admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-02 16:01:24 +00:00
parent 908b8d9fd7
commit 6a8d3b8eb2
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
29 changed files with 7184 additions and 2534 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

490
2007/2xxx/CVE-2007-2754.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-2754",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow."
"value": "CVE-2007-2754 freetype integer overflow"
}
]
},
@ -44,313 +21,408 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Integer Overflow or Wraparound",
"cweId": "CWE-190"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 2.1",
"version": {
"version_data": [
{
"version_value": "0:2.0.3-10.el21",
"version_affected": "!"
},
{
"version_value": "0:2.0.3-17.el21",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 3",
"version": {
"version_data": [
{
"version_value": "0:2.1.4-7.el3",
"version_affected": "!"
},
{
"version_value": "0:2.1.4-12.el3",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 4",
"version": {
"version_data": [
{
"version_value": "0:2.1.9-6.el4",
"version_affected": "!"
},
{
"version_value": "0:2.1.9-10.el4.7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.2.1-19.el5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2229",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2229"
"url": "http://secunia.com/advisories/35200",
"refsource": "MISC",
"name": "http://secunia.com/advisories/35200"
},
{
"name": "26129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26129"
"url": "http://secunia.com/advisories/35204",
"refsource": "MISC",
"name": "http://secunia.com/advisories/35204"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-330.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-330.htm"
"url": "http://secunia.com/advisories/35233",
"refsource": "MISC",
"name": "http://secunia.com/advisories/35233"
},
{
"name": "25612",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25612"
"url": "http://www.redhat.com/support/errata/RHSA-2009-0329.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2009-0329.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-1390",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1390"
"url": "http://www.redhat.com/support/errata/RHSA-2009-1062.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2009-1062.html"
},
{
"name": "ADV-2008-0049",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0049"
"url": "https://access.redhat.com/errata/RHSA-2009:0329",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2009:0329"
},
{
"name": "25894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25894"
"url": "https://access.redhat.com/errata/RHSA-2009:1062",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2009:1062"
},
{
"name": "DSA-1334",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1334"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=502565",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=502565"
},
{
"name": "25386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25386"
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html",
"refsource": "MISC",
"name": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html"
},
{
"name": "28298",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28298"
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html",
"refsource": "MISC",
"name": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html"
},
{
"name": "103171",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103171-1"
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "25705",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25705"
"url": "http://secunia.com/advisories/35074",
"refsource": "MISC",
"name": "http://secunia.com/advisories/35074"
},
{
"name": "http://support.apple.com/kb/HT3549",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3549"
"url": "http://support.apple.com/kb/HT3549",
"refsource": "MISC",
"name": "http://support.apple.com/kb/HT3549"
},
{
"name": "http://cvs.savannah.nongnu.org/viewvc/freetype2/src/truetype/ttgload.c?root=freetype&r1=1.177&r2=1.178",
"refsource": "CONFIRM",
"url": "http://cvs.savannah.nongnu.org/viewvc/freetype2/src/truetype/ttgload.c?root=freetype&r1=1.177&r2=1.178"
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html",
"refsource": "MISC",
"name": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "DSA-1302",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1302"
"url": "http://www.vupen.com/english/advisories/2009/1297",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "36509",
"refsource": "OSVDB",
"url": "http://osvdb.org/36509"
"url": "http://secunia.com/advisories/30161",
"refsource": "MISC",
"name": "http://secunia.com/advisories/30161"
},
{
"name": "SUSE-SA:2007:041",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_41_freetype2.html"
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml",
"refsource": "MISC",
"name": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"name": "FEDORA-2009-5644",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html"
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc",
"refsource": "MISC",
"name": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
},
{
"name": "35074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35074"
"url": "http://secunia.com/advisories/25894",
"refsource": "MISC",
"name": "http://secunia.com/advisories/25894"
},
{
"name": "26305",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26305"
"url": "http://cvs.savannah.nongnu.org/viewvc/freetype2/src/truetype/ttgload.c?root=freetype&r1=1.177&r2=1.178",
"refsource": "MISC",
"name": "http://cvs.savannah.nongnu.org/viewvc/freetype2/src/truetype/ttgload.c?root=freetype&r1=1.177&r2=1.178"
},
{
"name": "20070613 FLEA-2007-0025-1: openoffice.org",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471286/30/6180/threaded"
"url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"
},
{
"name": "FEDORA-2009-5558",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html"
"url": "http://lists.gnu.org/archive/html/freetype-devel/2007-04/msg00041.html",
"refsource": "MISC",
"name": "http://lists.gnu.org/archive/html/freetype-devel/2007-04/msg00041.html"
},
{
"name": "24074",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24074"
"url": "http://osvdb.org/36509",
"refsource": "MISC",
"name": "http://osvdb.org/36509"
},
{
"name": "RHSA-2009:1062",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1062.html"
"url": "http://secunia.com/advisories/25350",
"refsource": "MISC",
"name": "http://secunia.com/advisories/25350"
},
{
"name": "APPLE-SA-2009-05-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
"url": "http://secunia.com/advisories/25353",
"refsource": "MISC",
"name": "http://secunia.com/advisories/25353"
},
{
"name": "25463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25463"
"url": "http://secunia.com/advisories/25386",
"refsource": "MISC",
"name": "http://secunia.com/advisories/25386"
},
{
"name": "MDKSA-2007:121",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:121"
"url": "http://secunia.com/advisories/25463",
"refsource": "MISC",
"name": "http://secunia.com/advisories/25463"
},
{
"name": "200033",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200033-1"
"url": "http://secunia.com/advisories/25483",
"refsource": "MISC",
"name": "http://secunia.com/advisories/25483"
},
{
"name": "RHSA-2007:0403",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0403.html"
"url": "http://secunia.com/advisories/25609",
"refsource": "MISC",
"name": "http://secunia.com/advisories/25609"
},
{
"name": "APPLE-SA-2007-11-14",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"
"url": "http://secunia.com/advisories/25612",
"refsource": "MISC",
"name": "http://secunia.com/advisories/25612"
},
{
"name": "25353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25353"
"url": "http://secunia.com/advisories/25654",
"refsource": "MISC",
"name": "http://secunia.com/advisories/25654"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240200",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240200"
"url": "http://secunia.com/advisories/25705",
"refsource": "MISC",
"name": "http://secunia.com/advisories/25705"
},
{
"name": "30161",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30161"
"url": "http://secunia.com/advisories/25808",
"refsource": "MISC",
"name": "http://secunia.com/advisories/25808"
},
{
"name": "GLSA-200805-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
"url": "http://secunia.com/advisories/25905",
"refsource": "MISC",
"name": "http://secunia.com/advisories/25905"
},
{
"name": "GLSA-200707-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200707-02.xml"
"url": "http://secunia.com/advisories/26129",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26129"
},
{
"name": "2007-0019",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0019/"
"url": "http://secunia.com/advisories/26305",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26305"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=502565",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=502565"
"url": "http://secunia.com/advisories/28298",
"refsource": "MISC",
"name": "http://secunia.com/advisories/28298"
},
{
"name": "OpenPKG-SA-2007.018",
"refsource": "OPENPKG",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.018.html"
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102967-1",
"refsource": "MISC",
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102967-1"
},
{
"name": "102967",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102967-1"
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103171-1",
"refsource": "MISC",
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103171-1"
},
{
"name": "[ft-devel] 20070427 Bug in fuzzed TTF file",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/freetype-devel/2007-04/msg00041.html"
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200033-1",
"refsource": "MISC",
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200033-1"
},
{
"name": "TA09-133A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-330.htm",
"refsource": "MISC",
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-330.htm"
},
{
"name": "25808",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25808"
"url": "http://www.debian.org/security/2007/dsa-1302",
"refsource": "MISC",
"name": "http://www.debian.org/security/2007/dsa-1302"
},
{
"name": "GLSA-200705-22",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200705-22.xml"
"url": "http://www.debian.org/security/2007/dsa-1334",
"refsource": "MISC",
"name": "http://www.debian.org/security/2007/dsa-1334"
},
{
"name": "oval:org.mitre.oval:def:5532",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5532"
"url": "http://www.gentoo.org/security/en/glsa/glsa-200705-22.xml",
"refsource": "MISC",
"name": "http://www.gentoo.org/security/en/glsa/glsa-200705-22.xml"
},
{
"name": "ADV-2009-1297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1297"
"url": "http://www.gentoo.org/security/en/glsa/glsa-200707-02.xml",
"refsource": "MISC",
"name": "http://www.gentoo.org/security/en/glsa/glsa-200707-02.xml"
},
{
"name": "25609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25609"
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:121",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:121"
},
{
"name": "35233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35233"
"url": "http://www.novell.com/linux/security/advisories/2007_41_freetype2.html",
"refsource": "MISC",
"name": "http://www.novell.com/linux/security/advisories/2007_41_freetype2.html"
},
{
"name": "oval:org.mitre.oval:def:11325",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11325"
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.018.html",
"refsource": "MISC",
"name": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.018.html"
},
{
"name": "35200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35200"
"url": "http://www.redhat.com/support/errata/RHSA-2007-0403.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2007-0403.html"
},
{
"name": "25350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25350"
"url": "http://www.securityfocus.com/archive/1/469463/100/200/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/469463/100/200/threaded"
},
{
"name": "20070602-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
"url": "http://www.securityfocus.com/archive/1/471286/30/6180/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/471286/30/6180/threaded"
},
{
"name": "USN-466-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-466-1"
"url": "http://www.securityfocus.com/bid/24074",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/24074"
},
{
"name": "ADV-2007-1894",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1894"
"url": "http://www.securitytracker.com/id?1018088",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1018088"
},
{
"name": "RHSA-2009:0329",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0329.html"
"url": "http://www.trustix.org/errata/2007/0019/",
"refsource": "MISC",
"name": "http://www.trustix.org/errata/2007/0019/"
},
{
"name": "25905",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25905"
"url": "http://www.ubuntu.com/usn/usn-466-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/usn-466-1"
},
{
"name": "35204",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35204"
"url": "http://www.vupen.com/english/advisories/2007/1894",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2007/1894"
},
{
"name": "25654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25654"
"url": "http://www.vupen.com/english/advisories/2007/2229",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2007/2229"
},
{
"name": "25483",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25483"
"url": "http://www.vupen.com/english/advisories/2008/0049",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2008/0049"
},
{
"name": "1018088",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018088"
"url": "https://access.redhat.com/errata/RHSA-2007:0403",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2007:0403"
},
{
"name": "20070524 FLEA-2007-0020-1: freetype",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/469463/100/200/threaded"
"url": "https://access.redhat.com/security/cve/CVE-2007-2754",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2007-2754"
},
{
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240200",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240200"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=240200",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=240200"
},
{
"url": "https://issues.rpath.com/browse/RPL-1390",
"refsource": "MISC",
"name": "https://issues.rpath.com/browse/RPL-1390"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11325",
"refsource": "MISC",
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11325"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5532",
"refsource": "MISC",
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5532"
}
]
}

492
2007/2xxx/CVE-2007-2872.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-2872",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments."
"value": "CVE-2007-2872 php chunk_split integer overflow"
}
]
},
@ -44,318 +21,391 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Integer Overflow or Wraparound",
"cweId": "CWE-190"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 2.1",
"version": {
"version_data": [
{
"version_value": "0:4.1.2-2.19",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 3",
"version": {
"version_data": [
{
"version_value": "0:4.3.2-43.ent",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 4",
"version": {
"version_data": [
{
"version_value": "0:4.3.9-3.22.9",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:5.1.6-15.el5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "26231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26231"
},
{
"name": "https://launchpad.net/bugs/173043",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/173043"
},
{
"name": "27110",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27110"
},
{
"name": "RHSA-2007:0888",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0888.html"
},
{
"name": "26048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26048"
},
{
"name": "http://www.sec-consult.com/291.html",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795",
"refsource": "MISC",
"url": "http://www.sec-consult.com/291.html"
"name": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
},
{
"name": "SUSE-SA:2008:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
"url": "http://secunia.com/advisories/27037",
"refsource": "MISC",
"name": "http://secunia.com/advisories/27037"
},
{
"name": "OpenPKG-SA-2007.020",
"refsource": "OPENPKG",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.020.html"
"url": "http://www.vupen.com/english/advisories/2007/3386",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2007/3386"
},
{
"name": "28750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28750"
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"name": "ADV-2008-0059",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0059"
"url": "http://secunia.com/advisories/28658",
"refsource": "MISC",
"name": "http://secunia.com/advisories/28658"
},
{
"name": "28658",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28658"
"url": "http://secunia.com/advisories/26231",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26231"
},
{
"name": "FEDORA-2007-709",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html"
"url": "http://www.trustix.org/errata/2007/0023/",
"refsource": "MISC",
"name": "http://www.trustix.org/errata/2007/0023/"
},
{
"name": "26967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26967"
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html"
},
{
"name": "27351",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27351"
"url": "http://secunia.com/advisories/26048",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26048"
},
{
"name": "php-chunksplit-security-bypass(39398)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39398"
"url": "http://secunia.com/advisories/27377",
"refsource": "MISC",
"name": "http://secunia.com/advisories/27377"
},
{
"name": "GLSA-200710-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"
"url": "https://issues.rpath.com/browse/RPL-1693",
"refsource": "MISC",
"name": "https://issues.rpath.com/browse/RPL-1693"
},
{
"name": "27864",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27864"
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501",
"refsource": "MISC",
"name": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"
},
{
"name": "http://www.php.net/releases/4_4_8.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/releases/4_4_8.php"
"url": "http://osvdb.org/36083",
"refsource": "MISC",
"name": "http://osvdb.org/36083"
},
{
"name": "1018186",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018186"
"url": "http://rhn.redhat.com/errata/RHSA-2007-0889.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2007-0889.html"
},
{
"name": "SSA:2008-045-03",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136"
"url": "http://secunia.com/advisories/25456",
"refsource": "MISC",
"name": "http://secunia.com/advisories/25456"
},
{
"name": "30040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30040"
"url": "http://secunia.com/advisories/25535",
"refsource": "MISC",
"name": "http://secunia.com/advisories/25535"
},
{
"name": "ADV-2008-0398",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0398"
"url": "http://secunia.com/advisories/26838",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26838"
},
{
"name": "36083",
"refsource": "OSVDB",
"url": "http://osvdb.org/36083"
"url": "http://secunia.com/advisories/26871",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26871"
},
{
"name": "28936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28936"
"url": "http://secunia.com/advisories/26895",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26895"
},
{
"name": "26930",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26930"
"url": "http://secunia.com/advisories/26930",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26930"
},
{
"name": "FEDORA-2007-2215",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html"
"url": "http://secunia.com/advisories/26967",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26967"
},
{
"name": "25456",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25456"
"url": "http://secunia.com/advisories/27102",
"refsource": "MISC",
"name": "http://secunia.com/advisories/27102"
},
{
"name": "RHSA-2007:0889",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2007-0889.html"
"url": "http://secunia.com/advisories/27110",
"refsource": "MISC",
"name": "http://secunia.com/advisories/27110"
},
{
"name": "2007-0023",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0023/"
"url": "http://secunia.com/advisories/27351",
"refsource": "MISC",
"name": "http://secunia.com/advisories/27351"
},
{
"name": "USN-549-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/549-1/"
"url": "http://secunia.com/advisories/27545",
"refsource": "MISC",
"name": "http://secunia.com/advisories/27545"
},
{
"name": "https://issues.rpath.com/browse/RPL-1693",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1693"
"url": "http://secunia.com/advisories/27864",
"refsource": "MISC",
"name": "http://secunia.com/advisories/27864"
},
{
"name": "ADV-2007-3386",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3386"
"url": "http://secunia.com/advisories/28318",
"refsource": "MISC",
"name": "http://secunia.com/advisories/28318"
},
{
"name": "SSRT080056",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/491693/100/0/threaded"
"url": "http://secunia.com/advisories/28750",
"refsource": "MISC",
"name": "http://secunia.com/advisories/28750"
},
{
"name": "27037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27037"
"url": "http://secunia.com/advisories/28936",
"refsource": "MISC",
"name": "http://secunia.com/advisories/28936"
},
{
"name": "ADV-2007-2061",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2061"
"url": "http://secunia.com/advisories/30040",
"refsource": "MISC",
"name": "http://secunia.com/advisories/30040"
},
{
"name": "https://issues.rpath.com/browse/RPL-1702",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1702"
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863",
"refsource": "MISC",
"name": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863"
},
{
"name": "27545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27545"
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136",
"refsource": "MISC",
"name": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm"
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm",
"refsource": "MISC",
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm"
},
{
"name": "SSA:2007-152-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863"
"url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml",
"refsource": "MISC",
"name": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"
},
{
"name": "26838",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26838"
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:187",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:187"
},
{
"name": "http://www.php.net/releases/5_2_3.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/releases/5_2_3.php"
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.020.html",
"refsource": "MISC",
"name": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.020.html"
},
{
"name": "SSRT071447",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
"url": "http://www.php.net/ChangeLog-4.php",
"refsource": "MISC",
"name": "http://www.php.net/ChangeLog-4.php"
},
{
"name": "27377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27377"
"url": "http://www.php.net/releases/4_4_8.php",
"refsource": "MISC",
"name": "http://www.php.net/releases/4_4_8.php"
},
{
"name": "HPSBUX02332",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/491693/100/0/threaded"
"url": "http://www.php.net/releases/5_2_3.php",
"refsource": "MISC",
"name": "http://www.php.net/releases/5_2_3.php"
},
{
"name": "HPSBUX02262",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
"url": "http://www.redhat.com/support/errata/RHSA-2007-0888.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2007-0888.html"
},
{
"name": "25535",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25535"
"url": "http://www.redhat.com/support/errata/RHSA-2007-0890.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2007-0890.html"
},
{
"name": "MDKSA-2007:187",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:187"
"url": "http://www.redhat.com/support/errata/RHSA-2007-0891.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2007-0891.html"
},
{
"name": "http://www.php.net/ChangeLog-4.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-4.php"
"url": "http://www.sec-consult.com/291.html",
"refsource": "MISC",
"name": "http://www.sec-consult.com/291.html"
},
{
"name": "27102",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27102"
"url": "http://www.securityfocus.com/archive/1/470244/100/0/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/470244/100/0/threaded"
},
{
"name": "26895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26895"
"url": "http://www.securityfocus.com/archive/1/491693/100/0/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/491693/100/0/threaded"
},
{
"name": "SSRT080010",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"
"url": "http://www.securityfocus.com/bid/24261",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/24261"
},
{
"name": "28318",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28318"
"url": "http://www.securitytracker.com/id?1018186",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1018186"
},
{
"name": "USN-549-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-549-2"
"url": "http://www.ubuntu.com/usn/usn-549-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/usn-549-2"
},
{
"name": "RHSA-2007:0890",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0890.html"
"url": "http://www.vupen.com/english/advisories/2007/2061",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2007/2061"
},
{
"name": "HPSBUX02308",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"
"url": "http://www.vupen.com/english/advisories/2008/0059",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2008/0059"
},
{
"name": "RHSA-2007:0891",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0891.html"
"url": "http://www.vupen.com/english/advisories/2008/0398",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2008/0398"
},
{
"name": "26871",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26871"
"url": "https://access.redhat.com/errata/RHSA-2007:0888",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2007:0888"
},
{
"name": "20070601 SEC Consult SA-20070601-0 :: PHP chunk_split() integer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470244/100/0/threaded"
"url": "https://access.redhat.com/errata/RHSA-2007:0889",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2007:0889"
},
{
"name": "oval:org.mitre.oval:def:9424",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9424"
"url": "https://access.redhat.com/errata/RHSA-2007:0890",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2007:0890"
},
{
"name": "SUSE-SA:2007:044",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html"
"url": "https://access.redhat.com/errata/RHSA-2007:0891",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2007:0891"
},
{
"name": "24261",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24261"
"url": "https://access.redhat.com/security/cve/CVE-2007-2872",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2007-2872"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=242032",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=242032"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39398",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39398"
},
{
"url": "https://issues.rpath.com/browse/RPL-1702",
"refsource": "MISC",
"name": "https://issues.rpath.com/browse/RPL-1702"
},
{
"url": "https://launchpad.net/bugs/173043",
"refsource": "MISC",
"name": "https://launchpad.net/bugs/173043"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9424",
"refsource": "MISC",
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9424"
},
{
"url": "https://usn.ubuntu.com/549-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/549-1/"
},
{
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html",
"refsource": "MISC",
"name": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html"
},
{
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html",
"refsource": "MISC",
"name": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html"
}
]
}

985
2007/3xxx/CVE-2007-3387.json
View File

File diff suppressed because it is too large Load Diff

180
2007/3xxx/CVE-2007-3731.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-3731",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid LDT segment selector in %cs (the xcs field) during ptrace single-step operations, which allows local users to cause a denial of service (NULL dereference and OOPS) via certain code that makes ptrace PTRACE_SETREGS and PTRACE_SINGLESTEP requests, related to the TRACE_IRQS_ON function, and possibly related to the arch_ptrace function."
"value": "CVE-2007-3731 NULL pointer dereference triggered by ptrace"
}
]
},
@ -44,103 +21,138 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.6.18-8.1.15.el5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "25801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25801"
},
{
"name": "http://bugzilla.kernel.org/show_bug.cgi?id=8765",
"url": "http://secunia.com/advisories/27322",
"refsource": "MISC",
"url": "http://bugzilla.kernel.org/show_bug.cgi?id=8765"
"name": "http://secunia.com/advisories/27322"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a10d9a71bafd3a283da240d2868e71346d2aef6f",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a10d9a71bafd3a283da240d2868e71346d2aef6f"
"url": "http://www.redhat.com/support/errata/RHSA-2007-0940.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2007-0940.html"
},
{
"name": "37286",
"refsource": "OSVDB",
"url": "http://osvdb.org/37286"
"url": "https://access.redhat.com/errata/RHSA-2007:0940",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2007:0940"
},
{
"name": "RHSA-2007:0940",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0940.html"
"url": "http://bugzilla.kernel.org/show_bug.cgi?id=8765",
"refsource": "MISC",
"name": "http://bugzilla.kernel.org/show_bug.cgi?id=8765"
},
{
"name": "29159",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29159"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=29eb51101c02df517ca64ec472d7501127ad1da8",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=29eb51101c02df517ca64ec472d7501127ad1da8"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=29eb51101c02df517ca64ec472d7501127ad1da8",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=29eb51101c02df517ca64ec472d7501127ad1da8"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=a10d9a71bafd3a283da240d2868e71346d2aef6f",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=a10d9a71bafd3a283da240d2868e71346d2aef6f"
},
{
"name": "27322",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27322"
"url": "http://osvdb.org/37286",
"refsource": "MISC",
"name": "http://osvdb.org/37286"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0094",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0094"
"url": "http://secunia.com/advisories/26935",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26935"
},
{
"name": "26978",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26978"
"url": "http://secunia.com/advisories/26955",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26955"
},
{
"name": "20080229 rPSA-2008-0094-1 kernel",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488972/100/0/threaded"
"url": "http://secunia.com/advisories/26978",
"refsource": "MISC",
"name": "http://secunia.com/advisories/26978"
},
{
"name": "https://issues.rpath.com/browse/RPL-2304",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2304"
"url": "http://secunia.com/advisories/29159",
"refsource": "MISC",
"name": "http://secunia.com/advisories/29159"
},
{
"name": "USN-518-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-518-1"
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0094",
"refsource": "MISC",
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0094"
},
{
"name": "26955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26955"
"url": "http://www.debian.org/security/2007/dsa-1378",
"refsource": "MISC",
"name": "http://www.debian.org/security/2007/dsa-1378"
},
{
"name": "oval:org.mitre.oval:def:10394",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10394"
"url": "http://www.securityfocus.com/archive/1/488972/100/0/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/488972/100/0/threaded"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=248324",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=248324"
"url": "http://www.securityfocus.com/bid/25801",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/25801"
},
{
"name": "26935",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26935"
"url": "http://www.ubuntu.com/usn/usn-518-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/usn-518-1"
},
{
"name": "DSA-1378",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1378"
"url": "https://access.redhat.com/security/cve/CVE-2007-3731",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2007-3731"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=248324",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=248324"
},
{
"url": "https://issues.rpath.com/browse/RPL-2304",
"refsource": "MISC",
"name": "https://issues.rpath.com/browse/RPL-2304"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10394",
"refsource": "MISC",
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10394"
}
]
}

143
2013/0xxx/CVE-2013-0327.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0327",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Jenkins master in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to hijack the authentication of users via unknown vectors."
"value": "CVE-2013-0327 jenkins: cross-site request forgery (CSRF) on Jenkins master"
}
]
},
@ -44,38 +21,110 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "RHEL 6 Version of OpenShift Enterprise",
"version": {
"version_data": [
{
"version_value": "0:1.502-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.0.3-1.el6op",
"version_affected": "!"
},
{
"version_value": "1:1.4.1-4.el6",
"version_affected": "!"
},
{
"version_value": "1:1.3.0-4.el6op",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:0638",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0638.html"
},
{
"name": "[oss-security] 20130220 Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/7"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=914875",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0638.html",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=914875"
"name": "http://rhn.redhat.com/errata/RHSA-2013-0638.html"
},
{
"name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb",
"refsource": "CONFIRM",
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb"
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb",
"refsource": "MISC",
"name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb"
},
{
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16",
"refsource": "CONFIRM",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16"
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/21/7"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:0638",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0638"
},
{
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16",
"refsource": "MISC",
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-0327",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-0327"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=914875",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=914875"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

135
2013/0xxx/CVE-2013-0329.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0329",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to bypass the CSRF protection mechanism via unknown attack vectors."
"value": "CVE-2013-0329 jenkins: cross-site request forgery (CSRF) protection mechanism bypass"
}
]
},
@ -44,38 +21,110 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "RHEL 6 Version of OpenShift Enterprise",
"version": {
"version_data": [
{
"version_value": "0:1.502-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.0.3-1.el6op",
"version_affected": "!"
},
{
"version_value": "1:1.4.1-4.el6",
"version_affected": "!"
},
{
"version_value": "1:1.3.0-4.el6op",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=914877",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0638.html",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=914877"
"name": "http://rhn.redhat.com/errata/RHSA-2013-0638.html"
},
{
"name": "RHSA-2013:0638",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0638.html"
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb",
"refsource": "MISC",
"name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb"
},
{
"name": "[oss-security] 20130220 Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/7"
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/21/7"
},
{
"name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb",
"refsource": "CONFIRM",
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb"
"url": "https://access.redhat.com/errata/RHSA-2013:0638",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0638"
},
{
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16",
"refsource": "CONFIRM",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16"
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16",
"refsource": "MISC",
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-0329",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-0329"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=914877",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=914877"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

723
2013/1xxx/CVE-2013-1808.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1808",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed."
"value": "CVE-2013-1808 stapler-adjunct-zeroclipboard: XSS via copying XSS payload into buffer"
}
]
},
@ -44,93 +21,659 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "RHEL 6 Version of OpenShift Enterprise 1.2",
"version": {
"version_data": [
{
"version_value": "0:3.8.4-2.el6",
"version_affected": "!"
},
{
"version_value": "0:1.6.6-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.0.35-11.el6",
"version_affected": "!"
},
{
"version_value": "0:1.8.0-36.el6",
"version_affected": "!"
},
{
"version_value": "0:3.3.1-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:8.70-15.el6_4.1",
"version_affected": "!"
},
{
"version_value": "0:1.4.22-5.el6op",
"version_affected": "!"
},
{
"version_value": "0:6.5.4.7-6.el6_2",
"version_affected": "!"
},
{
"version_value": "0:1.900.1-15.el6_1.1",
"version_affected": "!"
},
{
"version_value": "0:6.0.0.GA-2.el6op",
"version_affected": "!"
},
{
"version_value": "0:6.0.0.GA-8.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.509.1-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.6.19-0.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.70-12.el6op",
"version_affected": "!"
},
{
"version_value": "0:3.2.1-4.el6",
"version_affected": "!"
},
{
"version_value": "0:1.19-1.el6",
"version_affected": "!"
},
{
"version_value": "0:2007e-11.el6",
"version_affected": "!"
},
{
"version_value": "0:0.37-7.2.el6_4",
"version_affected": "!"
},
{
"version_value": "0:2.5.8-10.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.6.20-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.1.16-2.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.6.1-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.3.0-3.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.3.5-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.0.3-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.4.1-2.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.0.2-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.4.22-4.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.7.6-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.9.1-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.4.8-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.4.10-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.4.7-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.9.8-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.8.6-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.4.5-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.3.7-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.4.8-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.4.9-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.2.7-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.9.3-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.9.2-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.9.9-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.6.4-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:3.0.3-4",
"version_affected": "!"
},
{
"version_value": "0:1.6.1-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.4008-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.31-6.1.el6",
"version_affected": "!"
},
{
"version_value": "0:0.08-3.1.el6",
"version_affected": "!"
},
{
"version_value": "0:3.0.17-5.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.09-9.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.7-5.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.13-2.1.el6",
"version_affected": "!"
},
{
"version_value": "0:0.31-3.1.el6",
"version_affected": "!"
},
{
"version_value": "0:0.7901-4.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.16004-3.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.1000-3.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.03-7.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.35-7.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.110-10.1.el6",
"version_affected": "!"
},
{
"version_value": "0:2.15-5.el6",
"version_affected": "!"
},
{
"version_value": "0:0.08-9.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.70-4.el6",
"version_affected": "!"
},
{
"version_value": "0:5.3.3-22.el6",
"version_affected": "!"
},
{
"version_value": "0:5.3.3-3.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.5.0-0.3.b3.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.5.0-0.1.b3.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.2.2-4.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.1.4-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.0.11-3.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.5.3-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.05-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:4.7.0-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.7-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.6.6-3.el6op",
"version_affected": "!"
},
{
"version_value": "1:1.8.5-10.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-8.el6",
"version_affected": "!"
},
{
"version_value": "0:3.0.1-7.el6",
"version_affected": "!"
},
{
"version_value": "0:4.0.3-5.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.0.10-4.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.3.0-8.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.7-7.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.6.16-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.4.1-7.el6",
"version_affected": "!"
},
{
"version_value": "0:0.0.2-7.el6",
"version_affected": "!"
},
{
"version_value": "0:1.7.3-1.el6",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-8.el6",
"version_affected": "!"
},
{
"version_value": "0:0.12.10-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.12.2-4.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.11.0-2.el6",
"version_affected": "!"
},
{
"version_value": "0:2.11.1-1",
"version_affected": "!"
},
{
"version_value": "0:2.11.1-2",
"version_affected": "!"
},
{
"version_value": "0:1.3.1-2.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.3.1-3.el6op",
"version_affected": "!"
},
{
"version_value": "1:1.3.2-11.el6",
"version_affected": "!"
},
{
"version_value": "0:1.3.6-1.el6",
"version_affected": "!"
},
{
"version_value": "0:0.0.5-3.el6",
"version_affected": "!"
},
{
"version_value": "0:4.8.1-1.el6",
"version_affected": "!"
},
{
"version_value": "0:2.8.2-8.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.0.94-3.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.8.3-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.1.2-5.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.0.21-3.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.1.2-5.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.0.7-4.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.4.3.1-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.3.0-2.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.9.13-1.2.el6op",
"version_affected": "!"
},
{
"version_value": "0:3.0.5-2.el6op",
"version_affected": "!"
},
{
"version_value": "0:3.0.17-2.el6op.1",
"version_affected": "!"
},
{
"version_value": "1:1.3.0-4.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.8.7-2.1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.2.4-3.el6op",
"version_affected": "!"
},
{
"version_value": "0:3.8.4-3.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.0.4-6.el6op",
"version_affected": "!"
},
{
"version_value": "0:3.0.4-2.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.3.3-4.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.14.6-2.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.0.5-93.el6op",
"version_affected": "!"
},
{
"version_value": "0:4.3.3-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.8.2-2.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.13.1-6.el6op.1",
"version_affected": "!"
},
{
"version_value": "0:1.6.1-10.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696",
"refsource": "CONFIRM",
"url": "https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696"
},
{
"name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb",
"refsource": "CONFIRM",
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
},
{
"name": "[oss-security] 20130326 Re: WordPress plugins vulnerable to CVE-2013-1808",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/26/8"
},
{
"name": "20130218 XSS vulnerabilities in ZeroClipboard",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Feb/103"
},
{
"name": "20130220 XSS vulnerabilities in YAML, Multiproject for Trac, UserCollections for Piwigo, TAO and TableTools for DataTables for jQuery",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Feb/109"
},
{
"name": "http://securityvulns.ru/docs29105.html",
"url": "http://seclists.org/fulldisclosure/2013/Apr/87",
"refsource": "MISC",
"url": "http://securityvulns.ru/docs29105.html"
"name": "http://seclists.org/fulldisclosure/2013/Apr/87"
},
{
"name": "[oss-security] 20130302 Re: [Full-disclosure] XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS - ZeroClipboard.swf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/3"
},
{
"name": "20130301 XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Mar/5"
},
{
"name": "20130418 XSS vulnerabilities in ZeroClipboard in multiple plugins for WordPress",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Apr/87"
},
{
"name": "http://securityvulns.ru/docs29103.html",
"url": "http://seclists.org/fulldisclosure/2013/Apr/88",
"refsource": "MISC",
"url": "http://securityvulns.ru/docs29103.html"
"name": "http://seclists.org/fulldisclosure/2013/Apr/88"
},
{
"name": "http://securityvulns.ru/docs29104.html",
"url": "http://seclists.org/fulldisclosure/2013/Feb/103",
"refsource": "MISC",
"url": "http://securityvulns.ru/docs29104.html"
"name": "http://seclists.org/fulldisclosure/2013/Feb/103"
},
{
"name": "https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108",
"refsource": "CONFIRM",
"url": "https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108"
"url": "http://seclists.org/fulldisclosure/2013/Feb/109",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2013/Feb/109"
},
{
"name": "[oss-security] 20130310 WordPress plugins vulnerable to CVE-2013-1808",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/10/2"
"url": "http://seclists.org/fulldisclosure/2013/Mar/5",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2013/Mar/5"
},
{
"name": "20130409 XSS and FPD vulnerabilities in ZeroClipboard in multiple themes for WordPress",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Apr/88"
"url": "http://securityvulns.ru/docs29103.html",
"refsource": "MISC",
"name": "http://securityvulns.ru/docs29103.html"
},
{
"name": "[oss-security] 20130324 XSS vulnerabilities in ZeroClipboard and multiple web applications",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/25/1"
"url": "http://securityvulns.ru/docs29104.html",
"refsource": "MISC",
"name": "http://securityvulns.ru/docs29104.html"
},
{
"name": "58257",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58257"
"url": "http://securityvulns.ru/docs29105.html",
"refsource": "MISC",
"name": "http://securityvulns.ru/docs29105.html"
},
{
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb",
"refsource": "MISC",
"name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/03/03/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/03/10/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/03/10/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/03/25/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/03/25/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/03/26/8",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/03/26/8"
},
{
"url": "http://www.securityfocus.com/bid/58257",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/58257"
},
{
"url": "https://access.redhat.com/errata/RHEA-2013:1032",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHEA-2013:1032"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-1808",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-1808"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918054",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=918054"
},
{
"url": "https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108",
"refsource": "MISC",
"name": "https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108"
},
{
"url": "https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696",
"refsource": "MISC",
"name": "https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696"
},
{
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02",
"refsource": "MISC",
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

179
2013/1xxx/CVE-2013-1819.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1819",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map."
"value": "CVE-2013-1819 kernel: xfs: _xfs_buf_find oops on blocks beyond the filesystem end"
}
]
},
@ -44,83 +21,143 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "0:3.6.11.2-rt33.39.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-1970-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1970-1"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=eb178619f930fa2ba2348de332a1ff1c66a31424",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=eb178619f930fa2ba2348de332a1ff1c66a31424"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=918009",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918009"
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.6",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.6"
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html"
},
{
"name": "USN-1975-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1975-1"
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"name": "SUSE-SU-2013:1473",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.6",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.6"
},
{
"name": "[oss-security] 20130305 Re: CVE request: Linux kernel: xfs: _xfs_buf_find NULL pointer dereference",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/05/10"
"url": "http://www.openwall.com/lists/oss-security/2013/03/05/10",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/03/05/10"
},
{
"name": "openSUSE-SU-2013:1971",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
"url": "http://www.ubuntu.com/usn/USN-1968-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1968-1"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=eb178619f930fa2ba2348de332a1ff1c66a31424",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=eb178619f930fa2ba2348de332a1ff1c66a31424"
"url": "http://www.ubuntu.com/usn/USN-1969-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1969-1"
},
{
"name": "USN-1968-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1968-1"
"url": "http://www.ubuntu.com/usn/USN-1970-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1970-1"
},
{
"name": "USN-1969-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1969-1"
"url": "http://www.ubuntu.com/usn/USN-1972-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1972-1"
},
{
"name": "SUSE-SU-2013:1474",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html"
"url": "http://www.ubuntu.com/usn/USN-1973-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1973-1"
},
{
"name": "USN-1973-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1973-1"
"url": "http://www.ubuntu.com/usn/USN-1975-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1975-1"
},
{
"name": "https://github.com/torvalds/linux/commit/eb178619f930fa2ba2348de332a1ff1c66a31424",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/eb178619f930fa2ba2348de332a1ff1c66a31424"
"url": "https://access.redhat.com/errata/RHSA-2013:0829",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0829"
},
{
"name": "USN-1972-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1972-1"
"url": "https://access.redhat.com/security/cve/CVE-2013-1819",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-1819"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918009",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=918009"
},
{
"url": "https://github.com/torvalds/linux/commit/eb178619f930fa2ba2348de332a1ff1c66a31424",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/eb178619f930fa2ba2348de332a1ff1c66a31424"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
]
}

160
2013/1xxx/CVE-2013-1865.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1865",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token."
"value": "CVE-2013-1865 OpenStack keystone: online validation of Keystone PKI tokens bypasses revocation check"
}
]
},
@ -44,63 +21,128 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "OpenStack Folsom for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2012.2.3-7.el6ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130320 [OSSA 2013-009] Keystone PKI tokens online validation bypasses revocation check (CVE-2013-1865)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/20/13"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0708.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0708.html"
},
{
"name": "52657",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52657"
"url": "https://access.redhat.com/errata/RHSA-2013:0708",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0708"
},
{
"name": "openSUSE-SU-2013:0565",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00000.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101719.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101719.html"
},
{
"name": "FEDORA-2013-4590",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101719.html"
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00000.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00000.html"
},
{
"name": "https://bugs.launchpad.net/keystone/+bug/1129713",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/keystone/+bug/1129713"
"url": "http://osvdb.org/91532",
"refsource": "MISC",
"name": "http://osvdb.org/91532"
},
{
"name": "https://review.openstack.org/#/c/24906/",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/#/c/24906/"
"url": "http://secunia.com/advisories/52657",
"refsource": "MISC",
"name": "http://secunia.com/advisories/52657"
},
{
"name": "58616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58616"
"url": "http://www.openwall.com/lists/oss-security/2013/03/20/13",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/03/20/13"
},
{
"name": "USN-1772-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1772-1"
"url": "http://www.securityfocus.com/bid/58616",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/58616"
},
{
"name": "91532",
"refsource": "OSVDB",
"url": "http://osvdb.org/91532"
"url": "http://www.ubuntu.com/usn/USN-1772-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1772-1"
},
{
"name": "RHSA-2013:0708",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0708.html"
"url": "https://access.redhat.com/security/cve/CVE-2013-1865",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-1865"
},
{
"url": "https://bugs.launchpad.net/keystone/+bug/1129713",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/keystone/+bug/1129713"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=922230",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=922230"
},
{
"url": "https://review.openstack.org/#/c/24906/",
"refsource": "MISC",
"name": "https://review.openstack.org/#/c/24906/"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
]
}

172
2013/1xxx/CVE-2013-1892.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1892",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument."
"value": "CVE-2013-1892 MongoDB: Server Side JavaScript Includes allow Remote Code Execution"
}
]
},
@ -44,58 +21,127 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "0:1.6.4-6.el6",
"version_affected": "!"
},
{
"version_value": "0:1.9-11.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:1170",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1170.html"
},
{
"name": "24947",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/24947"
},
{
"name": "[oss-security] 20130325 Re: CVE Request: Mongo DB",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/25/9"
},
{
"name": "FEDORA-2013-4539",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101630.html"
},
{
"name": "http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/",
"url": "http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/",
"refsource": "MISC",
"url": "http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/"
"name": "http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/"
},
{
"name": "24935",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/24935"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101630.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101630.html"
},
{
"name": "https://jira.mongodb.org/browse/SERVER-9124",
"refsource": "CONFIRM",
"url": "https://jira.mongodb.org/browse/SERVER-9124"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101679.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101679.html"
},
{
"name": "http://www.mongodb.org/about/alerts/",
"refsource": "CONFIRM",
"url": "http://www.mongodb.org/about/alerts/"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1170.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1170.html"
},
{
"name": "FEDORA-2013-4531",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101679.html"
"url": "http://www.exploit-db.com/exploits/24935",
"refsource": "MISC",
"name": "http://www.exploit-db.com/exploits/24935"
},
{
"url": "http://www.exploit-db.com/exploits/24947",
"refsource": "MISC",
"name": "http://www.exploit-db.com/exploits/24947"
},
{
"url": "http://www.mongodb.org/about/alerts/",
"refsource": "MISC",
"name": "http://www.mongodb.org/about/alerts/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/03/25/9",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/03/25/9"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1170",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1170"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-1892",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-1892"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=927536",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=927536"
},
{
"url": "https://jira.mongodb.org/browse/SERVER-9124",
"refsource": "MISC",
"name": "https://jira.mongodb.org/browse/SERVER-9124"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

183
2013/1xxx/CVE-2013-1960.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1960",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file."
"value": "CVE-2013-1960 libtiff (tiff2pdf): Heap-based buffer overflow in t2_process_jpeg_strip()"
}
]
},
@ -44,73 +21,149 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:3.8.2-19.el5_10",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:3.9.4-10.el6_5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "53237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53237"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html"
},
{
"name": "FEDORA-2013-7369",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html"
},
{
"name": "DSA-2698",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2698"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html"
},
{
"name": "59609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59609"
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html"
},
{
"name": "53765",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53765"
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html"
},
{
"name": "openSUSE-SU-2013:0944",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0223.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0223.html"
},
{
"name": "RHSA-2014:0223",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0223.html"
"url": "http://seclists.org/oss-sec/2013/q2/254",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2013/q2/254"
},
{
"name": "[oss-security] 20130502 Fwd: Two libtiff (tiff2pdf flaws)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q2/254"
"url": "http://secunia.com/advisories/53237",
"refsource": "MISC",
"name": "http://secunia.com/advisories/53237"
},
{
"name": "FEDORA-2013-7361",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html"
"url": "http://secunia.com/advisories/53765",
"refsource": "MISC",
"name": "http://secunia.com/advisories/53765"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=952158",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=952158"
"url": "http://www.debian.org/security/2013/dsa-2698",
"refsource": "MISC",
"name": "http://www.debian.org/security/2013/dsa-2698"
},
{
"name": "openSUSE-SU-2013:0922",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html"
"url": "https://access.redhat.com/errata/RHSA-2014:0222",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0222"
},
{
"name": "FEDORA-2013-7339",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html"
"url": "https://access.redhat.com/errata/RHSA-2014:0223",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0223"
},
{
"url": "http://www.securityfocus.com/bid/59609",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/59609"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-1960",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-1960"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=952158",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=952158"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

136
2013/2xxx/CVE-2013-2104.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2104",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires."
"value": "CVE-2013-2104 OpenStack Keystone: Missing expiration check in Keystone PKI token validation"
}
]
},
@ -44,43 +21,108 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Insufficient Session Expiration",
"cweId": "CWE-613"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "OpenStack 3 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "1:0.2.3-2.el6ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130528 [OSSA 2013-014] Missing expiration check in Keystone PKI tokens validation (CVE-2013-2104)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/05/28/7"
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00198.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00198.html"
},
{
"name": "USN-1851-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1851-1"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0944.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0944.html"
},
{
"name": "RHSA-2013:0944",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0944.html"
"url": "http://www.openwall.com/lists/oss-security/2013/05/28/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/05/28/7"
},
{
"name": "openSUSE-SU-2013:1089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00198.html"
"url": "http://www.ubuntu.com/usn/USN-1851-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1851-1"
},
{
"name": "https://bugs.launchpad.net/python-keystoneclient/+bug/1179615",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/python-keystoneclient/+bug/1179615"
"url": "http://www.ubuntu.com/usn/USN-1875-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1875-1"
},
{
"name": "USN-1875-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1875-1"
"url": "https://access.redhat.com/errata/RHSA-2013:0944",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0944"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-2104",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-2104"
},
{
"url": "https://bugs.launchpad.net/python-keystoneclient/+bug/1179615",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/python-keystoneclient/+bug/1179615"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=965852",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=965852"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

166
2016/8xxx/CVE-2016-8630.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8630",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction."
"value": "Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS."
}
]
},
@ -44,53 +21,136 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.10.2.rt56.435.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-514.10.2.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d9092f52d7e61dd1557f2db2400ddb430e85937e",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d9092f52d7e61dd1557f2db2400ddb430e85937e"
},
{
"name": "94459",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94459"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0386.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0386.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1393350",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393350"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0387.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0387.html"
},
{
"name": "RHSA-2017:0387",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0387.html"
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7"
},
{
"name": "https://github.com/torvalds/linux/commit/d9092f52d7e61dd1557f2db2400ddb430e85937e",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/d9092f52d7e61dd1557f2db2400ddb430e85937e"
"url": "http://www.openwall.com/lists/oss-security/2016/11/22/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/11/22/3"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d9092f52d7e61dd1557f2db2400ddb430e85937e",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d9092f52d7e61dd1557f2db2400ddb430e85937e"
"url": "http://www.securityfocus.com/bid/94459",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94459"
},
{
"name": "[oss-security] 20161122 CVE-2016-8630 kernel: kvm: x86: NULL pointer dereference duringinstruction decode",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/22/3"
"url": "https://access.redhat.com/errata/RHSA-2017:0386",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0386"
},
{
"name": "RHSA-2017:0386",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0386.html"
"url": "https://access.redhat.com/errata/RHSA-2017:0387",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0387"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-8630",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8630"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393350",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1393350"
},
{
"url": "https://github.com/torvalds/linux/commit/d9092f52d7e61dd1557f2db2400ddb430e85937e",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/d9092f52d7e61dd1557f2db2400ddb430e85937e"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.2,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
]
}

212
2016/8xxx/CVE-2016-8633.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8633",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets."
"value": "A buffer overflow vulnerability due to a lack of input filtering of incoming fragmented datagrams was found in the IP-over-1394 driver [firewire-net] in a fragment handling code in the Linux kernel. The vulnerability exists since firewire supported IPv4, i.e. since version 2.6.31 (year 2009) till version v4.9-rc4. A maliciously formed fragment with a respectively large datagram offset would cause a memcpy() past the datagram buffer, which would cause a system panic or possible arbitrary code execution. The flaw requires [firewire-net] module to be loaded and is remotely exploitable from connected firewire devices, but not over a local network."
}
]
},
@ -44,68 +21,169 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-862.rt56.804.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-862.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.47.2.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-693.47.2.rt56.641.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7"
},
{
"name": "94149",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94149"
},
{
"name": "RHSA-2018:1062",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"name": "https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/",
"url": "https://access.redhat.com/errata/RHSA-2018:0676",
"refsource": "MISC",
"url": "https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/"
"name": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"name": "RHSA-2018:0676",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
"url": "https://access.redhat.com/errata/RHSA-2018:1062",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1391490",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391490"
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7"
},
{
"name": "https://github.com/torvalds/linux/commit/667121ace9dbafb368618dbabcf07901c962ddac",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/667121ace9dbafb368618dbabcf07901c962ddac"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=667121ace9dbafb368618dbabcf07901c962ddac",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=667121ace9dbafb368618dbabcf07901c962ddac"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=667121ace9dbafb368618dbabcf07901c962ddac",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=667121ace9dbafb368618dbabcf07901c962ddac"
"url": "http://www.openwall.com/lists/oss-security/2016/11/06/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/11/06/1"
},
{
"name": "[oss-security] 20161106 Re: [engineering.redhat.com #426293] CVE Request - firewire driver RCE - linux 4.8",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/06/1"
"url": "http://www.securityfocus.com/bid/94149",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94149"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1170",
"url": "https://access.redhat.com/errata/RHSA-2019:1170"
"url": "https://access.redhat.com/errata/RHSA-2019:1170",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:1170"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1190",
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
"url": "https://access.redhat.com/errata/RHSA-2019:1190",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:1190"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-8633",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8633"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391490",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1391490"
},
{
"url": "https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/",
"refsource": "MISC",
"name": "https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/"
},
{
"url": "https://github.com/torvalds/linux/commit/667121ace9dbafb368618dbabcf07901c962ddac",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/667121ace9dbafb368618dbabcf07901c962ddac"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Eyal Itkin for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}

156
2016/8xxx/CVE-2016-8638.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8638",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a \"SAML2 multi-session vulnerability.\""
"value": "A vulnerability was found in ipsilon in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could determine what service providers other users are logged in to and terminate their sessions."
}
]
},
@ -44,43 +21,128 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.0.0-13.el7_3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://ipsilon-project.org/release/2.1.0.html",
"refsource": "CONFIRM",
"url": "https://ipsilon-project.org/release/2.1.0.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2809.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2809.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638"
"url": "http://www.securityfocus.com/bid/94439",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94439"
},
{
"name": "https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c",
"refsource": "CONFIRM",
"url": "https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c"
"url": "https://access.redhat.com/errata/RHSA-2016:2809",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2809"
},
{
"name": "https://ipsilon-project.org/advisory/CVE-2016-8638.txt",
"refsource": "CONFIRM",
"url": "https://ipsilon-project.org/advisory/CVE-2016-8638.txt"
"url": "https://access.redhat.com/security/cve/CVE-2016-8638",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8638"
},
{
"name": "94439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94439"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1392829",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1392829"
},
{
"name": "RHSA-2016:2809",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2809.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638"
},
{
"url": "https://ipsilon-project.org/advisory/CVE-2016-8638.txt",
"refsource": "MISC",
"name": "https://ipsilon-project.org/advisory/CVE-2016-8638.txt"
},
{
"url": "https://ipsilon-project.org/release/2.1.0.html",
"refsource": "MISC",
"name": "https://ipsilon-project.org/release/2.1.0.html"
},
{
"url": "https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c",
"refsource": "MISC",
"name": "https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Howard Johnson and Patrick Uiterwijk (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
}
]
}

191
2016/8xxx/CVE-2016-8645.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8645",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c."
"value": "It was discovered that the Linux kernel since 3.6-rc1 with 'net.ipv4.tcp_fastopen' set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash."
}
]
},
@ -44,68 +21,158 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Reachable Assertion",
"cweId": "CWE-617"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.rt56.617.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-693.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-693.2.1.rt56.585.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161130 Re: CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in net/ipv4/tcp_input.c",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/30/3"
"url": "https://access.redhat.com/errata/RHSA-2017:2669",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"name": "RHSA-2017:2669",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac6e780070e30e4c35bd395acfe9191e6268bdd3",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac6e780070e30e4c35bd395acfe9191e6268bdd3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1393904",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393904"
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.10",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.10"
},
{
"name": "94264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94264"
"url": "http://www.openwall.com/lists/oss-security/2016/11/11/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/11/11/3"
},
{
"name": "1037285",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037285"
"url": "http://www.openwall.com/lists/oss-security/2016/11/30/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/11/30/3"
},
{
"name": "RHSA-2017:2077",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2077"
"url": "http://www.securityfocus.com/bid/94264",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94264"
},
{
"name": "RHSA-2017:1842",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1842"
"url": "http://www.securitytracker.com/id/1037285",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037285"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.10",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.10"
"url": "https://access.redhat.com/errata/RHSA-2017:1842",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1842"
},
{
"name": "[oss-security] 20161111 CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in net/ipv4/tcp_input.c",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/11/3"
"url": "https://access.redhat.com/errata/RHSA-2017:2077",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac6e780070e30e4c35bd395acfe9191e6268bdd3",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac6e780070e30e4c35bd395acfe9191e6268bdd3"
"url": "https://access.redhat.com/security/cve/CVE-2016-8645",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8645"
},
{
"name": "https://github.com/torvalds/linux/commit/ac6e780070e30e4c35bd395acfe9191e6268bdd3",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/ac6e780070e30e4c35bd395acfe9191e6268bdd3"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393904",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1393904"
},
{
"url": "https://github.com/torvalds/linux/commit/ac6e780070e30e4c35bd395acfe9191e6268bdd3",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/ac6e780070e30e4c35bd395acfe9191e6268bdd3"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Marco Grassi for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

179
2016/8xxx/CVE-2016-8646.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8646",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data."
"value": "A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set."
}
]
},
@ -44,58 +21,148 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.21.1.rt56.438.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-514.21.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-514.rt56.221.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1388821",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388821"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4afa5f9617927453ac04b24b584f6c718dfb4f45",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4afa5f9617927453ac04b24b584f6c718dfb4f45"
},
{
"name": "RHSA-2017:1308",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1308"
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.6",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.6"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4afa5f9617927453ac04b24b584f6c718dfb4f45",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4afa5f9617927453ac04b24b584f6c718dfb4f45"
"url": "http://www.openwall.com/lists/oss-security/2016/11/15/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/11/15/2"
},
{
"name": "94309",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94309"
"url": "http://www.securityfocus.com/bid/94309",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94309"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.6",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.6"
"url": "https://access.redhat.com/errata/RHSA-2017:1297",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1297"
},
{
"name": "https://github.com/torvalds/linux/commit/4afa5f9617927453ac04b24b584f6c718dfb4f45",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/4afa5f9617927453ac04b24b584f6c718dfb4f45"
"url": "https://access.redhat.com/errata/RHSA-2017:1298",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1298"
},
{
"name": "RHSA-2017:1298",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1298"
"url": "https://access.redhat.com/errata/RHSA-2017:1308",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1308"
},
{
"name": "[oss-security] 20161115 CVE-2016-8646: linux kernel - oops in shash_async_export()",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/15/2"
"url": "https://access.redhat.com/security/cve/CVE-2016-8646",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8646"
},
{
"name": "RHSA-2017:1297",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1297"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388821",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1388821"
},
{
"url": "https://github.com/torvalds/linux/commit/4afa5f9617927453ac04b24b584f6c718dfb4f45",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/4afa5f9617927453ac04b24b584f6c718dfb4f45"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Igor Redko (Virtuozzo kernel team) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.7,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

143
2016/8xxx/CVE-2016-8647.json
View File

@ -1,87 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8647",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ansible",
"version": {
"version_data": [
{
"version_value": "2.2.1.0"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed."
"value": "An input validation vulnerability was found in Ansible's mysql_user module which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "2.2/CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
[
{
"vectorString": "3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Virtualization Engine 4.1",
"version": {
"version_data": [
{
"version_value": "0:2.3.0.0-4.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1685",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1685"
"url": "https://access.redhat.com/errata/RHSA-2017:1685",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1685"
},
{
"name": "https://github.com/ansible/ansible-modules-core/pull/5388",
"refsource": "CONFIRM",
"url": "https://github.com/ansible/ansible-modules-core/pull/5388"
"url": "https://access.redhat.com/security/cve/CVE-2016-8647",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8647"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8647",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8647"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396174",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1396174"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8647",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8647"
},
{
"url": "https://github.com/ansible/ansible-modules-core/pull/5388",
"refsource": "MISC",
"name": "https://github.com/ansible/ansible-modules-core/pull/5388"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
]
}

165
2016/8xxx/CVE-2016-8651.json
View File

@ -1,87 +1,144 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8651",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenShift Enterprise",
"version": {
"version_data": [
{
"version_value": "3"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image."
"value": "An input validation flaw was found in the way OpenShift handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
[
{
"vectorString": "2.3/AV:A/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 3.2",
"version": {
"version_data": [
{
"version_value": "0:3.2.1.21-1.git.0.4250771.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 3.3",
"version": {
"version_data": [
{
"version_value": "0:3.3.1.7-1.git.0.0988966.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Enterprise 3.1",
"version": {
"version_data": [
{
"version_value": "0:3.1.1.10-1.git.0.efeef8d.el7aos",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "94935",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94935"
"url": "http://www.securityfocus.com/bid/94935",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94935"
},
{
"name": "RHSA-2016:2915",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:2915"
"url": "https://access.redhat.com/errata/RHSA-2016:2915",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2915"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651"
"url": "https://access.redhat.com/security/cve/CVE-2016-8651",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8651"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397987",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1397987"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
}

434
2016/8xxx/CVE-2016-8655.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8655",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions."
"value": "A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system."
}
]
},
@ -44,183 +21,288 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.10.2.rt56.435.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-514.10.2.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-514.rt56.215.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-3151-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3151-3"
},
{
"name": "SUSE-SU-2016:3096",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html"
},
{
"name": "https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c"
},
{
"name": "SUSE-SU-2016:3206",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.html"
},
{
"name": "SUSE-SU-2016:3169",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html"
},
{
"name": "USN-3150-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3150-2"
},
{
"name": "USN-3149-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3149-2"
},
{
"name": "94692",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94692"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "USN-3150-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3150-1"
},
{
"name": "SUSE-SU-2016:3117",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html"
},
{
"name": "SUSE-SU-2016:3197",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.html"
},
{
"name": "RHSA-2017:0402",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0402.html"
},
{
"name": "USN-3151-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3151-1"
},
{
"name": "RHSA-2017:0387",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0387.html"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c"
},
{
"name": "40871",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40871/"
},
{
"name": "USN-3149-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3149-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1400019",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400019"
},
{
"name": "44696",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44696/"
},
{
"name": "SUSE-SU-2016:3247",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.html"
},
{
"name": "USN-3151-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3151-2"
},
{
"name": "SUSE-SU-2016:3183",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.html"
},
{
"name": "http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0386.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html"
"name": "http://rhn.redhat.com/errata/RHSA-2017-0386.html"
},
{
"name": "[oss-security] 20161206 CVE-2016-8655 Linux af_packet.c race condition (local root)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/06/1"
"url": "http://rhn.redhat.com/errata/RHSA-2017-0387.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0387.html"
},
{
"name": "USN-3152-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3152-1"
"url": "https://access.redhat.com/errata/RHSA-2017:0386",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0386"
},
{
"name": "USN-3152-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3152-2"
"url": "https://access.redhat.com/errata/RHSA-2017:0387",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0387"
},
{
"name": "RHSA-2017:0386",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0386.html"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c"
},
{
"name": "1037403",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037403"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html"
},
{
"name": "USN-3151-4",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3151-4"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html"
},
{
"name": "SUSE-SU-2016:3116",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html"
},
{
"name": "SUSE-SU-2016:3113",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html"
},
{
"name": "https://source.android.com/security/bulletin/2017-03-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html"
},
{
"name": "SUSE-SU-2016:3205",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.html"
},
{
"url": "http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2017-0402.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0402.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2016/12/06/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/12/06/1"
},
{
"url": "http://www.securityfocus.com/bid/94692",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94692"
},
{
"url": "http://www.securitytracker.com/id/1037403",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037403"
},
{
"url": "http://www.securitytracker.com/id/1037968",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037968"
},
{
"url": "http://www.ubuntu.com/usn/USN-3149-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3149-1"
},
{
"url": "http://www.ubuntu.com/usn/USN-3149-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3149-2"
},
{
"url": "http://www.ubuntu.com/usn/USN-3150-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3150-1"
},
{
"url": "http://www.ubuntu.com/usn/USN-3150-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3150-2"
},
{
"url": "http://www.ubuntu.com/usn/USN-3151-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3151-1"
},
{
"url": "http://www.ubuntu.com/usn/USN-3151-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3151-2"
},
{
"url": "http://www.ubuntu.com/usn/USN-3151-3",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3151-3"
},
{
"url": "http://www.ubuntu.com/usn/USN-3151-4",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3151-4"
},
{
"url": "http://www.ubuntu.com/usn/USN-3152-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3152-1"
},
{
"url": "http://www.ubuntu.com/usn/USN-3152-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3152-2"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0402",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0402"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-8655",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8655"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400019",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1400019"
},
{
"url": "https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c"
},
{
"url": "https://source.android.com/security/bulletin/2017-03-01.html",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2017-03-01.html"
},
{
"url": "https://www.exploit-db.com/exploits/40871/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/40871/"
},
{
"url": "https://www.exploit-db.com/exploits/44696/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/44696/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Philip Pettersson for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}

235
2016/8xxx/CVE-2016-8669.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8669",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base."
"value": "CVE-2016-8669 Qemu: char: divide by zero error in serial_update_parameters"
}
]
},
@ -44,58 +21,204 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Divide By Zero",
"cweId": "CWE-369"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 11.0 (Ocata)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-14.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
"url": "https://access.redhat.com/errata/RHSA-2017:2392",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201611-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-11"
"url": "https://access.redhat.com/errata/RHSA-2017:2408",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=3592fe0c919cf27a81d8e9f9b4f269553418bb01",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=3592fe0c919cf27a81d8e9f9b4f269553418bb01"
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20161014 CVE request Qemu: char: divide by zero error in serial_update_parameters",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/14/9"
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
"url": "https://security.gentoo.org/glsa/201611-11",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "openSUSE-SU-2016:3237",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3592fe0c919cf27a81d8e9f9b4f269553418bb01",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3592fe0c919cf27a81d8e9f9b4f269553418bb01"
},
{
"name": "93563",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93563"
"url": "http://www.openwall.com/lists/oss-security/2016/10/14/9",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/10/14/9"
},
{
"name": "[oss-security] 20161015 Re: CVE request Qemu: char: divide by zero error in serial_update_parameters",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/15/5"
"url": "http://www.openwall.com/lists/oss-security/2016/10/15/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/10/15/5"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
"url": "http://www.securityfocus.com/bid/93563",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/93563"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-8669",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8669"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384909",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1384909"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank PSIRT (Huawei Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
]
}

168
2016/9xxx/CVE-2016-9588.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9588",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest."
"value": "Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to an uncaught exception issue. It could occur if an L2 guest was to throw an exception which is not handled by an L1 guest."
}
]
},
@ -44,63 +21,136 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Uncaught Exception",
"cweId": "CWE-248"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.rt56.617.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-693.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/ef85b67385436ddc1998f45f1d6a210f935b3388",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/ef85b67385436ddc1998f45f1d6a210f935b3388"
"url": "https://access.redhat.com/errata/RHSA-2017:1842",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1842"
},
{
"name": "[oss-security] 20161215 CVE-2016-9588 Kernel: kvm: nVMX: uncaught software exceptions in L1 guest lead to DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/15/3"
"url": "https://access.redhat.com/errata/RHSA-2017:2077",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"name": "RHSA-2017:2077",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2077"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ef85b67385436ddc1998f45f1d6a210f935b3388",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ef85b67385436ddc1998f45f1d6a210f935b3388"
},
{
"name": "RHSA-2017:1842",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1842"
"url": "http://www.debian.org/security/2017/dsa-3804",
"refsource": "MISC",
"name": "http://www.debian.org/security/2017/dsa-3804"
},
{
"name": "USN-3822-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3822-2/"
"url": "http://www.openwall.com/lists/oss-security/2016/12/15/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/12/15/3"
},
{
"name": "DSA-3804",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3804"
"url": "http://www.securityfocus.com/bid/94933",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94933"
},
{
"name": "94933",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94933"
"url": "https://access.redhat.com/security/cve/CVE-2016-9588",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-9588"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1404924",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404924"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404924",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1404924"
},
{
"name": "USN-3822-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3822-1/"
"url": "https://github.com/torvalds/linux/commit/ef85b67385436ddc1998f45f1d6a210f935b3388",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/ef85b67385436ddc1998f45f1d6a210f935b3388"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ef85b67385436ddc1998f45f1d6a210f935b3388",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ef85b67385436ddc1998f45f1d6a210f935b3388"
"url": "https://usn.ubuntu.com/3822-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3822-1/"
},
{
"url": "https://usn.ubuntu.com/3822-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3822-2/"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
}

211
2016/9xxx/CVE-2016-9911.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9911",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host."
"value": "CVE-2016-9911 Qemu: usb: ehci: memory leakage in ehci_init_transfer"
}
]
},
@ -44,43 +21,183 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Clearing of Heap Memory Before Release ('Heap Inspection')",
"cweId": "CWE-244"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 11.0 (Ocata)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-14.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
"url": "https://access.redhat.com/errata/RHSA-2017:2392",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "94762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94762"
"url": "https://access.redhat.com/errata/RHSA-2017:2408",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201701-49",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-49"
"url": "https://security.gentoo.org/glsa/201701-49",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/12/08/5"
},
{
"name": "[oss-security] 20161208 Re: CVE request: Qemu: usb: ehci: memory leakage in ehci_init_transfer",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/5"
"url": "http://www.securityfocus.com/bid/94762",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94762"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-9911",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-9911"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402272",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1402272"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
]
}

191
2017/12xxx/CVE-2017-12154.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-12154",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux kernel through 4.13.3",
"version": {
"version_data": [
{
"version_value": "Linux kernel through 4.13.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the \"CR8-load exiting\" and \"CR8-store exiting\" L0 vmcs02 controls exist in cases where L1 omits the \"use TPR shadow\" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register."
"value": "Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization (nVMX) feature enabled (nested=1), is vulnerable to a crash due to disabled external interrupts. As L2 guest could access (r/w) hardware CR8 register of the host(L0). In a nested visualization setup, L2 guest user could use this flaw to potentially crash the host(L0) resulting in DoS."
}
]
},
@ -44,68 +21,158 @@
"description": [
{
"lang": "eng",
"value": "incorrect access control"
"value": "Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-862.rt56.804.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-862.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.55.1.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f"
"url": "http://www.debian.org/security/2017/dsa-3981",
"refsource": "MISC",
"name": "http://www.debian.org/security/2017/dsa-3981"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1491224",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491224"
"url": "https://access.redhat.com/errata/RHSA-2018:0676",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"name": "RHSA-2018:1062",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1062"
"url": "https://access.redhat.com/errata/RHSA-2018:1062",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"name": "100856",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100856"
"url": "https://access.redhat.com/errata/RHSA-2019:1946",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:1946"
},
{
"name": "DSA-3981",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3981"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f"
},
{
"name": "https://www.spinics.net/lists/kvm/msg155414.html",
"refsource": "CONFIRM",
"url": "https://www.spinics.net/lists/kvm/msg155414.html"
"url": "http://www.securityfocus.com/bid/100856",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/100856"
},
{
"name": "RHSA-2018:0676",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
"url": "https://access.redhat.com/security/cve/CVE-2017-12154",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-12154"
},
{
"name": "USN-3698-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3698-1/"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491224",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1491224"
},
{
"name": "https://github.com/torvalds/linux/commit/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f"
"url": "https://github.com/torvalds/linux/commit/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f"
},
{
"name": "USN-3698-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3698-2/"
"url": "https://usn.ubuntu.com/3698-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3698-1/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1946",
"url": "https://access.redhat.com/errata/RHSA-2019:1946"
"url": "https://usn.ubuntu.com/3698-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3698-2/"
},
{
"url": "https://www.spinics.net/lists/kvm/msg155414.html",
"refsource": "MISC",
"name": "https://www.spinics.net/lists/kvm/msg155414.html"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jim Mattson (Google.com) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:H/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
]
}

1242
2017/12xxx/CVE-2017-12175.json
View File

File diff suppressed because it is too large Load Diff

250
2017/12xxx/CVE-2017-12190.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-12190",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux kernel through v4.14-rc5",
"version": {
"version_data": [
{
"version_value": "Linux kernel through v4.14-rc5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition."
"value": "It was found that in the Linux kernel through v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in 'block/bio.c' do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page. bio_add_pc_page() merges them into one, but the page reference is never dropped, causing a memory leak and possible system lockup due to out-of-memory condition."
}
]
},
@ -44,113 +21,208 @@
"description": [
{
"lang": "eng",
"value": "CWE-400"
"value": "Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-754.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-862.rt56.804.el7",
"version_affected": "!"
},
{
"version_value": "0:4.14.0-49.el7a",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-862.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.47.2.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-693.47.2.rt56.641.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058"
"url": "https://usn.ubuntu.com/3583-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3583-1/"
},
{
"name": "101911",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101911"
"url": "https://usn.ubuntu.com/3583-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3583-2/"
},
{
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"name": "USN-3583-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3583-2/"
"url": "https://usn.ubuntu.com/3582-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3582-1/"
},
{
"name": "RHSA-2018:1854",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
"url": "https://usn.ubuntu.com/3582-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3582-2/"
},
{
"name": "USN-3582-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3582-1/"
"url": "https://access.redhat.com/errata/RHSA-2018:0676",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8"
"url": "https://access.redhat.com/errata/RHSA-2018:1062",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467"
"url": "https://access.redhat.com/errata/RHSA-2018:1854",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name": "RHSA-2018:1062",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1062"
"url": "https://access.redhat.com/errata/RHSA-2018:0654",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0654"
},
{
"name": "https://github.com/torvalds/linux/commit/95d78c28b5a85bacbc29b8dba7c04babb9b0d467",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/95d78c28b5a85bacbc29b8dba7c04babb9b0d467"
"url": "https://access.redhat.com/errata/RHSA-2019:1170",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:1170"
},
{
"name": "RHSA-2018:0654",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0654"
"url": "https://access.redhat.com/errata/RHSA-2019:1190",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:1190"
},
{
"name": "USN-3583-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3583-1/"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1495089",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495089"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467"
},
{
"name": "https://github.com/torvalds/linux/commit/2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058"
"url": "http://seclists.org/oss-sec/2017/q4/52",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2017/q4/52"
},
{
"name": "http://seclists.org/oss-sec/2017/q4/52",
"refsource": "CONFIRM",
"url": "http://seclists.org/oss-sec/2017/q4/52"
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8"
},
{
"name": "RHSA-2018:0676",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
"url": "http://www.securityfocus.com/bid/101911",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/101911"
},
{
"name": "USN-3582-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3582-2/"
"url": "https://access.redhat.com/security/cve/CVE-2017-12190",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-12190"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1170",
"url": "https://access.redhat.com/errata/RHSA-2019:1170"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495089",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1495089"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1190",
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
"url": "https://github.com/torvalds/linux/commit/2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K93472064?utm_source=f5support&utm_medium=RSS",
"url": "https://support.f5.com/csp/article/K93472064?utm_source=f5support&utm_medium=RSS"
"url": "https://github.com/torvalds/linux/commit/95d78c28b5a85bacbc29b8dba7c04babb9b0d467",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/95d78c28b5a85bacbc29b8dba7c04babb9b0d467"
},
{
"url": "https://support.f5.com/csp/article/K93472064?utm_source=f5support&amp%3Butm_medium=RSS",
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K93472064?utm_source=f5support&amp%3Butm_medium=RSS"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Vitaly Mayatskih for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
]
}

212
2017/12xxx/CVE-2017-12192.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-12192",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation."
"value": "A vulnerability was found in the Key Management sub component of the Linux kernel, where when trying to issue a KEYTCL_READ on a negative key would lead to a NULL pointer dereference. A local attacker could use this flaw to crash the kernel."
}
]
},
@ -44,53 +21,156 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-754.30.2.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.17.1.rt56.636.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-693.17.1.el7",
"version_affected": "!"
},
{
"version_value": "0:4.14.0-49.el7a",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-693.17.1.rt56.604.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1493435",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493435"
},
{
"name": "USN-3583-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3583-2/"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5"
},
{
"name": "USN-3583-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3583-1/"
},
{
"name": "RHSA-2018:0151",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0151"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=37863c43b2c6464f252862bf2e9768264e961678",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=37863c43b2c6464f252862bf2e9768264e961678"
},
{
"name": "https://github.com/torvalds/linux/commit/37863c43b2c6464f252862bf2e9768264e961678",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/37863c43b2c6464f252862bf2e9768264e961678"
},
{
"name": "https://lkml.org/lkml/2017/9/18/764",
"url": "https://usn.ubuntu.com/3583-1/",
"refsource": "MISC",
"url": "https://lkml.org/lkml/2017/9/18/764"
"name": "https://usn.ubuntu.com/3583-1/"
},
{
"url": "https://usn.ubuntu.com/3583-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3583-2/"
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:0654",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0654"
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:0151",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0151"
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:0152",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0152"
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:0181",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0181"
},
{
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=37863c43b2c6464f252862bf2e9768264e961678",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=37863c43b2c6464f252862bf2e9768264e961678"
},
{
"url": "http://seclists.org/oss-sec/2017/q4/63",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2017/q4/63"
},
{
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:2430",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:2430"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-12192",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-12192"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493435",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1493435"
},
{
"url": "https://github.com/torvalds/linux/commit/37863c43b2c6464f252862bf2e9768264e961678",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/37863c43b2c6464f252862bf2e9768264e961678"
},
{
"url": "https://lkml.org/lkml/2017/9/18/764",
"refsource": "MISC",
"name": "https://lkml.org/lkml/2017/9/18/764"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

162
2017/12xxx/CVE-2017-12193.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-12193",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux kernel since 3.13 up to 4.14 (not including)",
"version": {
"version_data": [
{
"version_value": "Linux kernel since 3.13 up to 4.14 (not including)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations."
"value": "A flaw was found in the Linux kernel's implementation of associative arrays introduced in 3.13. This functionality was backported to the 3.10 kernels in Red Hat Enterprise Linux 7. The flaw involved a null pointer dereference in assoc_array_apply_edit() due to incorrect node-splitting in assoc_array implementation. This affects the keyring key type and thus key addition and link creation operations may cause the kernel to panic."
}
]
},
@ -44,53 +21,132 @@
"description": [
{
"lang": "eng",
"value": "CWE-476"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.17.1.rt56.636.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-693.17.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-693.17.1.rt56.604.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11"
"url": "https://access.redhat.com/errata/RHSA-2018:0151",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0151"
},
{
"name": "https://github.com/torvalds/linux/commit/ea6789980fdaa610d7eb63602c746bf6ec70cd2b",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/ea6789980fdaa610d7eb63602c746bf6ec70cd2b"
"url": "https://access.redhat.com/errata/RHSA-2018:0152",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0152"
},
{
"name": "101678",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101678"
"url": "https://access.redhat.com/errata/RHSA-2018:0181",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0181"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1501215",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501215"
"url": "https://usn.ubuntu.com/3698-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3698-1/"
},
{
"name": "RHSA-2018:0151",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0151"
"url": "https://usn.ubuntu.com/3698-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3698-2/"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea6789980fdaa610d7eb63602c746bf6ec70cd2b",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea6789980fdaa610d7eb63602c746bf6ec70cd2b"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea6789980fdaa610d7eb63602c746bf6ec70cd2b",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea6789980fdaa610d7eb63602c746bf6ec70cd2b"
},
{
"name": "USN-3698-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3698-1/"
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11"
},
{
"name": "USN-3698-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3698-2/"
"url": "http://www.securityfocus.com/bid/101678",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/101678"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-12193",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-12193"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501215",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1501215"
},
{
"url": "https://github.com/torvalds/linux/commit/ea6789980fdaa610d7eb63602c746bf6ec70cd2b",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/ea6789980fdaa610d7eb63602c746bf6ec70cd2b"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Fan Wu (University of Hong Kong), Haoran Qiu (University of Hong Kong), Heming Cui (University of Hong Kong), and Shixiong Zhao (University of Hong Kong) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

1423
2017/12xxx/CVE-2017-12195.json
View File

File diff suppressed because it is too large Load Diff