diff --git a/2017/12xxx/CVE-2017-12150.json b/2017/12xxx/CVE-2017-12150.json index 2a31abe19f4..c0055a1a423 100644 --- a/2017/12xxx/CVE-2017-12150.json +++ b/2017/12xxx/CVE-2017-12150.json @@ -86,11 +86,6 @@ "refsource" : "CONFIRM", "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03775en_us" }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbux03817en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbux03817en_us" - }, { "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us", "refsource" : "CONFIRM", diff --git a/2017/12xxx/CVE-2017-12163.json b/2017/12xxx/CVE-2017-12163.json index 6d9cc52f9c9..d0a556e066e 100644 --- a/2017/12xxx/CVE-2017-12163.json +++ b/2017/12xxx/CVE-2017-12163.json @@ -86,11 +86,6 @@ "refsource" : "CONFIRM", "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03775en_us" }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbux03817en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbux03817en_us" - }, { "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us", "refsource" : "CONFIRM", diff --git a/2017/7xxx/CVE-2017-7514.json b/2017/7xxx/CVE-2017-7514.json index 5a29b094d1c..e02ba2ab595 100644 --- a/2017/7xxx/CVE-2017-7514.json +++ b/2017/7xxx/CVE-2017-7514.json @@ -1,71 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2017-7514", - "ASSIGNER": "sfowler@redhat.com" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Red Hat", - "product": { - "product_data": [ - { - "product_name": "Red Hat Satellite", - "version": { - "version_data": [ - { - "version_value": "5.8.0" - } - ] - } - } - ] - } - } + "CVE_data_meta" : { + "ASSIGNER" : "sfowler@redhat.com", + "ID" : "CVE-2017-7514", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Red Hat Satellite", + "version" : { + "version_data" : [ + { + "version_value" : "5.8.0" + } + ] + } + } + ] + }, + "vendor_name" : "Red Hat" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users." + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version" : "3.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-79" + } ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7514", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7514", - "refsource": "CONFIRM" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users." - } - ] - }, - "impact": { - "cvss": [ - [ - { - "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "version": "3.0" - } - ] - ] - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7514", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7514" + } + ] + } } diff --git a/2017/7xxx/CVE-2017-7518.json b/2017/7xxx/CVE-2017-7518.json index 865329add89..1650d404296 100644 --- a/2017/7xxx/CVE-2017-7518.json +++ b/2017/7xxx/CVE-2017-7518.json @@ -1,77 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2017-7518", - "ASSIGNER": "sfowler@redhat.com" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "[UNKNOWN]", - "product": { - "product_data": [ - { - "product_name": "Kernel:", - "version": { - "version_data": [ - { - "version_value": "4.12" - } - ] - } - } - ] - } - } + "CVE_data_meta" : { + "ASSIGNER" : "sfowler@redhat.com", + "ID" : "CVE-2017-7518", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Kernel:", + "version" : { + "version_data" : [ + { + "version_value" : "4.12" + } + ] + } + } + ] + }, + "vendor_name" : "[UNKNOWN]" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this." + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "5.5/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version" : "3.0" + } + ], + [ + { + "vectorString" : "5.4/AV:A/AC:M/Au:N/C:P/I:P/A:P", + "version" : "2.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-250" + } ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-250" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518", - "refsource": "CONFIRM" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this." - } - ] - }, - "impact": { - "cvss": [ - [ - { - "vectorString": "5.5/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "version": "3.0" - } - ], - [ - { - "vectorString": "5.4/AV:A/AC:M/Au:N/C:P/I:P/A:P", - "version": "2.0" - } - ] - ] - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "[kvm] 20170622 [PATCH] KVM: x86: fix singlestepping over syscall", + "refsource" : "MLIST", + "url" : "https://www.spinics.net/lists/kvm/msg151817.html" + }, + { + "name" : "[oss-security] 20170623 CVE-2017-7518 Kernel: KVM: debug exception via syscall emulation", + "refsource" : "MLIST", + "url" : "http://www.openwall.com/lists/oss-security/2017/06/23/5" + }, + { + "name" : "https://access.redhat.com/articles/3290921", + "refsource" : "CONFIRM", + "url" : "https://access.redhat.com/articles/3290921" + }, + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518" + } + ] + } }