admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-02 18:01:36 +00:00
parent ebd65ba5b2
commit 79cbd659f6
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 833 additions and 399 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

222
2011/3xxx/CVE-2011-3378.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3378",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c."
"value": "CVE-2011-3378 rpm: crashes and overflows on malformed header"
}
]
},
@ -44,73 +21,188 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 3 Extended Lifecycle Support",
"version": {
"version_data": [
{
"version_value": "0:4.2.3-35_nonptl",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 4",
"version": {
"version_data": [
{
"version_value": "0:4.3.3-35_nonptl.el4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:4.4.2.3-22.el5_7.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5.3 Long Life",
"version": {
"version_data": [
{
"version_value": "0:4.4.2.3-9.el5_3.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:4.8.0-16.el6_1.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.0 EUS - Server Only",
"version": {
"version_data": [
{
"version_value": "0:4.8.0-12.el6_0.1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=741612",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=741612"
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691",
"refsource": "MISC",
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=741606",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=741606"
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00000.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00000.html"
},
{
"name": "http://rpm.org/wiki/Releases/4.9.1.2#Security",
"refsource": "CONFIRM",
"url": "http://rpm.org/wiki/Releases/4.9.1.2#Security"
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00002.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00002.html"
},
{
"name": "MDVSA-2011:143",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:143"
"url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f",
"refsource": "MISC",
"name": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f"
},
{
"name": "[oss-security] 20110927 rpm/librpm/rpm-python memory corruption pre-verification",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/27/3"
"url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656",
"refsource": "MISC",
"name": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656"
},
{
"name": "RHSA-2011:1349",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1349.html"
"url": "http://rpm.org/wiki/Releases/4.9.1.2#Security",
"refsource": "MISC",
"name": "http://rpm.org/wiki/Releases/4.9.1.2#Security"
},
{
"name": "SUSE-SU-2011:1140",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00002.html"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:143",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:143"
},
{
"name": "openSUSE-SU-2011:1203",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00000.html"
"url": "http://www.openwall.com/lists/oss-security/2011/09/27/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2011/09/27/3"
},
{
"name": "USN-1695-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1695-1"
"url": "http://www.redhat.com/support/errata/RHSA-2011-1349.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2011-1349.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691"
"url": "http://www.ubuntu.com/usn/USN-1695-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1695-1"
},
{
"name": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f",
"refsource": "CONFIRM",
"url": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f"
"url": "https://access.redhat.com/errata/RHSA-2011:1349",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2011:1349"
},
{
"name": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656",
"refsource": "CONFIRM",
"url": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656"
"url": "https://access.redhat.com/security/cve/CVE-2011-3378",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2011-3378"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=741606",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=741606"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=741612",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=741612"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

95
2011/3xxx/CVE-2011-3606.json
View File

@ -1,9 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3606",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "CVE-2011-3606 JBoss AS: DOM based XSS in the administration console"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -16,7 +40,8 @@
"version": {
"version_data": [
{
"version_value": "7 before 7.1.0 Beta 1"
"version_value": "7 before 7.1.0 Beta 1",
"version_affected": "="
}
]
}
@ -27,35 +52,22 @@
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3606",
"url": "https://access.redhat.com/security/cve/CVE-2011-3606",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-3606"
"name": "https://access.redhat.com/security/cve/CVE-2011-3606"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-3606",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-3606"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742984",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=742984"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3606",
@ -63,9 +75,34 @@
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3606"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-3606",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3606",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-3606"
"name": "https://security-tracker.debian.org/tracker/CVE-2011-3606"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
]
}

141
2011/4xxx/CVE-2011-4081.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4081",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket."
"value": "CVE-2011-4081 kernel: crypto: ghash: null pointer deref if no key is set"
}
]
},
@ -44,38 +21,114 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-220.7.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "0:2.6.33.9-rt31.79.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20111027 Re: CVE request: kernel: crypto: ghash: null pointer deref if no key is set",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/10/27/2"
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ed47b7d142ec99ad6880bbbec51e9f12b3af74c",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ed47b7d142ec99ad6880bbbec51e9f12b3af74c"
"url": "https://access.redhat.com/errata/RHSA-2012:0010",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:0010"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=749475",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=749475"
"url": "https://access.redhat.com/errata/RHSA-2012:0350",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:0350"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7ed47b7d142ec99ad6880bbbec51e9f12b3af74c",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7ed47b7d142ec99ad6880bbbec51e9f12b3af74c"
},
{
"name": "https://github.com/torvalds/linux/commit/7ed47b7d142ec99ad6880bbbec51e9f12b3af74c",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/7ed47b7d142ec99ad6880bbbec51e9f12b3af74c"
"url": "http://www.openwall.com/lists/oss-security/2011/10/27/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2011/10/27/2"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2011-4081",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2011-4081"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=749475",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=749475"
},
{
"url": "https://github.com/torvalds/linux/commit/7ed47b7d142ec99ad6880bbbec51e9f12b3af74c",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/7ed47b7d142ec99ad6880bbbec51e9f12b3af74c"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
]
}

118
2012/4xxx/CVE-2012-4563.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4563",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 Beta and release candidates before 2.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
"value": "CVE-2012-4563 GWT: unknown XSS flaw"
}
]
},
@ -44,28 +21,93 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "56336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56336"
"url": "http://www.gwtproject.org/release-notes.html#Release_Notes_2_4_0",
"refsource": "MISC",
"name": "http://www.gwtproject.org/release-notes.html#Release_Notes_2_4_0"
},
{
"name": "https://developers.google.com/web-toolkit/release-notes#Release_Notes_2_4_0",
"refsource": "CONFIRM",
"url": "https://developers.google.com/web-toolkit/release-notes#Release_Notes_2_4_0"
"url": "http://www.openwall.com/lists/oss-security/2012/10/31/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/10/31/1"
},
{
"name": "[oss-security] 20121030 Re: CVE request: XSS is Google Web Toolkit (GWT)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/31/1"
"url": "http://www.securityfocus.com/bid/56336",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/56336"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-4563",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-4563"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=886778",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=886778"
},
{
"url": "https://developers.google.com/web-toolkit/release-notes#Release_Notes_2_4_0",
"refsource": "MISC",
"name": "https://developers.google.com/web-toolkit/release-notes#Release_Notes_2_4_0"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

130
2012/5xxx/CVE-2012-5485.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5485",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface."
"value": "It was discovered that Plone, included as a part of luci, did not properly protect the administrator interface (control panel). A remote attacker could use this flaw to inject a specially crafted Python statement or script into Plone's restricted Python sandbox that, when the administrator interface was accessed, would be executed with the privileges of that administrator user."
}
]
},
@ -44,38 +21,103 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:0.12.2-81.el5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt",
"refsource": "CONFIRM",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"name": "https://plone.org/products/plone-hotfix/releases/20121106",
"refsource": "CONFIRM",
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
"url": "https://access.redhat.com/errata/RHSA-2014:1194",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1194"
},
{
"name": "RHSA-2014:1194",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt",
"refsource": "MISC",
"name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "https://plone.org/products/plone/security/advisories/20121106/01",
"refsource": "CONFIRM",
"url": "https://plone.org/products/plone/security/advisories/20121106/01"
"url": "https://plone.org/products/plone-hotfix/releases/20121106",
"refsource": "MISC",
"name": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-5485",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-5485"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=878934",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=878934"
},
{
"url": "https://plone.org/products/plone/security/advisories/20121106/01",
"refsource": "MISC",
"name": "https://plone.org/products/plone/security/advisories/20121106/01"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
}

130
2012/5xxx/CVE-2012-5486.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5486",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character."
"value": "It was discovered that Plone, included as a part of luci, did not properly sanitize HTTP headers provided within certain URL requests. A remote attacker could use a specially crafted URL that, when processed, would cause the injected HTTP headers to be returned as a part of the Plone HTTP response, potentially allowing the attacker to perform other more advanced attacks."
}
]
},
@ -44,38 +21,103 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')",
"cweId": "CWE-113"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:0.12.2-81.el5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/zope2/+bug/930812",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/zope2/+bug/930812"
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"name": "https://plone.org/products/plone/security/advisories/20121106/02",
"refsource": "CONFIRM",
"url": "https://plone.org/products/plone/security/advisories/20121106/02"
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
"url": "https://access.redhat.com/errata/RHSA-2014:1194",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1194"
},
{
"name": "https://plone.org/products/plone-hotfix/releases/20121106",
"refsource": "CONFIRM",
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
"url": "https://plone.org/products/plone-hotfix/releases/20121106",
"refsource": "MISC",
"name": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"name": "RHSA-2014:1194",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
"url": "https://access.redhat.com/security/cve/CVE-2012-5486",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-5486"
},
{
"url": "https://bugs.launchpad.net/zope2/+bug/930812",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/zope2/+bug/930812"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=878939",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=878939"
},
{
"url": "https://plone.org/products/plone/security/advisories/20121106/02",
"refsource": "MISC",
"name": "https://plone.org/products/plone/security/advisories/20121106/02"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

130
2012/5xxx/CVE-2012-5488.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5488",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject."
"value": "It was discovered that Plone, included as a part of luci, did not properly protect the privilege of running RestrictedPython scripts. A remote attacker could use a specially crafted URL that, when processed, would allow the attacker to submit and perform expensive computations or, in conjunction with other attacks, be able to access or alter privileged information."
}
]
},
@ -44,38 +21,103 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')",
"cweId": "CWE-95"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:0.12.2-81.el5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt",
"refsource": "CONFIRM",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"name": "https://plone.org/products/plone/security/advisories/20121106/04",
"refsource": "CONFIRM",
"url": "https://plone.org/products/plone/security/advisories/20121106/04"
"url": "https://access.redhat.com/errata/RHSA-2014:1194",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1194"
},
{
"name": "https://plone.org/products/plone-hotfix/releases/20121106",
"refsource": "CONFIRM",
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt",
"refsource": "MISC",
"name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "RHSA-2014:1194",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
"url": "https://plone.org/products/plone-hotfix/releases/20121106",
"refsource": "MISC",
"name": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-5488",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-5488"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=878945",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=878945"
},
{
"url": "https://plone.org/products/plone/security/advisories/20121106/04",
"refsource": "MISC",
"name": "https://plone.org/products/plone/security/advisories/20121106/04"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
}

130
2012/5xxx/CVE-2012-5497.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5497",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL."
"value": "It was discovered that Plone, included as a part of luci, did not properly enforce permissions checks on the membership database. A remote attacker could use a specially crafted URL that, when processed, could allow the attacker to enumerate user account names."
}
]
},
@ -44,38 +21,103 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:0.12.2-81.el5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt",
"refsource": "CONFIRM",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"name": "https://plone.org/products/plone-hotfix/releases/20121106",
"refsource": "CONFIRM",
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
"url": "https://access.redhat.com/errata/RHSA-2014:1194",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1194"
},
{
"name": "https://plone.org/products/plone/security/advisories/20121106/13",
"refsource": "CONFIRM",
"url": "https://plone.org/products/plone/security/advisories/20121106/13"
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt",
"refsource": "MISC",
"name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "RHSA-2014:1194",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
"url": "https://plone.org/products/plone-hotfix/releases/20121106",
"refsource": "MISC",
"name": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-5497",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-5497"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=874681",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=874681"
},
{
"url": "https://plone.org/products/plone/security/advisories/20121106/13",
"refsource": "MISC",
"name": "https://plone.org/products/plone/security/advisories/20121106/13"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
]
}

136
2012/5xxx/CVE-2012-5498.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5498",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection."
"value": "It was discovered that Plone, included as a part of luci, did not properly handle the processing of requests for certain collections. A remote attacker could use a specially crafted URL that, when processed, would lead to excessive I/O and/or cache resource consumption."
}
]
},
@ -44,43 +21,108 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:0.12.2-81.el5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt",
"refsource": "CONFIRM",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"name": "https://plone.org/products/plone/security/advisories/20121106/14",
"refsource": "CONFIRM",
"url": "https://plone.org/products/plone/security/advisories/20121106/14"
"url": "https://access.redhat.com/errata/RHSA-2014:1194",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1194"
},
{
"name": "https://plone.org/products/plone-hotfix/releases/20121106",
"refsource": "CONFIRM",
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt",
"refsource": "MISC",
"name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/7"
"url": "https://plone.org/products/plone-hotfix/releases/20121106",
"refsource": "MISC",
"name": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"name": "RHSA-2014:1194",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/11/09/7"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-5498",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-5498"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=874665",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=874665"
},
{
"url": "https://plone.org/products/plone/security/advisories/20121106/14",
"refsource": "MISC",
"name": "https://plone.org/products/plone/security/advisories/20121106/14"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}