Stephan Bergmann (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

186
2020/35xxx/CVE-2020-35508.json
View File

@ -1,66 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35508",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel 5.12"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-665"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1902724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902724"
},
{
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948",
"url": "https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210513-0006/",
"url": "https://security.netapp.com/advisory/ntap-20210513-0006/"
}
]
},
"description": {
"description_data": [
{
@ -68,5 +14,135 @@
"value": "A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Initialization",
"cweId": "CWE-665"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:4.18.0-305.rt7.72.el8",
"version_affected": "!"
},
{
"version_value": "0:4.18.0-305.el8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:4.18.0-193.60.2.rt13.112.el8_2",
"version_affected": "!"
},
{
"version_value": "0:4.18.0-193.60.2.el8_2",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:1578",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:1578"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:1739",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:1739"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:2718",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:2718"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:2719",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:2719"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-35508",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2020-35508"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902724",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1902724"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210513-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20210513-0006/"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Eddy Wu (trendmicro.com) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}
}

151
2020/35xxx/CVE-2020-35517.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35517",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"description": {
"description_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "qemu",
"version": {
"version_data": [
{
"version_value": "qemu 5.2.0"
"lang": "eng",
"value": "A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
@ -36,51 +21,139 @@
"description": [
{
"lang": "eng",
"value": "CWE-269"
"value": "Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Advanced Virtualization for RHEL 8.2.1",
"version": {
"version_data": [
{
"version_value": "8020120210211153838.863bb0db",
"version_affected": "!"
}
]
}
},
{
"product_name": "Advanced Virtualization for RHEL 8.3.1",
"version": {
"version_data": [
{
"version_value": "8030120210211160750.71132145",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "8030020210210212009.229f0a1c",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c",
"refsource": "MISC",
"name": "https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c",
"url": "https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c"
"name": "https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c"
},
{
"url": "https://www.openwall.com/lists/oss-security/2021/01/22/1",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1915823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915823"
"name": "https://www.openwall.com/lists/oss-security/2021/01/22/1"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2021/01/22/1",
"url": "https://www.openwall.com/lists/oss-security/2021/01/22/1"
"name": "https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html"
},
{
"url": "https://security.gentoo.org/glsa/202208-27",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html"
"name": "https://security.gentoo.org/glsa/202208-27"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210312-0002/",
"url": "https://security.netapp.com/advisory/ntap-20210312-0002/"
"url": "https://access.redhat.com/errata/RHBA-2021:0639",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2021:0639"
},
{
"refsource": "GENTOO",
"name": "GLSA-202208-27",
"url": "https://security.gentoo.org/glsa/202208-27"
"url": "https://access.redhat.com/errata/RHSA-2021:0711",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:0711"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:0743",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:0743"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-35517",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2020-35517"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915823",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1915823"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210312-0002/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20210312-0002/"
},
{
"url": "https://virtio-fs.gitlab.io/",
"refsource": "MISC",
"name": "https://virtio-fs.gitlab.io/"
}
]
},
"description": {
"description_data": [
"credits": [
{
"lang": "eng",
"value": "A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices."
"lang": "en",
"value": "Red Hat would like to thank Alex Xu (alxu.ca) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

111
2021/20xxx/CVE-2021-20194.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20194",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"description": {
"description_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel 5.2 and higher."
"lang": "eng",
"value": "A flaw buffer overflow in the Linux kernel BPF subsystem was found in the way user running BPF script calling getsockopt. A local user could use this flaw to crash the system or possibly escalate their privileges on the system."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
@ -36,31 +21,97 @@
"description": [
{
"lang": "eng",
"value": "CWE-20"
"value": "Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:4.18.0-348.rt7.130.el8",
"version_affected": "!"
},
{
"version_value": "0:4.18.0-348.el8",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2021:4140",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1912683",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912683"
"name": "https://access.redhat.com/errata/RHSA-2021:4140"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210326-0003/",
"url": "https://security.netapp.com/advisory/ntap-20210326-0003/"
"url": "https://access.redhat.com/errata/RHSA-2021:4356",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:4356"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-20194",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-20194"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912683",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1912683"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210326-0003/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20210326-0003/"
}
]
},
"description": {
"description_data": [
"work_around": [
{
"lang": "eng",
"value": "There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation."
"lang": "en",
"value": "The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.\n\nFor the Red Hat Enterprise Linux 7 the eBPF for unprivileged users is always disabled.\n\nFor the Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command:\n\n# cat /proc/sys/kernel/unprivileged_bpf_disabled\n\nThe setting of 1 would mean that unprivileged users can not use eBPF."
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Loris Reiff for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

203
2021/20xxx/CVE-2021-20196.json
View File

@ -1,76 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20196",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "qemu",
"version": {
"version_data": [
{
"version_value": "vulnerable up to (including) qemu 5.2.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugs.launchpad.net/qemu/+bug/1912780",
"url": "https://bugs.launchpad.net/qemu/+bug/1912780"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2021/01/28/1",
"url": "https://www.openwall.com/lists/oss-security/2021/01/28/1"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210708-0004/",
"url": "https://security.netapp.com/advisory/ntap-20210708-0004/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220404 [SECURITY] [DLA 2970-1] qemu security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
},
"description": {
"description_data": [
{
@ -78,5 +14,142 @@
"value": "A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Advanced Virtualization for RHEL 8.4.0.EUS",
"version": {
"version_data": [
{
"version_value": "8040020220110150817.522a0ee4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Advanced Virtualization for RHEL 8.5.0.Z",
"version": {
"version_data": [
{
"version_value": "8050020220115095224.c5368500",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "8060020220408104655.d63f516d",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugs.launchpad.net/qemu/+bug/1912780",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/qemu/+bug/1912780"
},
{
"url": "https://www.openwall.com/lists/oss-security/2021/01/28/1",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2021/01/28/1"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:0325",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:0325"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:0397",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:0397"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:1759",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:1759"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-20196",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-20196"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919210",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1919210"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210708-0004/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20210708-0004/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Gaoning Pan (Zhejiang University & Ant Security Light-Year Lab) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
]
}
}

100
2021/20xxx/CVE-2021-20197.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20197",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"description": {
"description_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "binutils",
"version": {
"version_data": [
{
"version_value": "binutils 2.35"
"lang": "eng",
"value": "There is an open race window when writing output in the following utilities in GNU binutils1: ar, objcopy, strip, and ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
@ -36,41 +21,86 @@
"description": [
{
"lang": "eng",
"value": "CWE-59"
"value": "Improper Link Resolution Before File Access ('Link Following')",
"cweId": "CWE-59"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:2.30-108.el8",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26945",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1913743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913743"
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=26945"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:4364",
"refsource": "MISC",
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=26945",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26945"
"name": "https://access.redhat.com/errata/RHSA-2021:4364"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210528-0009/",
"url": "https://security.netapp.com/advisory/ntap-20210528-0009/"
"url": "https://access.redhat.com/security/cve/CVE-2021-20197",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-20197"
},
{
"refsource": "GENTOO",
"name": "GLSA-202208-30",
"url": "https://security.gentoo.org/glsa/202208-30"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913743",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1913743"
},
{
"url": "https://security.gentoo.org/glsa/202208-30",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202208-30"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210528-0009/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20210528-0009/"
}
]
},
"description": {
"description_data": [
"impact": {
"cvss": [
{
"lang": "eng",
"value": "There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink."
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

158
2021/20xxx/CVE-2021-20221.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20221",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"description": {
"description_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "qemu",
"version": {
"version_data": [
{
"version_value": "up to, including qemu 4.2.0"
"lang": "eng",
"value": "An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
@ -36,46 +21,133 @@
"description": [
{
"lang": "eng",
"value": "CWE-125->CWE-787"
"value": "Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Advanced Virtualization for RHEL 8.2.1",
"version": {
"version_data": [
{
"version_value": "8020120210603194525.863bb0db",
"version_affected": "!"
}
]
}
},
{
"product_name": "Advanced Virtualization for RHEL 8.3.1",
"version": {
"version_data": [
{
"version_value": "8030120210325145214.8f6a38fe",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "8040020210721215855.522a0ee4",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[oss-security] 20210205 CVE-2021-20221 QEMU: aarch64: GIC: out-of-bound heap buffer access via an interrupt ID field",
"url": "http://www.openwall.com/lists/oss-security/2021/02/05/1"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1924601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924601"
"name": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210708-0005/",
"url": "https://security.netapp.com/advisory/ntap-20210708-0005/"
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
"url": "http://www.openwall.com/lists/oss-security/2021/02/05/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2021/02/05/1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:1125",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:1125"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:2521",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:2521"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:3061",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:3061"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-20221",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-20221"
},
{
"url": "https://bugs.launchpad.net/qemu/+bug/1914353",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/qemu/+bug/1914353"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924601",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1924601"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210708-0005/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20210708-0005/"
},
{
"url": "https://www.openwall.com/lists/oss-security/2021/02/05/1",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2021/02/05/1"
}
]
},
"description": {
"description_data": [
"impact": {
"cvss": [
{
"lang": "eng",
"value": "An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario."
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
]
}

126
2021/20xxx/CVE-2021-20256.json
View File

@ -1,56 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20256",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite",
"version": {
"version_data": [
{
"version_value": "As shipped in Red Hat Satellite 6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1930926",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930926"
}
]
},
"description": {
"description_data": [
{
@ -58,5 +14,85 @@
"value": "A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 6.10 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:6.10.0-3.el7sat",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2021:4702",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:4702"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-20256",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-20256"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930926",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1930926"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Evgeni Golov (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}
}

202
2021/20xxx/CVE-2021-20257.json
View File

@ -1,86 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20257",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "Fixed-In v6.2.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-835"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2021/02/25/2",
"url": "https://www.openwall.com/lists/oss-security/2021/02/25/2"
},
{
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07428.html",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07428.html"
},
{
"refsource": "MISC",
"name": "https://github.com/qemu/qemu/commit/3de46e6fc489c52c9431a8a832ad8170a7569bd8",
"url": "https://github.com/qemu/qemu/commit/3de46e6fc489c52c9431a8a832ad8170a7569bd8"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1930087",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930087"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220425-0003/",
"url": "https://security.netapp.com/advisory/ntap-20220425-0003/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202208-27",
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
},
"description": {
"description_data": [
{
@ -88,5 +14,131 @@
"value": "An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Loop with Unreachable Exit Condition ('Infinite Loop')",
"cweId": "CWE-835"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Advanced Virtualization for RHEL 8.5.0.Z",
"version": {
"version_data": [
{
"version_value": "8050020211203164130.c5368500",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "8050020211203195115.c5368500",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.openwall.com/lists/oss-security/2021/02/25/2",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2021/02/25/2"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07428.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07428.html"
},
{
"url": "https://github.com/qemu/qemu/commit/3de46e6fc489c52c9431a8a832ad8170a7569bd8",
"refsource": "MISC",
"name": "https://github.com/qemu/qemu/commit/3de46e6fc489c52c9431a8a832ad8170a7569bd8"
},
{
"url": "https://security.gentoo.org/glsa/202208-27",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202208-27"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:5238",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:5238"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:0081",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:0081"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-20257",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-20257"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930087",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1930087"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220425-0003/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20220425-0003/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Alexander Bulekov, Cheolwoo Myung (Seoul National University), Cornelius Aschermann (Ruhr-University Bochum), Sergej Schumilo (Ruhr-University Bochum), and Simon Werner (Ruhr-University Bochum) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
]
}
}

90
2021/20xxx/CVE-2021-20269.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20269",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"description": {
"description_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kexec-tools",
"version": {
"version_data": [
{
"version_value": "Fedora kexec-tools versions prior to 2.0.21-8 and RHEL kexec-tools versions prior to 2.0.20-47"
"lang": "eng",
"value": "A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
@ -36,26 +21,77 @@
"description": [
{
"lang": "eng",
"value": "CWE-276"
"value": "Incorrect Default Permissions",
"cweId": "CWE-276"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:2.0.20-57.el8",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2021:4404",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1934261",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934261"
"name": "https://access.redhat.com/errata/RHSA-2021:4404"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-20269",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-20269"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934261",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1934261"
}
]
},
"description": {
"description_data": [
"work_around": [
{
"lang": "eng",
"value": "A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47."
"lang": "en",
"value": "The kexec service can be disabled until the kexec-tools package are updated on the system. No reboot is required for these changes to take effect."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

318
2021/20xxx/CVE-2021-20271.json
View File

@ -1,86 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20271",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "rpm",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-345"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1934125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934125"
},
{
"refsource": "MISC",
"name": "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21",
"url": "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-2383d950fd",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-8d52a8a999",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-662680e477",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-43",
"url": "https://security.gentoo.org/glsa/202107-43"
},
{
"refsource": "MISC",
"name": "https://www.starwindsoftware.com/security/sw-20220805-0002/",
"url": "https://www.starwindsoftware.com/security/sw-20220805-0002/"
}
]
},
"description": {
"description_data": [
{
@ -88,5 +14,247 @@
"value": "A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient Verification of Data Authenticity",
"cweId": "CWE-345"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:4.11.3-48.el7_9",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.6 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:4.11.3-35.el7_6.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.6 Telco Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:4.11.3-35.el7_6.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions",
"version": {
"version_data": [
{
"version_value": "0:4.11.3-35.el7_6.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:4.11.3-40.el7_7.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.7 Telco Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:4.11.3-40.el7_7.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions",
"version": {
"version_data": [
{
"version_value": "0:4.11.3-40.el7_7.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:4.14.3-14.el8_4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:4.14.2-38.el8_2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Migration Toolkit for Containers 1.4",
"version": {
"version_data": [
{
"version_value": "v1.4.6-4",
"version_affected": "!"
},
{
"version_value": "v1.4.6-5",
"version_affected": "!"
},
{
"version_value": "v1.4.6-3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21",
"refsource": "MISC",
"name": "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21"
},
{
"url": "https://access.redhat.com/errata/RHBA-2021:2854",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2021:2854"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:2574",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:2574"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:2791",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:2791"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:4771",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:4771"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:4785",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:4785"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:4975",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:4975"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-20271",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-20271"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934125",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1934125"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"
},
{
"url": "https://security.gentoo.org/glsa/202107-43",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202107-43"
},
{
"url": "https://www.starwindsoftware.com/security/sw-20220805-0002/",
"refsource": "MISC",
"name": "https://www.starwindsoftware.com/security/sw-20220805-0002/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Demi M. Obenour for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

18
2023/25xxx/CVE-2023-25090.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25090",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/25xxx/CVE-2023-25091.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25091",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/25xxx/CVE-2023-25092.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25092",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/25xxx/CVE-2023-25093.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25093",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/25xxx/CVE-2023-25094.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25094",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/25xxx/CVE-2023-25095.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25095",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/25xxx/CVE-2023-25096.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25096",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/25xxx/CVE-2023-25097.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25097",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/25xxx/CVE-2023-25098.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25098",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/25xxx/CVE-2023-25099.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25099",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/25xxx/CVE-2023-25100.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25100",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/25xxx/CVE-2023-25101.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25101",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/25xxx/CVE-2023-25102.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25102",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/25xxx/CVE-2023-25103.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25103",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/25xxx/CVE-2023-25104.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25104",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/25xxx/CVE-2023-25105.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25105",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/25xxx/CVE-2023-25106.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25106",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/25xxx/CVE-2023-25107.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25107",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/25xxx/CVE-2023-25108.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25108",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/25xxx/CVE-2023-25109.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25109",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/25xxx/CVE-2023-25110.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25110",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/25xxx/CVE-2023-25111.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25111",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/25xxx/CVE-2023-25112.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25112",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}