admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-02 15:01:01 +00:00
parent d97dd25d1d
commit 5e307c1471
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
24 changed files with 4246 additions and 1394 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
2010/2xxx/CVE-2010-2480.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2480",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element."
"value": "CVE-2010-2480 Python-Mako (prior v0.3.4): Improper escaping of single quotes in escape.cgi (XSS)"
}
]
},
@ -44,33 +21,93 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://www.makotemplates.org/CHANGES",
"refsource": "CONFIRM",
"url": "http://www.makotemplates.org/CHANGES"
},
{
"name": "http://bugs.python.org/issue9061",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html",
"refsource": "MISC",
"url": "http://bugs.python.org/issue9061"
"name": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
"url": "http://bugs.python.org/issue9061",
"refsource": "MISC",
"name": "http://bugs.python.org/issue9061"
},
{
"name": "39935",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39935"
"url": "http://secunia.com/advisories/39935",
"refsource": "MISC",
"name": "http://secunia.com/advisories/39935"
},
{
"url": "http://www.makotemplates.org/CHANGES",
"refsource": "MISC",
"name": "http://www.makotemplates.org/CHANGES"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2010-2480",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-2480"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609573",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=609573"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
}
]
}

132
2010/2xxx/CVE-2010-2543.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2543",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b."
"value": "CVE-2009-4032 CVE-2010-2543 cacti: Multiple cross-site scripting flaws"
}
]
},
@ -44,48 +21,103 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "MDVSA-2010:160",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160"
"url": "http://cacti.net/release_notes_0_8_7g.php",
"refsource": "MISC",
"name": "http://cacti.net/release_notes_0_8_7g.php"
},
{
"name": "[oss-security] 20100722 Cacti XSS fixes in 0.8.7g",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127978954522586&w=2"
"url": "http://marc.info/?l=oss-security&m=127978954522586&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=oss-security&m=127978954522586&w=2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=541279",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=541279"
"url": "http://marc.info/?l=oss-security&m=128017203704299&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=oss-security&m=128017203704299&w=2"
},
{
"name": "http://cacti.net/release_notes_0_8_7g.php",
"refsource": "CONFIRM",
"url": "http://cacti.net/release_notes_0_8_7g.php"
"url": "http://svn.cacti.net/viewvc/cacti/branches/0.8.7/include/top_graph_header.php?r1=6025&r2=6024",
"refsource": "MISC",
"name": "http://svn.cacti.net/viewvc/cacti/branches/0.8.7/include/top_graph_header.php?r1=6025&r2=6024"
},
{
"name": "[oss-security] 20100726 Re: Cacti XSS fixes in 0.8.7g",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=128017203704299&w=2"
"url": "http://svn.cacti.net/viewvc?view=rev&revision=6025",
"refsource": "MISC",
"name": "http://svn.cacti.net/viewvc?view=rev&revision=6025"
},
{
"name": "http://svn.cacti.net/viewvc?view=rev&revision=6025",
"refsource": "CONFIRM",
"url": "http://svn.cacti.net/viewvc?view=rev&revision=6025"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160"
},
{
"name": "http://svn.cacti.net/viewvc/cacti/branches/0.8.7/include/top_graph_header.php?r1=6025&r2=6024",
"refsource": "CONFIRM",
"url": "http://svn.cacti.net/viewvc/cacti/branches/0.8.7/include/top_graph_header.php?r1=6025&r2=6024"
"url": "https://access.redhat.com/security/cve/CVE-2010-2543",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-2543"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=541279",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=541279"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

310
2012/2xxx/CVE-2012-2734.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2734",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors."
"value": "CVE-2012-2734 cumin: CSRF flaw"
}
]
},
@ -44,43 +21,264 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "MRG for RHEL-5 v. 2",
"version": {
"version_data": [
{
"version_value": "0:7.6.5-0.22.el5",
"version_affected": "!"
},
{
"version_value": "0:4.1.3-1.el5",
"version_affected": "!"
},
{
"version_value": "0:1.23-1.el5",
"version_affected": "!"
},
{
"version_value": "0:0.1.5444-3.el5",
"version_affected": "!"
},
{
"version_value": "0:1.0-4.el5",
"version_affected": "!"
},
{
"version_value": "0:0.12.5-10.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "0:7.6.5-0.22.el6",
"version_affected": "!"
},
{
"version_value": "0:4.1.3-1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.23-1.el6",
"version_affected": "!"
},
{
"version_value": "0:0.1.5444-3.el6",
"version_affected": "!"
},
{
"version_value": "0:0.5.0-10.el6_2",
"version_affected": "!"
},
{
"version_value": "0:0.9-1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.1.4-2.el6",
"version_affected": "!"
},
{
"version_value": "0:0.12.10-7.el6",
"version_affected": "!"
},
{
"version_value": "0:0.2.7-1.el6",
"version_affected": "!"
},
{
"version_value": "0:3.1.2-2.el6",
"version_affected": "!"
},
{
"version_value": "0:0.8.4-2.el6",
"version_affected": "!"
},
{
"version_value": "0:1.4.6-10.el6",
"version_affected": "!"
},
{
"version_value": "0:0.6.0-4.el6",
"version_affected": "!"
},
{
"version_value": "0:1.16-4.el6_0",
"version_affected": "!"
},
{
"version_value": "0:0.9.7-4.el6",
"version_affected": "!"
},
{
"version_value": "0:2.0.23-6.el6_0",
"version_affected": "!"
},
{
"version_value": "0:1.5.0-0.8.beta4.el6",
"version_affected": "!"
},
{
"version_value": "1:1.3.0-2.el6",
"version_affected": "!"
},
{
"version_value": "0:0.4.3-6.el6_0",
"version_affected": "!"
},
{
"version_value": "0:0.6.1-1.el6",
"version_affected": "!"
},
{
"version_value": "0:0.8.7-2.1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.6.1-2.el6_0",
"version_affected": "!"
},
{
"version_value": "0:1.8.16-1.el6",
"version_affected": "!"
},
{
"version_value": "0:3.1.4-4.el6",
"version_affected": "!"
},
{
"version_value": "1:1.2.6-2.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.0-4.el6",
"version_affected": "!"
},
{
"version_value": "0:1.2.11-3.el6",
"version_affected": "!"
},
{
"version_value": "0:1.3.2-3.el6",
"version_affected": "!"
},
{
"version_value": "0:0.7.2-1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0-6.el6",
"version_affected": "!"
},
{
"version_value": "0:0.12.5-10.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "55618",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "RHSA-2012:1278",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "cumin-redhat-csrf(78775)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78775"
},
{
"name": "RHSA-2012:1281",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50660"
},
{
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832124",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html",
"refsource": "MISC",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832124"
"name": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"url": "http://secunia.com/advisories/50660",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50660"
},
{
"url": "http://www.securityfocus.com/bid/55618",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55618"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1278",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1278"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1281",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1281"
},
{
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832124",
"refsource": "MISC",
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832124"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-2734",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-2734"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=832124",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=832124"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78775",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78775"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

224
2015/3xxx/CVE-2015-3238.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3238",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password."
"value": "It was discovered that the _unix_run_helper_binary() function of PAM's unix_pam module could write to a blocking pipe, possibly causing the function to become unresponsive. An attacker able to supply large passwords to the unix_pam module could use this flaw to enumerate valid user accounts, or cause a denial of service on the system."
}
]
},
@ -44,78 +21,149 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Observable Discrepancy",
"cweId": "CWE-203"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:1.1.1-20.el6_7.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.1.8-12.ael7b_1.1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-10830",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161249.html"
},
{
"name": "RHSA-2015:1640",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1640.html"
},
{
"name": "[oss-security] 20150625 Linux-PAM 1.2.1 released to address CVE-2015-3238",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/25/13"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1228571",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228571"
},
{
"name": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-011/?fid=6551",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161350.html",
"refsource": "MISC",
"url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-011/?fid=6551"
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161350.html"
},
{
"name": "GLSA-201605-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-05"
},
{
"name": "USN-2935-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2935-2"
},
{
"name": "USN-2935-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2935-3"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "USN-2935-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2935-1"
},
{
"name": "FEDORA-2015-10848",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161350.html"
},
{
"name": "75428",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75428"
},
{
"name": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161249.html",
"refsource": "MISC",
"url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/"
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161249.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1640.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1640.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2015/06/25/13",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/06/25/13"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"url": "http://www.securityfocus.com/bid/75428",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/75428"
},
{
"url": "http://www.ubuntu.com/usn/USN-2935-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2935-1"
},
{
"url": "http://www.ubuntu.com/usn/USN-2935-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2935-2"
},
{
"url": "http://www.ubuntu.com/usn/USN-2935-3",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2935-3"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1640",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1640"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-3238",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-3238"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228571",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1228571"
},
{
"url": "https://security.gentoo.org/glsa/201605-05",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201605-05"
},
{
"url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-011/?fid=6551",
"refsource": "MISC",
"name": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-011/?fid=6551"
},
{
"url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/",
"refsource": "MISC",
"name": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
}
]
}

195
2015/3xxx/CVE-2015-3405.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3405",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys."
"value": "A flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server."
}
]
},
@ -44,83 +21,159 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Use of Insufficiently Random Values",
"cweId": "CWE-330"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:4.2.6p5-5.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:4.2.6p5-22.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-5830",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "RHSA-2015:2231",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2231.html"
"url": "http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg",
"refsource": "MISC",
"name": "http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1210324",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210324"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html"
},
{
"name": "DSA-3388",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3388"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"name": "SUSE-SU-2015:1173",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2231.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2231.html"
},
{
"name": "74045",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74045"
"url": "http://www.debian.org/security/2015/dsa-3223",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3223"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
"url": "http://www.debian.org/security/2015/dsa-3388",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "https://bugs.ntp.org/show_bug.cgi?id=2797",
"refsource": "CONFIRM",
"url": "https://bugs.ntp.org/show_bug.cgi?id=2797"
"url": "http://www.openwall.com/lists/oss-security/2015/04/23/14",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/04/23/14"
},
{
"name": "RHSA-2015:1459",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us"
"url": "http://www.securityfocus.com/bid/74045",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/74045"
},
{
"name": "http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg",
"refsource": "CONFIRM",
"url": "http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg"
"url": "https://access.redhat.com/errata/RHSA-2015:1459",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1459"
},
{
"name": "DSA-3223",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3223"
"url": "https://access.redhat.com/errata/RHSA-2015:2231",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2231"
},
{
"name": "[oss-security] 20150423 Re: CVE request: ntp-keygen may generate non-random symmetric keys on big-endian systems",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/23/14"
"url": "https://access.redhat.com/security/cve/CVE-2015-3405",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-3405"
},
{
"url": "https://bugs.ntp.org/show_bug.cgi?id=2797",
"refsource": "MISC",
"name": "https://bugs.ntp.org/show_bug.cgi?id=2797"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210324",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1210324"
},
{
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us",
"refsource": "MISC",
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
]
}

269
2015/5xxx/CVE-2015-5154.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5154",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands."
"value": "A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest."
}
]
},
@ -44,118 +21,226 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:1.5.3-86.el7_1.5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.1.2-23.el7_1.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.1.2-23.el7_1.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-7",
"version": {
"version_data": [
{
"version_value": "10:2.1.2-23.el7_1.6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "76048",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76048"
"url": "https://security.gentoo.org/glsa/201604-03",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-138.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-138.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html"
},
{
"name": "SUSE-SU-2015:1643",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html"
},
{
"name": "GLSA-201510-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201510-02"
"url": "https://security.gentoo.org/glsa/201510-02",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201510-02"
},
{
"name": "1033074",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033074"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html"
},
{
"name": "DSA-3348",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3348"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html"
},
{
"name": "SUSE-SU-2015:1782",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html"
},
{
"name": "RHSA-2015:1508",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1508.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html"
},
{
"name": "RHSA-2015:1507",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1507.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html"
},
{
"name": "FEDORA-2015-12714",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html"
},
{
"name": "RHSA-2015:1512",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1512.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html"
},
{
"name": "SUSE-SU-2015:1455",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html"
},
{
"name": "SUSE-SU-2015:1299",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html"
},
{
"name": "SUSE-SU-2015:1426",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1507.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1507.html"
},
{
"name": "FEDORA-2015-12657",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1508.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1508.html"
},
{
"name": "SUSE-SU-2015:1421",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1512.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1512.html"
},
{
"name": "GLSA-201604-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201604-03"
"url": "http://support.citrix.com/article/CTX201593",
"refsource": "MISC",
"name": "http://support.citrix.com/article/CTX201593"
},
{
"name": "SUSE-SU-2015:1302",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html"
"url": "http://www.debian.org/security/2015/dsa-3348",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3348"
},
{
"name": "SUSE-SU-2015:1409",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html"
"url": "http://www.securityfocus.com/bid/76048",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/76048"
},
{
"name": "http://support.citrix.com/article/CTX201593",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX201593"
"url": "http://www.securitytracker.com/id/1033074",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1033074"
},
{
"name": "FEDORA-2015-12679",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html"
"url": "http://xenbits.xen.org/xsa/advisory-138.html",
"refsource": "MISC",
"name": "http://xenbits.xen.org/xsa/advisory-138.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1507",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1507"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1508",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1508"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1512",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1512"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5154",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5154"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243563",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1243563"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
]
}

278
2015/5xxx/CVE-2015-5162.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5162",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image."
"value": "A resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. oslo.concurrency has been updated to support process limits ('prlimit'), which is needed to fix this flaw."
}
]
},
@ -44,58 +21,247 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2014.1.5-9.el6ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2014.1.5-9.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2014.2.4-11.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2015.1.3-12.el7ost",
"version_affected": "!"
},
{
"version_value": "0:2015.1.2-3.el7ost",
"version_affected": "!"
},
{
"version_value": "0:2015.1.4-32.el7ost",
"version_affected": "!"
},
{
"version_value": "0:1.8.2-2.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"version": {
"version_data": [
{
"version_value": "1:7.0.3-1.el7ost",
"version_affected": "!"
},
{
"version_value": "1:11.0.1-6.el7ost",
"version_affected": "!"
},
{
"version_value": "1:12.0.5-9.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
"version": {
"version_data": [
{
"version_value": "1:8.1.1-4.el7ost",
"version_affected": "!"
},
{
"version_value": "1:12.0.0-2.el7ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/bugs/1449062",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/1449062"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2923.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2923.html"
},
{
"name": "76849",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76849"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2991.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2991.html"
},
{
"name": "RHSA-2017:0153",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0153.html"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0153.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0153.html"
},
{
"name": "[oss-security] 20161006 OSSA 2016-012] Malicious qemu-img input may exhaust resources in Cinder, Glance, Nova (CVE-2015-5162)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/06/8"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0156.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0156.html"
},
{
"name": "RHSA-2016:2923",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2923.html"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0165.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0165.html"
},
{
"name": "RHSA-2016:2991",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2991.html"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0282.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0282.html"
},
{
"name": "RHSA-2017:0165",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0165.html"
"url": "http://www.openwall.com/lists/oss-security/2016/10/06/8",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/10/06/8"
},
{
"name": "RHSA-2017:0156",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0156.html"
"url": "http://www.securityfocus.com/bid/76849",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/76849"
},
{
"name": "RHSA-2017:0282",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0282.html"
"url": "https://access.redhat.com/errata/RHSA-2016:2923",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2923"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2991",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2991"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0153",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0153"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0156",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0156"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0165",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0165"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0282",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0282"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5162",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5162"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1268303",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1268303"
},
{
"url": "https://launchpad.net/bugs/1449062",
"refsource": "MISC",
"name": "https://launchpad.net/bugs/1449062"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Richard W.M. Jones (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
}

391
2015/5xxx/CVE-2015-5165.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5165",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors."
"value": "An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory."
}
]
},
@ -44,108 +21,280 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Missing Initialization of a Variable",
"cweId": "CWE-456"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.479.el6_7.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:1.5.3-86.el7_1.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.479.el6_7.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.1.2-23.el7_1.8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.1.2-23.el7_1.8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.1.2-23.el7_1.8",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.479.el6_7.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-7",
"version": {
"version_data": [
{
"version_value": "10:2.1.2-23.el7_1.8",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1674",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1674.html"
},
{
"name": "1033176",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033176"
},
{
"name": "SUSE-SU-2015:1643",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html"
},
{
"name": "DSA-3348",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3348"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "http://support.citrix.com/article/CTX201717",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX201717"
},
{
"name": "RHSA-2015:1683",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1683.html"
},
{
"name": "RHSA-2015:1793",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1793.html"
},
{
"name": "DSA-3349",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3349"
},
{
"name": "FEDORA-2015-15944",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html"
},
{
"name": "FEDORA-2015-14361",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html"
},
{
"name": "RHSA-2015:1833",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1833.html"
},
{
"name": "FEDORA-2015-15946",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html"
},
{
"name": "SUSE-SU-2015:1421",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html"
},
{
"name": "RHSA-2015:1740",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1740.html"
},
{
"name": "RHSA-2015:1739",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1739.html"
},
{
"name": "76153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76153"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-140.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-140.html"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html"
},
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13",
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html"
},
{
"url": "http://www.debian.org/security/2015/dsa-3348",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3348"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1674.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1674.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1683.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1683.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1739.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1739.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1740.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1740.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1793.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1793.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1833.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1833.html"
},
{
"url": "http://support.citrix.com/article/CTX201717",
"refsource": "MISC",
"name": "http://support.citrix.com/article/CTX201717"
},
{
"url": "http://www.debian.org/security/2015/dsa-3349",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3349"
},
{
"url": "http://www.securityfocus.com/bid/76153",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/76153"
},
{
"url": "http://www.securitytracker.com/id/1033176",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1033176"
},
{
"url": "http://xenbits.xen.org/xsa/advisory-140.html",
"refsource": "MISC",
"name": "http://xenbits.xen.org/xsa/advisory-140.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1674",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1674"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1683",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1683"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1718",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1718"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1739",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1739"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1740",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1740"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1793",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1793"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1833",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1833"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5165",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5165"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248760",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1248760"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
]
}

88
2015/5xxx/CVE-2015-5201.json
View File

@ -1,17 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5201",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors."
"value": "CVE-2015-5201 RHEV: vdsm spice disable-ticketing and VM suspend and restore allows auth bypass"
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Weak Authentication"
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
@ -31,15 +32,31 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "RedHat",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Enterprise Virtualization Hypervisor (aka RHEV-H)",
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
"version": {
"version_data": [
{
"version_value": "7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0"
"version_value": "0:6.7-20151123.0.el6ev",
"version_affected": "!"
},
{
"version_value": "0:7.2-20151129.1.el6ev",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-7",
"version": {
"version_data": [
{
"version_value": "0:7.2-20151129.1.el7ev",
"version_affected": "!"
}
]
}
@ -53,24 +70,59 @@
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHEA-2015:2527",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1253882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1253882"
"name": "https://access.redhat.com/errata/RHEA-2015:2527"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5201",
"refsource": "MISC",
"name": "https://rhn.redhat.com/errata/RHEA-2015-2527.html",
"url": "https://rhn.redhat.com/errata/RHEA-2015-2527.html"
"name": "https://access.redhat.com/security/cve/CVE-2015-5201"
},
{
"url": "https://access.redhat.com/security/cve/cve-2015-5201",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1273144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273144"
"name": "https://access.redhat.com/security/cve/cve-2015-5201"
},
{
"refsource": "CONFIRM",
"name": "https://access.redhat.com/security/cve/cve-2015-5201",
"url": "https://access.redhat.com/security/cve/cve-2015-5201"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1253882",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1253882"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273144",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1273144"
},
{
"url": "https://rhn.redhat.com/errata/RHEA-2015-2527.html",
"refsource": "MISC",
"name": "https://rhn.redhat.com/errata/RHEA-2015-2527.html"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

210
2015/5xxx/CVE-2015-5225.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5225",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface."
"value": "A heap-based buffer overflow issue was found in the QEMU emulator's VNC display driver. It could occur while refreshing the VNC server's display surface using the vnc_refresh_server_surface() routine. A privileged guest user could use this flaw to corrupt the heap memory and crash the QEMU process instance, or to potentially use it to execute arbitrary code on the host."
}
]
},
@ -44,73 +21,176 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.1.2-23.el7_1.9",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.1.2-23.el7_1.9",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.1.2-23.el7_1.9",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-7",
"version": {
"version_data": [
{
"version_value": "10:2.1.2-23.el7_1.9",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[Qemu-deve] 20150915 [ANNOUNCE] QEMU 2.4.0.1 CVE update released",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html"
"url": "https://security.gentoo.org/glsa/201602-01",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201602-01"
},
{
"name": "[Qemu-devel] 20150821 [PATCH] vnc: fix memory corruption (CVE-2015-5225)",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html"
"url": "http://www.debian.org/security/2015/dsa-3348",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3348"
},
{
"name": "RHSA-2015:1837",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1837.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html"
},
{
"name": "FEDORA-2015-14783",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165484.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165484.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165484.html"
},
{
"name": "DSA-3348",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3348"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166798.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166798.html"
},
{
"name": "FEDORA-2015-16368",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1772.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1772.html"
},
{
"name": "RHSA-2015:1772",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1772.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1837.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1837.html"
},
{
"name": "1033547",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033547"
"url": "http://www.openwall.com/lists/oss-security/2015/08/21/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/08/21/6"
},
{
"name": "[oss-security] 20150822 CVE-2015-5225 Qemu: ui: vnc: heap memory corruption issue",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/21/6"
"url": "http://www.securityfocus.com/bid/76506",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/76506"
},
{
"name": "76506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76506"
"url": "http://www.securitytracker.com/id/1033547",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1033547"
},
{
"name": "FEDORA-2015-15364",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166798.html"
"url": "https://access.redhat.com/errata/RHSA-2015:1772",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1772"
},
{
"name": "GLSA-201602-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201602-01"
"url": "https://access.redhat.com/errata/RHSA-2015:1837",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1837"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5225",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5225"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255896",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1255896"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
]
}

210
2015/7xxx/CVE-2015-7512.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7512",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet."
"value": "A buffer overflow flaw was found in the way QEMU's AMD PC-Net II emulation validated certain received packets from a remote host in non-loopback mode. A remote, unprivileged attacker could potentially use this flaw to execute arbitrary code on the host with the privileges of the QEMU process. Note that to exploit this flaw, the guest network interface must have a large MTU limit."
}
]
},
@ -44,73 +21,176 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.479.el6_7.3",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.479.el6_7.3",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.479.el6_7.3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:2694",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2694.html"
"url": "https://security.gentoo.org/glsa/201602-01",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201602-01"
},
{
"name": "[oss-security] 20151130 CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mode",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/11/30/3"
"url": "http://www.debian.org/security/2016/dsa-3469",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
"url": "http://www.debian.org/security/2016/dsa-3470",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3470"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=8b98a2f07175d46c3f7217639bd5e03f",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=8b98a2f07175d46c3f7217639bd5e03f"
"url": "http://www.debian.org/security/2016/dsa-3471",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "DSA-3469",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3469"
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8b98a2f07175d46c3f7217639bd5e03f",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8b98a2f07175d46c3f7217639bd5e03f"
},
{
"name": "DSA-3470",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3470"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2694.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2694.html"
},
{
"name": "78230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78230"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2695.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2695.html"
},
{
"name": "1034527",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034527"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2696.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2696.html"
},
{
"name": "DSA-3471",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3471"
"url": "http://www.openwall.com/lists/oss-security/2015/11/30/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/11/30/3"
},
{
"name": "GLSA-201602-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201602-01"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "RHSA-2015:2696",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2696.html"
"url": "http://www.securityfocus.com/bid/78230",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/78230"
},
{
"name": "RHSA-2015:2695",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2695.html"
"url": "http://www.securitytracker.com/id/1034527",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1034527"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2694",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2694"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2695",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2695"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2696",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2696"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-7512",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-7512"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1285061",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1285061"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Jason Wang (Red Hat) and Ling Liu (Qihoo 360 Inc.)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

230
2016/2xxx/CVE-2016-2117.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2117",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data."
"value": "It was discovered that the atl2_probe() function in the Atheros L2 Ethernet driver in the Linux kernel incorrectly enabled scatter/gather I/O. A remote attacker could use this flaw to obtain potentially sensitive information from the kernel memory."
}
]
},
@ -44,113 +21,188 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.rt56.420.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-514.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-3006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3006-1"
"url": "http://www.debian.org/security/2016/dsa-3607",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
"url": "http://www.ubuntu.com/usn/USN-2989-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2989-1"
},
{
"name": "USN-3004-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3004-1"
"url": "http://www.ubuntu.com/usn/USN-2998-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2998-1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f43bfaeddc79effbf3d0fcb53ca477cca66f3db8",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f43bfaeddc79effbf3d0fcb53ca477cca66f3db8"
"url": "http://www.ubuntu.com/usn/USN-3000-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "USN-3001-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3001-1"
"url": "http://www.ubuntu.com/usn/USN-3001-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
"url": "http://www.ubuntu.com/usn/USN-3002-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-3005-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3005-1"
"url": "http://www.ubuntu.com/usn/USN-3003-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "RHSA-2016:2584",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
"url": "http://www.ubuntu.com/usn/USN-3004-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "RHSA-2016:2574",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
"url": "http://www.ubuntu.com/usn/USN-3005-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"name": "USN-3000-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3000-1"
"url": "http://www.ubuntu.com/usn/USN-3006-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
"url": "http://www.ubuntu.com/usn/USN-3007-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name": "USN-3002-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3002-1"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f43bfaeddc79effbf3d0fcb53ca477cca66f3db8",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f43bfaeddc79effbf3d0fcb53ca477cca66f3db8"
},
{
"name": "84500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84500"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name": "USN-2989-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2989-1"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"name": "USN-3007-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3007-1"
"url": "http://www.openwall.com/lists/oss-security/2016/03/16/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/03/16/7"
},
{
"name": "[oss-security] 20160316 CVE-2016-2117 memory disclosure to ethernet due to unchecked scatter/gather IO",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/16/7"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "USN-3003-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3003-1"
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "USN-2998-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2998-1"
"url": "http://www.securityfocus.com/bid/84500",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/84500"
},
{
"name": "https://github.com/torvalds/linux/commit/f43bfaeddc79effbf3d0fcb53ca477cca66f3db8",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/f43bfaeddc79effbf3d0fcb53ca477cca66f3db8"
"url": "https://access.redhat.com/errata/RHSA-2016:2574",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2574"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1312298",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1312298"
"url": "https://access.redhat.com/errata/RHSA-2016:2584",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2584"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-2117",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-2117"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1312298",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1312298"
},
{
"url": "https://github.com/torvalds/linux/commit/f43bfaeddc79effbf3d0fcb53ca477cca66f3db8",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/f43bfaeddc79effbf3d0fcb53ca477cca66f3db8"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Justin Yackoski (Cryptonite) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
]
}

183
2016/2xxx/CVE-2016-2140.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2140",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk."
"value": "An information-exposure flaw was found in the OpenStack Compute (nova) resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content on the specified device would be leaked to the user. Only setups using libvirt with raw storage and \"use_cow_images = False\" were affected."
}
]
},
@ -44,33 +21,157 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2014.1.5-29.el6ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2014.1.5-29.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2014.2.3-54.2.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2015.1.2-18.2.el7ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/nova/+bug/1548450",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/nova/+bug/1548450"
"url": "http://seclists.org/oss-sec/2016/q1/563",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2016/q1/563"
},
{
"name": "https://security.openstack.org/ossa/OSSA-2016-007.html",
"refsource": "CONFIRM",
"url": "https://security.openstack.org/ossa/OSSA-2016-007.html"
"url": "http://www.openwall.com/lists/oss-security/2016/03/08/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/03/08/6"
},
{
"name": "84277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84277"
"url": "http://www.securityfocus.com/bid/84277",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/84277"
},
{
"name": "[oss-security] 20160308 Re: [OSSA 2016-007] Nova host data leak through resize/migration (CVE-2016-2140)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/08/6"
"url": "https://access.redhat.com/errata/RHSA-2016:0363",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0363"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0364",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0364"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0365",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0365"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0366",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0366"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-2140",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-2140"
},
{
"url": "https://bugs.launchpad.net/nova/+bug/1548450",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/nova/+bug/1548450"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1313454",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1313454"
},
{
"url": "https://security.openstack.org/ossa/OSSA-2016-007.html",
"refsource": "MISC",
"name": "https://security.openstack.org/ossa/OSSA-2016-007.html"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Matthew Booth (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:P/A:P",
"version": "2.0"
}
]
}

657
2016/3xxx/CVE-2016-3112.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3112",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer private keys and escalate privileges by reading /etc/pki/pulp/consumer/consumer-cert, and authenticating as a consumer user."
"value": "It was found that the private key for the agent certificate was contained in a world-readable file. A local user could possibly use this flaw to gain access to the private key information in the file."
}
]
},
@ -44,38 +21,630 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 6.2 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:0.9.54.7-1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.49-1.el6sat",
"version_affected": "!"
},
{
"version_value": "1:1.11.0.9-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.4-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.7.6-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0-10.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.5.0-5.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.0-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0.56-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.1.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.8.3.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.1.1-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.1-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.8.3.5-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.8.6-2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.3-10.el6",
"version_affected": "!"
},
{
"version_value": "0:4.2.1-1.20140510git08b00d9.el6_6sat",
"version_affected": "!"
},
{
"version_value": "0:3.1.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.5.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.30-9.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.30-11.el6",
"version_affected": "!"
},
{
"version_value": "0:0.4-13.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.9-16.el6",
"version_affected": "!"
},
{
"version_value": "0:0.30-5.el6",
"version_affected": "!"
},
{
"version_value": "0:0.30-4.el6",
"version_affected": "!"
},
{
"version_value": "0:0.0.14-2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.6-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.10.0-1.el6_6sat",
"version_affected": "!"
},
{
"version_value": "1:1.3.6-27.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.3-3.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.5-4.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.3.6-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.2.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.2-2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.3-18.el6sat",
"version_affected": "!"
},
{
"version_value": "0:6.2.0-21.1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:6.2.0.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.2.0.9-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.8.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:6.1.0.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:5.0.0.8-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.1.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.3.17-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.10-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.0.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.14.6-3.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.25-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1.11-4.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.0.1-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1.9-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.2.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.5.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.10.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.22.23-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0.68-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.4.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.30.0-7.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.el6sat",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Satellite 6.2 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:0.9.54.7-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.49-1.el7sat",
"version_affected": "!"
},
{
"version_value": "1:1.11.0.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.4-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.7.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0-10.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.5.0-5.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0.56-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.1.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.8-3.el7",
"version_affected": "!"
},
{
"version_value": "0:2016.5-3.atomic.el7",
"version_affected": "!"
},
{
"version_value": "0:2.8.3.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.1.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.1.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.8.3.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.8.6-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.3-10.el7sat",
"version_affected": "!"
},
{
"version_value": "0:4.2.1-1.20140510git08b00d9.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.5.1-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.30-11.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.4-13.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.9-16.el7",
"version_affected": "!"
},
{
"version_value": "0:0.30-5.el7",
"version_affected": "!"
},
{
"version_value": "0:0.30-4.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.14-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.3-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.5-4.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.3.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.2.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.2-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.2.0-21.1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.2.0.11-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.2.0.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.8.11-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.1.0.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.0.0.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.1.11-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.11-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.3.17-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.10-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.0.11-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.14.6-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.25-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1.11-4.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.0.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.2.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.5.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.10.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.22.23-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0.68-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.4.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.30.0-7.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.el7sat",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://pulp.plan.io/issues/1834",
"refsource": "CONFIRM",
"url": "https://pulp.plan.io/issues/1834"
"url": "http://www.openwall.com/lists/oss-security/2016/05/20/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/05/20/1"
},
{
"name": "https://bugzilla.redhat.com/attachment.cgi?id=1146538",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=1146538"
"url": "https://access.redhat.com/errata/RHBA-2016:1501",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2016:1501"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1326242",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326242"
"url": "https://access.redhat.com/security/cve/CVE-2016-3112",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3112"
},
{
"name": "RHBA-2016:1501",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2016:1501"
"url": "https://bugzilla.redhat.com/attachment.cgi?id=1146538",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/attachment.cgi?id=1146538"
},
{
"name": "[oss-security] 20160519 Pulp 2.8.3 Released to address multiple CVEs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/20/1"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326242",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1326242"
},
{
"url": "https://pulp.plan.io/issues/1834",
"refsource": "MISC",
"name": "https://pulp.plan.io/issues/1834"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Jeremy Cline (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
]
}

396
2016/3xxx/CVE-2016-3696.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3696",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key."
"value": "It was found that the private CA key was created in a directory that is world-readable for a small amount of time. A local user could possibly use this flaw to gain access to the private key information in the file."
}
]
},
@ -44,38 +21,369 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 6.3 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2.1.14-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.34-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:201801241201-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.4-1",
"version_affected": "!"
},
{
"version_value": "1:1.15.6.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.4-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5-15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.5.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5.26-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.2.1.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.16-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:4.0.5-4.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.9-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.0-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.2.1-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.4-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.10-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.6.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.0-1.git.0.b5c2768.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.7-2.git.0.3b416c9.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.3.0-23.0.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.3.0.12-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.1.1.4-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:10.0.2.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:9.1.5.3-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.1.0.3-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.14-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.11-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.13-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.7.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.6-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.9.6.4-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.8-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.0.1-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.4.16-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.9-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.0.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.3.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.0.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3.3-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.5-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.12-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.3.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5.58-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.10-1.fm1_15.el7sat",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://docs.pulpproject.org/user-guide/release-notes/2.8.x.html#pulp-2-8-5",
"refsource": "CONFIRM",
"url": "https://docs.pulpproject.org/user-guide/release-notes/2.8.x.html#pulp-2-8-5"
"url": "https://access.redhat.com/errata/RHSA-2018:0336",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0336"
},
{
"name": "RHSA-2018:0336",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0336"
"url": "https://access.redhat.com/security/cve/CVE-2016-3696",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3696"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1328930",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328930"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328930",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1328930"
},
{
"name": "https://pulp.plan.io/issues/1854",
"refsource": "CONFIRM",
"url": "https://pulp.plan.io/issues/1854"
"url": "https://docs.pulpproject.org/user-guide/release-notes/2.8.x.html#pulp-2-8-5",
"refsource": "MISC",
"name": "https://docs.pulpproject.org/user-guide/release-notes/2.8.x.html#pulp-2-8-5"
},
{
"name": "FEDORA-2016-4373f7d32a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YM2LCC7QBRCK4LTN5EZT5OHTVAR3MYTY/"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YM2LCC7QBRCK4LTN5EZT5OHTVAR3MYTY/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YM2LCC7QBRCK4LTN5EZT5OHTVAR3MYTY/"
},
{
"url": "https://pulp.plan.io/issues/1854",
"refsource": "MISC",
"name": "https://pulp.plan.io/issues/1854"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Sander Bos for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 1.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
]
}

125
2016/4xxx/CVE-2016-4443.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4443",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file."
"value": "A flaw was found in RHEV Manager, where it wrote sensitive data to the engine-setup log file. A local attacker could exploit this flaw to view sensitive information such as encryption keys and certificates (which could then be used to steal other sensitive information such as passwords)."
}
]
},
@ -44,33 +21,99 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Insertion of Sensitive Information into Log File",
"cweId": "CWE-532"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "RHEV Manager version 3.6",
"version": {
"version_data": [
{
"version_value": "0:3.6.9.2-1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "92751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92751"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1929.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1929.html"
},
{
"name": "1036863",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036863"
"url": "http://www.securityfocus.com/bid/92751",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92751"
},
{
"name": "RHSA-2016:1929",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1929.html"
"url": "http://www.securitytracker.com/id/1036863",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1036863"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1335106",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335106"
"url": "https://access.redhat.com/errata/RHSA-2016:1929",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1929"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-4443",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-4443"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335106",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1335106"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Simone Tiraboschi (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
]
}

156
2016/5xxx/CVE-2016-5402.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5402",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "cfme",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,50 +15,123 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
[
{
"vectorString": "8.5/AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94"
"value": "Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "CloudForms Management Engine 5.6",
"version": {
"version_data": [
{
"version_value": "0:5.6.3.3-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.5.1-2.el7cf",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5402",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5402"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2839.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2839.html"
},
{
"name": "94612",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94612"
"url": "http://www.securityfocus.com/bid/94612",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94612"
},
{
"name": "RHSA-2016:2839",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2839.html"
"url": "https://access.redhat.com/errata/RHSA-2016:2839",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2839"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-5402",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-5402"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1357559",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1357559"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5402",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5402"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Simon Lukasik (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}

185
2016/5xxx/CVE-2016-5404.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5404",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cert_revoke command in FreeIPA does not check for the \"revoke certificate\" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the \"retrieve certificate\" permission."
"value": "An insufficient permission check issue was found in the way IPA server treats certificate revocation requests. An attacker logged in with the 'retrieve certificate' permission enabled could use this flaw to revoke certificates, possibly triggering a denial of service attack."
}
]
},
@ -44,58 +21,154 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:3.0.0-50.el6_8.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:4.2.0-15.el7_2.19",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fd",
"refsource": "CONFIRM",
"url": "https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fd"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1797.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1797.html"
},
{
"name": "FEDORA-2016-f56c765d67",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S5OROLKFSY5QRQS7NGBNDP5QMOBV3XMZ/"
"url": "http://www.openwall.com/lists/oss-security/2016/08/17/9",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/08/17/9"
},
{
"name": "92525",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92525"
"url": "http://www.securityfocus.com/bid/92525",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92525"
},
{
"name": "[oss-security] 20160817 CVE-2016-5404 freeipa: Insufficient privileges check in certificate revocation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/17/9"
"url": "https://access.redhat.com/errata/RHSA-2016:1797",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1797"
},
{
"name": "FEDORA-2016-92a3655b70",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3PZ2ZQTMGC2UBRNHXVVOY3PJDOBP4CP4/"
"url": "https://access.redhat.com/security/cve/CVE-2016-5404",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-5404"
},
{
"name": "FEDORA-2016-7898627d08",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VQDYWANTMDFZP3HTGSEOA2IONVUITYX5/"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1351593",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1351593"
},
{
"name": "RHSA-2016:1797",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1797.html"
"url": "https://fedorahosted.org/freeipa/ticket/6232",
"refsource": "MISC",
"name": "https://fedorahosted.org/freeipa/ticket/6232"
},
{
"name": "https://fedorahosted.org/freeipa/ticket/6232",
"refsource": "CONFIRM",
"url": "https://fedorahosted.org/freeipa/ticket/6232"
"url": "https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fd",
"refsource": "MISC",
"name": "https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fd"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3PZ2ZQTMGC2UBRNHXVVOY3PJDOBP4CP4/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3PZ2ZQTMGC2UBRNHXVVOY3PJDOBP4CP4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5OROLKFSY5QRQS7NGBNDP5QMOBV3XMZ/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5OROLKFSY5QRQS7NGBNDP5QMOBV3XMZ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQDYWANTMDFZP3HTGSEOA2IONVUITYX5/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQDYWANTMDFZP3HTGSEOA2IONVUITYX5/"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Fraser Tweedale (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
}

155
2016/5xxx/CVE-2016-5405.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5405",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords."
"value": "It was found that 389 Directory Server was vulnerable to a remote password disclosure via timing attack. A remote attacker could possibly use this flaw to retrieve directory server password after many tries."
}
]
},
@ -44,33 +21,129 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Covert Timing Channel",
"cweId": "CWE-385"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:1.2.11.15-84.el6_8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.3.5.10-11.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1358865",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358865"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2594.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2594.html"
},
{
"name": "RHSA-2016:2594",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2594.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2765.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2765.html"
},
{
"name": "RHSA-2016:2765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2765.html"
"url": "http://www.securityfocus.com/bid/93884",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/93884"
},
{
"name": "93884",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93884"
"url": "https://access.redhat.com/errata/RHSA-2016:2594",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2594"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2765",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2765"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-5405",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-5405"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358865",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1358865"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by William Brown (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
]
}

166
2016/6xxx/CVE-2016-6327.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-6327",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation."
"value": "System using the infiniband support module ib_srpt were vulnerable to a denial of service by system crash by a local attacker who is able to abort writes to a device using this initiator."
}
]
},
@ -44,53 +21,136 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.rt56.420.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-514.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2584",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
},
{
"name": "RHSA-2016:2574",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51093254bf879bc9ce96590400a87897c7498463",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51093254bf879bc9ce96590400a87897c7498463"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"name": "https://github.com/torvalds/linux/commit/51093254bf879bc9ce96590400a87897c7498463",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/51093254bf879bc9ce96590400a87897c7498463"
"url": "https://access.redhat.com/errata/RHSA-2016:2574",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2574"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
"url": "https://access.redhat.com/errata/RHSA-2016:2584",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2584"
},
{
"name": "92549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92549"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51093254bf879bc9ce96590400a87897c7498463",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51093254bf879bc9ce96590400a87897c7498463"
},
{
"name": "[oss-security] 20160819 Re: CVE-2016-6327 | Linux kernel crash in infiniband subsystem.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/19/5"
"url": "http://www.openwall.com/lists/oss-security/2016/08/19/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/08/19/5"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1354525",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1354525"
"url": "http://www.securityfocus.com/bid/92549",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92549"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-6327",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-6327"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1354525",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1354525"
},
{
"url": "https://github.com/torvalds/linux/commit/51093254bf879bc9ce96590400a87897c7498463",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/51093254bf879bc9ce96590400a87897c7498463"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.7,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

128
2016/6xxx/CVE-2016-6338.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-6338",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries."
"value": "It was discovered that the ovirt-engine webadmin session would not properly enforce timeouts. Browser sessions would remain logged in beyond the administratively configured session timeout period."
}
]
},
@ -44,28 +21,103 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Virtualization Engine 4.1",
"version": {
"version_data": [
{
"version_value": "0:4.1.8.2-1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "92666",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92666"
"url": "http://www.securityfocus.com/bid/92666",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92666"
},
{
"name": "RHSA-2017:3427",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3427"
"url": "https://access.redhat.com/errata/RHSA-2017:3427",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3427"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369285",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369285"
"url": "https://access.redhat.com/security/cve/CVE-2016-6338",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-6338"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369285",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369285"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Greg Sheremeta (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.7,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
}

416
2016/8xxx/CVE-2016-8613.json
View File

@ -1,92 +1,394 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8613",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "foreman",
"version": {
"version_data": [
{
"version_value": "1.5.1"
}
]
}
}
]
},
"vendor_name": "The Foreman Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. The output of the job is stored, making this a stored XSS vulnerability."
"value": "CVE-2016-8613 foreman: Stored XSS vulnerability in remote execution plugin"
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
[
{
"vectorString": "4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 6.3 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2.1.14-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.34-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:201801241201-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.4-1",
"version_affected": "!"
},
{
"version_value": "1:1.15.6.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.4-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5-15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.5.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5.26-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.2.1.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.16-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:4.0.5-4.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.9-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.0-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.2.1-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.4-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.10-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.6.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.0-1.git.0.b5c2768.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.7-2.git.0.3b416c9.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.3.0-23.0.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.3.0.12-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.1.1.4-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:10.0.2.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:9.1.5.3-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.1.0.3-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.14-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.11-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.13-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.7.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.6-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.9.6.4-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.8-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.0.1-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.4.16-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.9-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.0.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.3.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.0.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3.3-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.5-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.12-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.3.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5.58-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.10-1.fm1_15.el7sat",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://projects.theforeman.org/issues/17066/",
"refsource": "CONFIRM",
"url": "https://projects.theforeman.org/issues/17066/"
"url": "https://access.redhat.com/errata/RHSA-2018:0336",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0336"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8613",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8613"
"url": "http://www.securityfocus.com/bid/93859",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/93859"
},
{
"name": "93859",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93859"
"url": "https://access.redhat.com/security/cve/CVE-2016-8613",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8613"
},
{
"name": "https://github.com/theforeman/foreman_remote_execution/pull/208",
"refsource": "CONFIRM",
"url": "https://github.com/theforeman/foreman_remote_execution/pull/208"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1387232",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1387232"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8613",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8613"
},
{
"url": "https://github.com/theforeman/foreman_remote_execution/pull/208",
"refsource": "MISC",
"name": "https://github.com/theforeman/foreman_remote_execution/pull/208"
},
{
"url": "https://projects.theforeman.org/issues/17066/",
"refsource": "MISC",
"name": "https://projects.theforeman.org/issues/17066/"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Sanket Jagtap (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
]
}

198
2016/9xxx/CVE-2016-9579.json
View File

@ -1,107 +1,173 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9579",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ceph",
"version": {
"version_data": [
{
"version_value": "1.3 and 2"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected."
"value": "A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
[
{
"vectorString": "5/AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Ceph Storage 1.3 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "1:0.94.9-9.el7cp",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "1:10.2.3-17.el7cp",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2954",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2954.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2954.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2954.html"
},
{
"name": "RHSA-2016:2995",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2995.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2956.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2956.html"
},
{
"name": "94936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94936"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2994.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2994.html"
},
{
"name": "RHSA-2016:2994",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2994.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2995.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2995.html"
},
{
"name": "http://tracker.ceph.com/issues/18187",
"refsource": "CONFIRM",
"url": "http://tracker.ceph.com/issues/18187"
"url": "http://tracker.ceph.com/issues/18187",
"refsource": "MISC",
"name": "http://tracker.ceph.com/issues/18187"
},
{
"name": "RHSA-2016:2956",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2956.html"
"url": "http://www.securityfocus.com/bid/94936",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94936"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9579",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9579"
"url": "https://access.redhat.com/errata/RHSA-2016:2954",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2954"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2956",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2956"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2994",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2994"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2995",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2995"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-9579",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-9579"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403245",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1403245"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9579",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9579"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

217
2016/9xxx/CVE-2016-9921.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9921",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS."
"value": "CVE-2016-9921 CVE-2016-9922 Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy"
}
]
},
@ -44,43 +21,189 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Divide By Zero",
"cweId": "CWE-369"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 11.0 (Ocata)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-14.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
"url": "http://www.openwall.com/lists/oss-security/2016/12/09/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/12/09/1"
},
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
"url": "http://www.securityfocus.com/bid/94803",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94803"
},
{
"name": "GLSA-201701-49",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-49"
"url": "https://access.redhat.com/errata/RHSA-2017:2392",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "94803",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94803"
"url": "https://access.redhat.com/errata/RHSA-2017:2408",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334398",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1334398"
},
{
"name": "[oss-security] 20161209 Re: CVE request Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/09/1"
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-9921",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-9921"
},
{
"url": "https://security.gentoo.org/glsa/201701-49",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201701-49"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jiangxin (Huawei Inc.), Li Qiang (Qihoo 360), and Qinghao Tang (Qihoo 360) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
]
}