admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-12 23:01:19 +00:00
parent d1f556e917
commit 7d86bc9ef2
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
57 changed files with 1686 additions and 3040 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
2016/5xxx/CVE-2016-5238.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5238",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,57 +27,81 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-3047-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3047-1"
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[qemu-devel] 20160601 Re: [Qemu-devel] [PATCH] scsi: check buffer length before reading scsi command",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html"
"url": "https://security.gentoo.org/glsa/201609-01",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "[qemu-devel] 20160531 [Qemu-devel] [PATCH] scsi: check buffer length before reading scsi command",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05691.html"
"url": "http://www.ubuntu.com/usn/USN-3047-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "[oss-security] 20160602 CVE Request Qemu: scsi: esp: OOB write when using non-DMA mode in get_cmd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/2"
"url": "http://www.ubuntu.com/usn/USN-3047-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "GLSA-201609-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201609-01"
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/06/02/2"
},
{
"name": "USN-3047-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3047-2"
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/9",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/06/02/9"
},
{
"name": "90995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90995"
"url": "http://www.securityfocus.com/bid/90995",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/90995"
},
{
"name": "[oss-security] 20160602 Re: CVE Request Qemu: scsi: esp: OOB write when using non-DMA mode in get_cmd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/9"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05691.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05691.html"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1341931",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341931"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341931",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1341931"
}
]
}

109
2016/5xxx/CVE-2016-5338.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5338",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,52 +27,76 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec"
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "USN-3047-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3047-1"
"url": "https://security.gentoo.org/glsa/201609-01",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "[qemu-devel] 20160606 [Qemu-devel] [PATCH v3] scsi: esp: check TI buffer index before read/write",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html"
"url": "http://www.ubuntu.com/usn/USN-3047-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "[oss-security] 20160608 Re: CVE Request Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/08/14"
"url": "http://www.ubuntu.com/usn/USN-3047-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "GLSA-201609-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201609-01"
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec"
},
{
"name": "USN-3047-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3047-2"
"url": "http://www.openwall.com/lists/oss-security/2016/06/07/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/06/07/3"
},
{
"name": "91079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91079"
"url": "http://www.openwall.com/lists/oss-security/2016/06/08/14",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/06/08/14"
},
{
"name": "[oss-security] 20160607 CVE Request Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/07/3"
"url": "http://www.securityfocus.com/bid/91079",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/91079"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html"
}
]
}

109
2016/5xxx/CVE-2016-5362.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5362",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,52 +27,76 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:1473",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1473"
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/06/10/5"
},
{
"name": "[oss-security] 20160610 CVE request for vulnerability in OpenStack Neutron",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/5"
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/06/10/6"
},
{
"name": "[oss-security] 20160610 Re: CVE request for vulnerability in OpenStack Neutron",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/6"
"url": "https://access.redhat.com/errata/RHSA-2016:1473",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1473"
},
{
"name": "https://security.openstack.org/ossa/OSSA-2016-009.html",
"refsource": "CONFIRM",
"url": "https://security.openstack.org/ossa/OSSA-2016-009.html"
"url": "https://access.redhat.com/errata/RHSA-2016:1474",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1474"
},
{
"name": "https://bugs.launchpad.net/neutron/+bug/1558658",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/neutron/+bug/1558658"
"url": "https://security.openstack.org/ossa/OSSA-2016-009.html",
"refsource": "MISC",
"name": "https://security.openstack.org/ossa/OSSA-2016-009.html"
},
{
"name": "https://review.openstack.org/#/c/303572/",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/#/c/303572/"
"url": "https://bugs.launchpad.net/neutron/+bug/1558658",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/neutron/+bug/1558658"
},
{
"name": "https://review.openstack.org/#/c/300202/",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/#/c/300202/"
"url": "https://review.openstack.org/#/c/300202/",
"refsource": "MISC",
"name": "https://review.openstack.org/#/c/300202/"
},
{
"name": "RHSA-2016:1474",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1474"
"url": "https://review.openstack.org/#/c/303563/",
"refsource": "MISC",
"name": "https://review.openstack.org/#/c/303563/"
},
{
"name": "https://review.openstack.org/#/c/303563/",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/#/c/303563/"
"url": "https://review.openstack.org/#/c/303572/",
"refsource": "MISC",
"name": "https://review.openstack.org/#/c/303572/"
}
]
}

132
2016/5xxx/CVE-2016-5388.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request."
"value": "Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388\"; in other words, this is not a CVE ID for a vulnerability."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
"value": "n/a"
}
]
}
@ -32,65 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:6.0.24-98.el6_8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:7.0.54-8.el7_2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Web Server 3 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2.4.6-62.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:7.0.59-51_patch_01.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:8.0.18-62_patch_01.ep7.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Web Server 3 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2.4.6-62.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:7.0.59-51_patch_01.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:8.0.18-62_patch_01.ep7.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -168,11 +118,6 @@
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1036331"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1624",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1624"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1635",
"refsource": "MISC",
@ -183,26 +128,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1636"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2045",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2045"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2046",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2046"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-5388",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-5388"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353809",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1353809"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759",
"refsource": "MISC",
@ -254,50 +179,5 @@
"name": "https://www.apache.org/security/asf-httpoxy-response.txt"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
}
]
}
}

79
2016/5xxx/CVE-2016-5390.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5390",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,27 +27,51 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://projects.theforeman.org/issues/15653",
"refsource": "CONFIRM",
"url": "http://projects.theforeman.org/issues/15653"
"url": "http://projects.theforeman.org/issues/15653",
"refsource": "MISC",
"name": "http://projects.theforeman.org/issues/15653"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1355728",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1355728"
"url": "http://www.securityfocus.com/bid/91770",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/91770"
},
{
"name": "https://theforeman.org/security.html#2016-5390",
"refsource": "CONFIRM",
"url": "https://theforeman.org/security.html#2016-5390"
"url": "https://theforeman.org/security.html#2016-5390",
"refsource": "MISC",
"name": "https://theforeman.org/security.html#2016-5390"
},
{
"name": "91770",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91770"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1355728",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1355728"
}
]
}

79
2016/5xxx/CVE-2016-5391.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5391",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,27 +27,51 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-d46685629d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65R6OA5AY7K2UBQUDOLOS5Y3SCULQI6I/"
"url": "https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt",
"refsource": "MISC",
"name": "https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt"
},
{
"name": "FEDORA-2016-26a03340e6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKMS7R4TG6LTAGEBOWVUXF6LAWQXLNXV/"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65R6OA5AY7K2UBQUDOLOS5Y3SCULQI6I/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65R6OA5AY7K2UBQUDOLOS5Y3SCULQI6I/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1356183",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356183"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKMS7R4TG6LTAGEBOWVUXF6LAWQXLNXV/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKMS7R4TG6LTAGEBOWVUXF6LAWQXLNXV/"
},
{
"name": "https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt",
"refsource": "CONFIRM",
"url": "https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356183",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1356183"
}
]
}

63
2016/5xxx/CVE-2016-5392.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Kubernetes API server contains a watch cache that speeds up performance. Due to an input validation error OpenShift Enterprise may return data for other users and projects when queried by a user. An attacker with knowledge of other project names could use this vulnerability to view their information."
"value": "The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 3.2",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.2.1.7-1.git.0.2702170.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -64,61 +63,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1427"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-5392",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-5392"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356195",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1356195"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Yanping Zhang (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
}
}

79
2016/5xxx/CVE-2016-5398.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5398",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,27 +27,51 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "93219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93219"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1968.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1968.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1358523",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358523"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1969.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1969.html"
},
{
"name": "RHSA-2016:1969",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1969.html"
"url": "http://www.securityfocus.com/bid/93219",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/93219"
},
{
"name": "RHSA-2016:1968",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1968.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358523",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1358523"
}
]
}

174
2016/5xxx/CVE-2016-5399.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the way certain error conditions were handled by bzread() function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application."
"value": "The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Detection of Error Condition Without Action",
"cweId": "CWE-390"
"value": "n/a"
}
]
}
@ -32,111 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:5.4.16-42.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.3-1.el6",
"version_affected": "!"
},
{
"version_value": "0:5.6.25-1.el6",
"version_affected": "!"
},
{
"version_value": "1:1.9.5-4.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS",
"version": {
"version_data": [
{
"version_value": "0:2.3-1.el6",
"version_affected": "!"
},
{
"version_value": "0:5.6.25-1.el6",
"version_affected": "!"
},
{
"version_value": "1:1.9.5-4.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.3-1.el7",
"version_affected": "!"
},
{
"version_value": "0:5.6.25-1.el7",
"version_affected": "!"
},
{
"version_value": "1:1.9.5-4.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS",
"version": {
"version_data": [
{
"version_value": "0:2.3-1.el7",
"version_affected": "!"
},
{
"version_value": "0:5.6.25-1.el7",
"version_affected": "!"
},
{
"version_value": "1:1.9.5-4.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS",
"version": {
"version_data": [
{
"version_value": "0:2.3-1.el7",
"version_affected": "!"
},
{
"version_value": "0:5.6.25-1.el7",
"version_affected": "!"
},
{
"version_value": "1:1.9.5-4.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -204,31 +108,11 @@
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1036430"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2598",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2598"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2750",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2750"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-5399",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-5399"
},
{
"url": "https://bugs.php.net/bug.php?id=72613",
"refsource": "MISC",
"name": "https://bugs.php.net/bug.php?id=72613"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358395",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1358395"
},
{
"url": "https://security.netapp.com/advisory/ntap-20180112-0001/",
"refsource": "MISC",
@ -238,51 +122,11 @@
"url": "https://www.exploit-db.com/exploits/40155/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/40155/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Hans Jerry Illikainen for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358395",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1358395"
}
]
}

115
2016/5xxx/CVE-2016-5400.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5400",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,57 +27,81 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-3070-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3070-1"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa93d1fee85c890a34f2510a310e55ee76a27848",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa93d1fee85c890a34f2510a310e55ee76a27848"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa93d1fee85c890a34f2510a310e55ee76a27848",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa93d1fee85c890a34f2510a310e55ee76a27848"
"url": "http://www.openwall.com/lists/oss-security/2016/07/25/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/07/25/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1358184",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358184"
"url": "http://www.securityfocus.com/bid/92104",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92104"
},
{
"name": "USN-3070-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3070-3"
"url": "http://www.securitytracker.com/id/1036432",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1036432"
},
{
"name": "[oss-security] 20160725 CVE-2016-5400 - linux kernel: denial of service in airspy USB driver.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/25/1"
"url": "http://www.ubuntu.com/usn/USN-3070-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3070-1"
},
{
"name": "USN-3070-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3070-2"
"url": "http://www.ubuntu.com/usn/USN-3070-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3070-2"
},
{
"name": "1036432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036432"
"url": "http://www.ubuntu.com/usn/USN-3070-3",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3070-3"
},
{
"name": "USN-3070-4",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3070-4"
"url": "http://www.ubuntu.com/usn/USN-3070-4",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3070-4"
},
{
"name": "https://github.com/torvalds/linux/commit/aa93d1fee85c890a34f2510a310e55ee76a27848",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/aa93d1fee85c890a34f2510a310e55ee76a27848"
"url": "https://github.com/torvalds/linux/commit/aa93d1fee85c890a34f2510a310e55ee76a27848",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/aa93d1fee85c890a34f2510a310e55ee76a27848"
},
{
"name": "92104",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92104"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358184",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1358184"
}
]
}

61
2016/5xxx/CVE-2016-5401.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5401",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,12 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1357731",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1357731"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1357731",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1357731"
}
]
}

56
2016/5xxx/CVE-2016-5402.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Control of Generation of Code ('Code Injection')",
"value": "CWE-94",
"cweId": "CWE-94"
}
]
@ -32,20 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "CloudForms Management Engine 5.6",
"product_name": "cfme",
"version": {
"version_data": [
{
"version_value": "0:5.6.3.3-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.5.1-2.el7cf",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -68,21 +64,6 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94612"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2839",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2839"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-5402",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-5402"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1357559",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1357559"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5402",
"refsource": "MISC",
@ -90,35 +71,8 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Simon Lukasik (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",

109
2016/5xxx/CVE-2016-5406.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5406",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,52 +27,76 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:1841",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1841.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1838.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1838.html"
},
{
"name": "RHSA-2017:3458",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1839.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1839.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1359014",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1359014"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1840.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1840.html"
},
{
"name": "RHSA-2016:1838",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1838.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1841.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1841.html"
},
{
"name": "RHSA-2017:3455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
"url": "https://access.redhat.com/errata/RHSA-2017:3454",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name": "RHSA-2017:3456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
"url": "https://access.redhat.com/errata/RHSA-2017:3455",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2017:3454",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
"url": "https://access.redhat.com/errata/RHSA-2017:3456",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name": "RHSA-2016:1839",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1839.html"
"url": "https://access.redhat.com/errata/RHSA-2017:3458",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2016:1840",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1840.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1359014",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1359014"
}
]
}

67
2016/5xxx/CVE-2016-5409.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5409",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,17 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1366461",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366461"
"url": "http://www.securityfocus.com/bid/97988",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/97988"
},
{
"name": "97988",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97988"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366461",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1366461"
}
]
}

67
2016/5xxx/CVE-2016-5411.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5411",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,17 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1366412",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366412"
"url": "http://www.securityfocus.com/bid/92669",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92669"
},
{
"name": "92669",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92669"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366412",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1366412"
}
]
}

68
2016/5xxx/CVE-2016-5412.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2016-5412 Kernel: powerpc: kvm: Infinite loop via H_CEDE hypercall when running under hypervisor-mode"
"value": "arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Loop with Unreachable Exit Condition ('Infinite Loop')",
"cweId": "CWE-835"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -59,11 +58,6 @@
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2574",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2574"
},
{
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93d17397e4e2182fdaad503e2f9da46202c0f1c3",
"refsource": "MISC",
@ -79,16 +73,6 @@
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/07/28/2"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-5412",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-5412"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349916",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1349916"
},
{
"url": "https://github.com/torvalds/linux/commit/93d17397e4e2182fdaad503e2f9da46202c0f1c3",
"refsource": "MISC",
@ -98,45 +82,11 @@
"url": "https://github.com/torvalds/linux/commit/f024ee098476a3e620232e4a78cfac505f121245",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/f024ee098476a3e620232e4a78cfac505f121245"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:H/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349916",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1349916"
}
]
}

84
2016/5xxx/CVE-2016-5416.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was found that 389 Directory Server was vulnerable to a flaw in which the default ACI (Access Control Instructions) could be read by an anonymous user. This could lead to leakage of sensitive information."
"value": "389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
"value": "n/a"
}
]
}
@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:1.2.11.15-84.el6_8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.3.5.10-11.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -75,76 +63,16 @@
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2765.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2594",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2594"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2765",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2765"
},
{
"url": "http://www.securityfocus.com/bid/99097",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/99097"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-5416",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-5416"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349540",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1349540"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Viktor Ashirov (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
}
}

67
2016/5xxx/CVE-2016-5422.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5422",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,17 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:1785",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1785.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1785.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1785.html"
},
{
"name": "92722",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92722"
"url": "http://www.securityfocus.com/bid/92722",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92722"
}
]
}

72
2016/5xxx/CVE-2016-5432.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was found that the ovirt-engine-provisiondb utility did not correctly sanitize the authentication details used with the \u201c\u2014provision*db\u201d options from the output before storing them in log files. This could allow an attacker with read access to these log files to obtain sensitive information such as passwords."
"value": "The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information",
"cweId": "CWE-312"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "RHEV Engine version 4.0",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:4.0.4.4-1",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -65,69 +64,14 @@
"name": "http://www.securityfocus.com/bid/92694"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1967",
"url": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1967"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-5432",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-5432"
"name": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371428",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1371428"
},
{
"url": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129",
"refsource": "MISC",
"name": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Yedidyah Bar David (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
}

224
2016/5xxx/CVE-2016-5699.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values."
"value": "CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
"value": "n/a"
}
]
}
@ -32,153 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.6.6-66.el6_8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.7.5-38.el7_2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.7.8-18.el6",
"version_affected": "!"
},
{
"version_value": "0:3.3.2-18.el6",
"version_affected": "!"
},
{
"version_value": "0:3.4.2-14.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS",
"version": {
"version_data": [
{
"version_value": "0:2.7.8-18.el6",
"version_affected": "!"
},
{
"version_value": "0:3.3.2-18.el6",
"version_affected": "!"
},
{
"version_value": "0:3.4.2-14.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS",
"version": {
"version_data": [
{
"version_value": "0:2.7.8-18.el6",
"version_affected": "!"
},
{
"version_value": "0:3.3.2-18.el6",
"version_affected": "!"
},
{
"version_value": "0:3.4.2-14.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.5.1-9.el7",
"version_affected": "!"
},
{
"version_value": "0:2.7.8-16.el7",
"version_affected": "!"
},
{
"version_value": "0:3.3.2-16.el7",
"version_affected": "!"
},
{
"version_value": "0:3.4.2-13.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS",
"version": {
"version_data": [
{
"version_value": "0:3.5.1-9.el7",
"version_affected": "!"
},
{
"version_value": "0:2.7.8-16.el7",
"version_affected": "!"
},
{
"version_value": "0:3.3.2-16.el7",
"version_affected": "!"
},
{
"version_value": "0:3.4.2-13.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS",
"version": {
"version_data": [
{
"version_value": "0:3.5.1-9.el7",
"version_affected": "!"
},
{
"version_value": "0:2.7.8-16.el7",
"version_affected": "!"
},
{
"version_value": "0:3.3.2-16.el7",
"version_affected": "!"
},
{
"version_value": "0:3.4.2-13.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -236,31 +98,6 @@
"refsource": "MISC",
"name": "http://www.splunk.com/view/SP-CAAAPUE"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1626",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1626"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1627",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1627"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1628",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1628"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1629",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1629"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1630",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1630"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html",
"refsource": "MISC",
@ -291,16 +128,6 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/91226"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-5699",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-5699"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303699",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1303699"
},
{
"url": "https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-4",
"refsource": "MISC",
@ -322,44 +149,5 @@
"name": "https://hg.python.org/cpython/rev/bf3e1c9b80e9"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
}
}

97
2016/6xxx/CVE-2016-6318.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-6318",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,42 +27,66 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160816 cracklib: Stack-based buffer overflow when parsing large GECOS field",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/16/2"
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "openSUSE-SU-2016:2204",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html"
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "92478",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92478"
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html"
},
{
"name": "GLSA-201612-25",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-25"
"url": "http://www.openwall.com/lists/oss-security/2016/08/16/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/08/16/2"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200524 [SECURITY] [DLA 2220-1] cracklib2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00023.html"
"url": "http://www.securityfocus.com/bid/92478",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92478"
},
{
"refsource": "MLIST",
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00023.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2020/05/msg00023.html"
},
{
"refsource": "MLIST",
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
"url": "https://security.gentoo.org/glsa/201612-25",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201612-25"
}
]
}

122
2016/6xxx/CVE-2016-6328.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-6328",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libexif",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,60 +15,87 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.1/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L",
"version": "3.0"
}
],
[
{
"vectorString": "5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
"value": "CWE-190",
"cweId": "CWE-190"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "libexif",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6328",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6328"
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4277-1",
"url": "https://usn.ubuntu.com/4277-1/"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6328",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6328"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200518 [SECURITY] [DLA 2214-1] libexif security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html"
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0793",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html"
"url": "https://security.gentoo.org/glsa/202007-05",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202007-05"
},
{
"refsource": "GENTOO",
"name": "GLSA-202007-05",
"url": "https://security.gentoo.org/glsa/202007-05"
"url": "https://usn.ubuntu.com/4277-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/4277-1/"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L",
"version": "3.0"
}
]
}

63
2016/6xxx/CVE-2016-6338.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the ovirt-engine webadmin session would not properly enforce timeouts. Browser sessions would remain logged in beyond the administratively configured session timeout period."
"value": "ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Virtualization Engine 4.1",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:4.1.8.2-1",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -64,61 +63,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3427"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-6338",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-6338"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369285",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369285"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Greg Sheremeta (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.7,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
}
}

103
2016/6xxx/CVE-2016-6351.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-6351",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,47 +27,71 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-3047-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3047-1"
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3"
"url": "http://www.ubuntu.com/usn/USN-3047-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "USN-3047-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3047-2"
"url": "http://www.ubuntu.com/usn/USN-3047-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "[oss-security] 20160726 CVE request Qemu: scsi: esp: oob write access while reading ESP command",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/25/14"
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11"
},
{
"name": "[oss-security] 20160726 Re: CVE request Qemu: scsi: esp: oob write access while reading ESP command",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/26/7"
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=cc96677469388bad3d66479379735cf75db069e3",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=cc96677469388bad3d66479379735cf75db069e3"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11"
"url": "http://www.openwall.com/lists/oss-security/2016/07/25/14",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/07/25/14"
},
{
"name": "92119",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92119"
"url": "http://www.openwall.com/lists/oss-security/2016/07/26/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/07/26/7"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
"url": "http://www.securityfocus.com/bid/92119",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92119"
}
]
}

109
2016/6xxx/CVE-2016-6828.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection."
"value": "The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Use After Free",
"cweId": "CWE-416"
"value": "n/a"
}
]
}
@ -32,42 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-642.13.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.6.1.rt56.429.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-514.6.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-514.rt56.210.el6rt",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -90,11 +63,6 @@
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0036.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0036",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0036"
},
{
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bb1fceca22492109be12640d49f5ea5a544c6bb4",
"refsource": "MISC",
@ -130,31 +98,6 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92452"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0086",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0086"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0091",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0091"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0113",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0113"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-6828",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-6828"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367091",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1367091"
},
{
"url": "https://github.com/torvalds/linux/commit/bb1fceca22492109be12640d49f5ea5a544c6bb4",
"refsource": "MISC",
@ -164,45 +107,11 @@
"url": "https://marcograss.github.io/security/linux/2016/08/18/cve-2016-6828-linux-kernel-tcp-uaf.html",
"refsource": "MISC",
"name": "https://marcograss.github.io/security/linux/2016/08/18/cve-2016-6828-linux-kernel-tcp-uaf.html"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367091",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1367091"
}
]
}

95
2017/12xxx/CVE-2017-12149.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-08-29T00:00:00",
"ID": "CVE-2017-12149",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jbossas",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,38 +21,63 @@
"description": [
{
"lang": "eng",
"value": "CWE-502"
"value": "CWE-502",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "jbossas",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1486220",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486220"
},
{
"name": "RHSA-2018:1608",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1608"
},
{
"name": "https://github.com/gottburgm/Exploits/tree/master/CVE-2017-12149",
"url": "http://www.securityfocus.com/bid/100591",
"refsource": "MISC",
"url": "https://github.com/gottburgm/Exploits/tree/master/CVE-2017-12149"
"name": "http://www.securityfocus.com/bid/100591"
},
{
"name": "100591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100591"
"url": "https://access.redhat.com/errata/RHSA-2018:1607",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1607"
},
{
"name": "RHSA-2018:1607",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1607"
"url": "https://access.redhat.com/errata/RHSA-2018:1608",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1608"
},
{
"url": "https://github.com/gottburgm/Exploits/tree/master/CVE-2017-12149",
"refsource": "MISC",
"name": "https://github.com/gottburgm/Exploits/tree/master/CVE-2017-12149"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486220",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1486220"
}
]
}

112
2017/12xxx/CVE-2017-12153.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-12153",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel since v3.1-rc1 through v4.13",
"version": {
"version_data": [
{
"version_value": "kernel since v3.1-rc1 through v4.13"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,58 +21,83 @@
"description": [
{
"lang": "eng",
"value": "CWE-476"
"value": "CWE-476",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel since v3.1-rc1 through v4.13",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "kernel since v3.1-rc1 through v4.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git/commit/?id=e785fa0a164aa11001cba931367c7f94ffaff888",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git/commit/?id=e785fa0a164aa11001cba931367c7f94ffaff888"
"url": "http://seclists.org/oss-sec/2017/q3/437",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2017/q3/437"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=1058410",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1058410"
"url": "http://www.debian.org/security/2017/dsa-3981",
"refsource": "MISC",
"name": "http://www.debian.org/security/2017/dsa-3981"
},
{
"name": "USN-3583-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3583-2/"
"url": "http://www.securityfocus.com/bid/100855",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/100855"
},
{
"name": "100855",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100855"
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1058410",
"refsource": "MISC",
"name": "https://bugzilla.novell.com/show_bug.cgi?id=1058410"
},
{
"name": "DSA-3981",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3981"
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git/commit/?id=e785fa0a164aa11001cba931367c7f94ffaff888",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git/commit/?id=e785fa0a164aa11001cba931367c7f94ffaff888"
},
{
"name": "USN-3583-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3583-1/"
"url": "https://marc.info/?t=150525503100001&r=1&w=2",
"refsource": "MISC",
"name": "https://marc.info/?t=150525503100001&r=1&w=2"
},
{
"name": "http://seclists.org/oss-sec/2017/q3/437",
"refsource": "CONFIRM",
"url": "http://seclists.org/oss-sec/2017/q3/437"
"url": "https://usn.ubuntu.com/3583-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3583-1/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1491046",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491046"
"url": "https://usn.ubuntu.com/3583-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3583-2/"
},
{
"name": "https://marc.info/?t=150525503100001&r=1&w=2",
"refsource": "CONFIRM",
"url": "https://marc.info/?t=150525503100001&r=1&w=2"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491046",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1491046"
}
]
}

84
2017/12xxx/CVE-2017-12154.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization (nVMX) feature enabled (nested=1), is vulnerable to a crash due to disabled external interrupts. As L2 guest could access (r/w) hardware CR8 register of the host(L0). In a nested visualization setup, L2 guest user could use this flaw to potentially crash the host(L0) resulting in DoS."
"value": "The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the \"CR8-load exiting\" and \"CR8-store exiting\" L0 vmcs02 controls exist in cases where L1 omits the \"use TPR shadow\" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Access Control",
"cweId": "CWE-284"
"value": "incorrect access control"
}
]
}
@ -32,31 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "Linux kernel through 4.13.3",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-862.rt56.804.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-862.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.55.1.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "Linux kernel through 4.13.3"
}
]
}
@ -99,16 +83,6 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/100856"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-12154",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-12154"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491224",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1491224"
},
{
"url": "https://github.com/torvalds/linux/commit/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f",
"refsource": "MISC",
@ -128,51 +102,11 @@
"url": "https://www.spinics.net/lists/kvm/msg155414.html",
"refsource": "MISC",
"name": "https://www.spinics.net/lists/kvm/msg155414.html"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jim Mattson (Google.com) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:H/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491224",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1491224"
}
]
}

71
2017/12xxx/CVE-2017-12161.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-02-16T00:00:00",
"ID": "CVE-2017-12161",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Keycloak",
"version": {
"version_data": [
{
"version_value": "before 3.4.2.Final"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,23 +21,48 @@
"description": [
{
"lang": "eng",
"value": "CWE-602"
"value": "CWE-602",
"cweId": "CWE-602"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "Keycloak",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "before 3.4.2.Final"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1484564",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484564"
"url": "https://github.com/keycloak/keycloak-documentation/pull/268/commits/a2b58aadee42af2c375b72e86dffc2cf23cc3770",
"refsource": "MISC",
"name": "https://github.com/keycloak/keycloak-documentation/pull/268/commits/a2b58aadee42af2c375b72e86dffc2cf23cc3770"
},
{
"name": "https://github.com/keycloak/keycloak-documentation/pull/268/commits/a2b58aadee42af2c375b72e86dffc2cf23cc3770",
"refsource": "CONFIRM",
"url": "https://github.com/keycloak/keycloak-documentation/pull/268/commits/a2b58aadee42af2c375b72e86dffc2cf23cc3770"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484564",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1484564"
}
]
}

75
2017/12xxx/CVE-2017-12163.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker."
"value": "An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"value": "CWE-200",
"cweId": "CWE-200"
}
]
@ -32,53 +32,28 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Samba",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "Samba",
"version": {
"version_data": [
{
"version_value": "0:3.6.23-45.el6_9",
"version_affected": "!"
"version_affected": "=",
"version_value": "4.7"
},
{
"version_value": "0:4.2.10-11.el6_9",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
"version_affected": "=",
"version_value": "4.6.8"
},
{
"version_value": "0:4.6.2-11.el7_4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Gluster Storage 3.3 for RHEL 6",
"version": {
"version_data": [
"version_affected": "=",
"version_value": "4.5.14"
},
{
"version_value": "0:4.6.3-6.el6rhs",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Gluster Storage 3.3 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:4.6.3-6.el7rhgs",
"version_affected": "!"
"version_affected": "=",
"version_value": "4.4.16"
}
]
}
@ -121,16 +96,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2858"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-12163",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-12163"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491206",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1491206"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163",
"refsource": "MISC",
@ -168,18 +133,6 @@
}
]
},
"work_around": [
{
"lang": "en",
"value": "As this is an SMB1-only vulnerability, it can be avoided by setting the server to only use SMB2 via adding:\n\nserver min protocol = SMB2_02\n\nto the [global] section of your smb.conf and restarting smbd."
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jeremy Allison (Google), Stefan Metzmacher (SerNet), and Yihan Lian and Zhibin Hu (Qihoo 360 Gear Team) for reporting this issue."
}
],
"impact": {
"cvss": [
{

98
2017/12xxx/CVE-2017-12164.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-12164",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gdm",
"version": {
"version_data": [
{
"version_value": "3.24.1"
}
]
}
}
]
},
"vendor_name": "GNOME"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,39 +15,72 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.1/CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-592"
"value": "CWE-592",
"cweId": "CWE-592"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GNOME",
"product": {
"product_data": [
{
"product_name": "gdm",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.24.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28",
"refsource": "CONFIRM",
"url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164"
"url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28",
"refsource": "MISC",
"name": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
}

146
2017/12xxx/CVE-2017-12167.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-12167",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EAP-7",
"version": {
"version_data": [
{
"version_value": "7.0.9"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,79 +15,112 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732"
"value": "CWE-732",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "EAP-7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.0.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:0002",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0002"
"url": "https://access.redhat.com/errata/RHSA-2017:3454",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name": "RHSA-2017:3458",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
"url": "https://access.redhat.com/errata/RHSA-2017:3455",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2018:0004",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0004"
"url": "https://access.redhat.com/errata/RHSA-2017:3456",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name": "100903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100903"
"url": "https://access.redhat.com/errata/RHSA-2017:3458",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2017:3455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
"url": "https://access.redhat.com/errata/RHSA-2018:0002",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0002"
},
{
"name": "RHSA-2017:3456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
"url": "https://access.redhat.com/errata/RHSA-2018:0003",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0003"
},
{
"name": "RHSA-2018:0003",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0003"
"url": "https://access.redhat.com/errata/RHSA-2018:0004",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0004"
},
{
"name": "RHSA-2018:0005",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0005"
"url": "https://access.redhat.com/errata/RHSA-2018:0005",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0005"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167"
"url": "http://www.securityfocus.com/bid/100903",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/100903"
},
{
"name": "RHSA-2017:3454",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
}

51
2019/19xxx/CVE-2019-19352.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."
"value": "An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Incorrect Privilege Assignment",
"value": "CWE-266",
"cweId": "CWE-266"
}
]
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 4.4",
"product_name": "operator-framework/presto",
"version": {
"version_data": [
{
"version_value": "v4.4.0-202004261927",
"version_affected": "!"
"version_affected": "=",
"version_value": "as shipped in Red Hat Openshift 4"
}
]
}
@ -59,50 +59,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1791534"
},
{
"url": "https://access.redhat.com/articles/4859371",
"refsource": "MISC",
"name": "https://access.redhat.com/articles/4859371"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:1942",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:1942"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2019-19352",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-19352"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793281",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793281"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Joseph LaMagna-Reiter (SPR Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

56
2019/19xxx/CVE-2019-19353.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19353",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266",
"cweId": "CWE-266"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "as shipped in Red Hat Openshift 4"
}
]
@ -30,42 +52,22 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791534",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1791534",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791534"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1791534"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793279",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793279",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793279"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793279"
},
{
"url": "https://access.redhat.com/articles/4859371",
"refsource": "MISC",
"name": "https://access.redhat.com/articles/4859371",
"url": "https://access.redhat.com/articles/4859371"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."
"name": "https://access.redhat.com/articles/4859371"
}
]
}

46
2019/19xxx/CVE-2019-19354.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."
"value": "An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Incorrect Privilege Assignment",
"value": "CWE-266",
"cweId": "CWE-266"
}
]
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 4.4",
"product_name": "operator-framework/hadoop",
"version": {
"version_data": [
{
"version_value": "v4.4.0-202004261927",
"version_affected": "!"
"version_affected": "=",
"version_value": "as shipped in Red Hat Openshift 4"
}
]
}
@ -64,45 +64,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/articles/4859371"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:1938",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:1938"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2019-19354",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-19354"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793278",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793278"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Joseph LaMagna-Reiter (SPR Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

68
2019/19xxx/CVE-2019-19355.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."
"value": "An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Incorrect Privilege Assignment",
"value": "CWE-266",
"cweId": "CWE-266"
}
]
@ -36,34 +36,12 @@
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 4.1",
"product_name": "openshift",
"version": {
"version_data": [
{
"version_value": "v4.1.41-202004151639",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.2",
"version": {
"version_data": [
{
"version_value": "v4.2.27-202003301126",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.3",
"version": {
"version_data": [
{
"version_value": "v4.3.5-202003020549",
"version_affected": "!"
"version_affected": "=",
"version_value": "Openshift 4"
}
]
}
@ -76,36 +54,6 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/articles/4859371",
"refsource": "MISC",
"name": "https://access.redhat.com/articles/4859371"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0683",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0683"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:1280",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:1280"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:1545",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:1545"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2019-19355",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-19355"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793277",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793277"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19355",
"refsource": "MISC",
@ -113,12 +61,6 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Joseph LaMagna-Reiter (SPR Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
{

134
2019/3xxx/CVE-2019-3805.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3805",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-364",
"cweId": "CWE-364"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "affects up to 16.0.0.Final"
}
]
@ -30,78 +52,66 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-364"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2019:1106",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:1106"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:1107",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:1107"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:1108",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:1108"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:1140",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:1140"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:2413",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:2413"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0727",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0727"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1107",
"url": "https://access.redhat.com/errata/RHSA-2019:1107"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1108",
"url": "https://access.redhat.com/errata/RHSA-2019:1108"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1106",
"url": "https://access.redhat.com/errata/RHSA-2019:1106"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1140",
"url": "https://access.redhat.com/errata/RHSA-2019:1140"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190517-0004/",
"url": "https://security.netapp.com/advisory/ntap-20190517-0004/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:2413",
"url": "https://access.redhat.com/errata/RHSA-2019:2413"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0727",
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root."
"url": "https://security.netapp.com/advisory/ntap-20190517-0004/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20190517-0004/"
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}
}

31
2019/3xxx/CVE-2019-3811.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in sssd where, if a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot()."
"value": "A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable."
}
]
},
@ -21,7 +21,16 @@
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"value": "CWE-552",
"cweId": "CWE-552"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200",
"cweId": "CWE-200"
}
]
@ -32,16 +41,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "The sssd Project",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "sssd",
"version": {
"version_data": [
{
"version_value": "0:1.16.4-21.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "2.1"
}
]
}
@ -74,16 +83,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:2177"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2019-3811",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-3811"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656618",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1656618"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811",
"refsource": "MISC",

48
2020/10xxx/CVE-2020-10728.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10728",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in automationbroker/apb container in versions up to and including 2.0.4-1. This container grants all users sudoer permissions allowing an unauthorized user with access to the running container the ability to escalate their own privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266",
"cweId": "CWE-266"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "up to and including 2.0.4-1"
}
]
@ -30,32 +52,12 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1829674",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1829674",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1829674"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in automationbroker/apb container in versions up to and including 2.0.4-1. This container grants all users sudoer permissions allowing an unauthorized user with access to the running container the ability to escalate their own privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1829674"
}
]
}

92
2020/25xxx/CVE-2020-25673.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25673",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All"
}
]
@ -30,57 +52,37 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[oss-security] 20201101 [CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673]Linux kernel: many bugs in nfc socket",
"url": "http://www.openwall.com/lists/oss-security/2020/11/01/1"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-1c170a7c7c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-21360476b6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-d56567bdab",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS/"
},
{
"url": "https://www.openwall.com/lists/oss-security/2020/11/01/1",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2020/11/01/1",
"url": "https://www.openwall.com/lists/oss-security/2020/11/01/1"
"name": "https://www.openwall.com/lists/oss-security/2020/11/01/1"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210702-0008/",
"url": "https://security.netapp.com/advisory/ntap-20210702-0008/"
}
]
},
"description": {
"description_data": [
"url": "http://www.openwall.com/lists/oss-security/2020/11/01/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/11/01/1"
},
{
"lang": "eng",
"value": "A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system."
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210702-0008/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20210702-0008/"
}
]
}

62
2020/25xxx/CVE-2020-25678.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Ceph where Ceph stores mgr module passwords in clear text. This issue can be found by searching the mgr logs for Grafana and dashboard, with passwords visible. The highest threat from this vulnerability is to confidentiality."
"value": "A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information",
"value": "CWE-312",
"cweId": "CWE-312"
}
]
@ -32,28 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Ceph Storage 4.2",
"product_name": "ceph",
"version": {
"version_data": [
{
"version_value": "2:14.2.11-147.el7cp",
"version_affected": "!"
},
{
"version_value": "0:4.0.49.2-1.el8cp",
"version_affected": "!"
},
{
"version_value": "0:2.6.3-3.el8cp",
"version_affected": "!"
},
{
"version_value": "0:1.5.2-3.el8cp",
"version_affected": "!"
"version_affected": "=",
"version_value": "ceph versions prior to 16.y.z"
}
]
}
@ -66,26 +54,16 @@
},
"references": {
"reference_data": [
{
"url": "https://tracker.ceph.com/issues/37503",
"refsource": "MISC",
"name": "https://tracker.ceph.com/issues/37503"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:1452",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:1452"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-25678",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2020-25678"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892109",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1892109"
},
{
"url": "https://tracker.ceph.com/issues/37503",
"refsource": "MISC",
"name": "https://tracker.ceph.com/issues/37503"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M/",
"refsource": "MISC",
@ -97,23 +75,5 @@
"name": "https://security.gentoo.org/glsa/202105-39"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}
}

74
2020/25xxx/CVE-2020-25689.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25689",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401",
"cweId": "CWE-401"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "up to 21.0.0.Final"
}
]
@ -30,48 +52,36 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25689",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25689",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25689"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20201123-0006/",
"url": "https://security.netapp.com/advisory/ntap-20201123-0006/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability."
"url": "https://security.netapp.com/advisory/ntap-20201123-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20201123-0006/"
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}
}

48
2020/25xxx/CVE-2020-25691.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25691",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755",
"cweId": "CWE-755"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "versions up to and including darkhttpd-1.13-1"
}
]
@ -30,32 +52,12 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893725",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1893725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893725"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability."
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1893725"
}
]
}

69
2020/25xxx/CVE-2020-25697.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25697",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server it is expecting to connect to."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All"
}
]
@ -30,52 +52,27 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[oss-security] 20201109 The importance of mutual authentication: Local Privilege Escalation in X11",
"url": "http://www.openwall.com/lists/oss-security/2020/11/09/3"
},
{
"refsource": "MLIST",
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
},
{
"url": "https://seclists.org/oss-sec/2020/q4/105",
"refsource": "MISC",
"name": "https://seclists.org/oss-sec/2020/q4/105",
"url": "https://seclists.org/oss-sec/2020/q4/105"
"name": "https://seclists.org/oss-sec/2020/q4/105"
},
{
"url": "http://www.openwall.com/lists/oss-security/2020/11/09/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/11/09/3",
"url": "http://www.openwall.com/lists/oss-security/2020/11/09/3"
"name": "http://www.openwall.com/lists/oss-security/2020/11/09/3"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895295",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1895295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895295"
}
]
},
"description": {
"description_data": [
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1895295"
},
{
"lang": "eng",
"value": "A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server it is expecting to connect to."
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
]
}

56
2020/27xxx/CVE-2020-27795.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27795",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command \"adf\" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, -1); returns null pointer for fcn causing segmentation fault later in ensure_fcn_range (fcn)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-908 - Use of Uninitialized Resource",
"cweId": "CWE-908"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Fixed in v4.4.0."
}
]
@ -30,42 +52,22 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-908 - Use of Uninitialized Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/radareorg/radare2/issues/16215",
"refsource": "MISC",
"name": "https://github.com/radareorg/radare2/issues/16215",
"url": "https://github.com/radareorg/radare2/issues/16215"
"name": "https://github.com/radareorg/radare2/issues/16215"
},
{
"url": "https://github.com/radareorg/radare2/pull/16230",
"refsource": "MISC",
"name": "https://github.com/radareorg/radare2/pull/16230",
"url": "https://github.com/radareorg/radare2/pull/16230"
"name": "https://github.com/radareorg/radare2/pull/16230"
},
{
"url": "https://github.com/radareorg/radare2/commit/4d3811681a80f92a53e795f6a64c4b0fc2c8dd22",
"refsource": "MISC",
"name": "https://github.com/radareorg/radare2/commit/4d3811681a80f92a53e795f6a64c4b0fc2c8dd22",
"url": "https://github.com/radareorg/radare2/commit/4d3811681a80f92a53e795f6a64c4b0fc2c8dd22"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command \"adf\" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, -1); returns null pointer for fcn causing segmentation fault later in ensure_fcn_range (fcn)."
"name": "https://github.com/radareorg/radare2/commit/4d3811681a80f92a53e795f6a64c4b0fc2c8dd22"
}
]
}

114
2020/27xxx/CVE-2020-27815.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27815",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.9.6"
}
]
@ -30,77 +52,57 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[oss-security] 20201201 CVE-2020-27815 Linux kernel: jfs: array-index-out-of-bounds in dbAdjTree",
"url": "http://www.openwall.com/lists/oss-security/2020/11/30/5"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20201228 Re: CVE-2020-27815 Linux kernel: jfs: array-index-out-of-bounds in dbAdjTree",
"url": "http://www.openwall.com/lists/oss-security/2020/12/28/1"
},
{
"refsource": "DEBIAN",
"name": "DSA-4843",
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c61b3e4839007668360ed8b87d7da96d2e59fc6c",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1897668,",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897668,"
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c61b3e4839007668360ed8b87d7da96d2e59fc6c"
},
{
"url": "http://www.openwall.com/lists/oss-security/2020/11/30/5",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2020/11/30/5,",
"url": "https://www.openwall.com/lists/oss-security/2020/11/30/5,"
"name": "http://www.openwall.com/lists/oss-security/2020/11/30/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2020/12/28/1",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2020/12/28/1,",
"url": "https://www.openwall.com/lists/oss-security/2020/12/28/1,"
"name": "http://www.openwall.com/lists/oss-security/2020/12/28/1"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897668%2C",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c61b3e4839007668360ed8b87d7da96d2e59fc6c",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c61b3e4839007668360ed8b87d7da96d2e59fc6c"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1897668%2C"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210702-0004/",
"url": "https://security.netapp.com/advisory/ntap-20210702-0004/"
}
]
},
"description": {
"description_data": [
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"lang": "eng",
"value": "A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210702-0004/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20210702-0004/"
},
{
"url": "https://www.debian.org/security/2021/dsa-4843",
"refsource": "MISC",
"name": "https://www.debian.org/security/2021/dsa-4843"
},
{
"url": "https://www.openwall.com/lists/oss-security/2020/11/30/5%2C",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2020/11/30/5%2C"
},
{
"url": "https://www.openwall.com/lists/oss-security/2020/12/28/1%2C",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2020/12/28/1%2C"
}
]
}

78
2020/27xxx/CVE-2020-27820.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Use After Free",
"value": "CWE-416",
"cweId": "CWE-416"
}
]
@ -32,20 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "0:4.18.0-372.9.1.rt7.166.el8",
"version_affected": "!"
},
{
"version_value": "0:4.18.0-372.9.1.el8",
"version_affected": "!"
"version_affected": "=",
"version_value": "to be fixed in RHEL-9 release"
}
]
}
@ -59,45 +55,15 @@
"references": {
"reference_data": [
{
"url": "https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline@redhat.com/",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901726",
"refsource": "MISC",
"name": "https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline@redhat.com/"
},
{
"url": "https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline@redhat.com/",
"refsource": "MISC",
"name": "https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline@redhat.com/"
},
{
"url": "https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline@redhat.com/",
"refsource": "MISC",
"name": "https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline@redhat.com/"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1901726"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:1975",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:1988",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:1988"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-27820",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2020-27820"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901726",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1901726"
},
{
"url": "https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline%40redhat.com/",
"refsource": "MISC",
@ -114,35 +80,5 @@
"name": "https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline%40redhat.com/"
}
]
},
"work_around": [
{
"lang": "en",
"value": "To mitigate this issue, prevent the module nouveau from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically."
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Jeremy Cline (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}
}

50
2020/27xxx/CVE-2020-27822.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27822",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401",
"cweId": "CWE-401"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, 21.0.0.Final"
}
]
@ -30,32 +52,12 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1904060",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1904060"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability."
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1904060",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1904060"
}
]
}

54
2020/27xxx/CVE-2020-27833.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27833",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first created pointing within the tarball, this allows further symbolic links to bypass the existing path check. This flaw allows the tarball to create links outside the tarball's parent directory, allowing for executables or configuration files to be overwritten, resulting in arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions up to and including openshift-clients-4.7.0-202104250659.p0.git.95881af are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "up to & including openshift-clients-4.7.0-202104250659.p0.git.95881af"
}
]
@ -30,37 +52,17 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://access.redhat.com/security/cve/CVE-2020-27833",
"url": "https://access.redhat.com/security/cve/CVE-2020-27833"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905945",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1905945"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-27833",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1905945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905945"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first created pointing within the tarball, this allows further symbolic links to bypass the existing path check. This flaw allows the tarball to create links outside the tarball's parent directory, allowing for executables or configuration files to be overwritten, resulting in arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions up to and including openshift-clients-4.7.0-202104250659.p0.git.95881af are affected."
"name": "https://access.redhat.com/security/cve/CVE-2020-27833"
}
]
}

52
2020/35xxx/CVE-2020-35492.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in cairo's image-compositor.c. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability."
"value": "A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"value": "CWE-121",
"cweId": "CWE-121"
}
]
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"product_name": "cairo",
"version": {
"version_data": [
{
"version_value": "0:1.15.12-6.el8",
"version_affected": "!"
"version_affected": "=",
"version_value": "All cairo versions"
}
]
}
@ -54,51 +54,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2022:1961",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:1961"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-35492",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2020-35492"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Stephan Bergmann (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

48
2020/35xxx/CVE-2020-35501.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35501",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "affecting all versions up to kernel 5.17"
}
]
@ -30,32 +52,12 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908577",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1908577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908577"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1908577"
}
]
}

54
2020/35xxx/CVE-2020-35503.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35503",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All QEMU versions before and including 6.0"
}
]
@ -30,37 +52,17 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1910346",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1910346",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1910346"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1910346"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210720-0008/",
"url": "https://security.netapp.com/advisory/ntap-20210720-0008/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability."
"url": "https://security.netapp.com/advisory/ntap-20210720-0008/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20210720-0008/"
}
]
}

94
2020/35xxx/CVE-2020-35508.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Initialization",
"value": "CWE-665",
"cweId": "CWE-665"
}
]
@ -32,35 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "0:4.18.0-305.rt7.72.el8",
"version_affected": "!"
},
{
"version_value": "0:4.18.0-305.el8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:4.18.0-193.60.2.rt13.112.el8_2",
"version_affected": "!"
},
{
"version_value": "0:4.18.0-193.60.2.el8_2",
"version_affected": "!"
"version_affected": "=",
"version_value": "kernel 5.12"
}
]
}
@ -73,76 +54,21 @@
},
"references": {
"reference_data": [
{
"url": "https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:1578",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:1578"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:1739",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:1739"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:2718",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:2718"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:2719",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:2719"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-35508",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2020-35508"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902724",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1902724"
},
{
"url": "https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210513-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20210513-0006/"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Eddy Wu (trendmicro.com) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}
}

48
2020/35xxx/CVE-2020-35509.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35509",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.3, 12.0.0"
}
]
@ -30,32 +52,12 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/cve-2020-35509",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2020-35509",
"url": "https://access.redhat.com/security/cve/cve-2020-35509"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity."
"name": "https://access.redhat.com/security/cve/cve-2020-35509"
}
]
}

48
2020/35xxx/CVE-2020-35514.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35514",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266",
"cweId": "CWE-266"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Unspecified"
}
]
@ -30,32 +52,12 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914714",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1914714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914714"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0."
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1914714"
}
]
}

93
2020/35xxx/CVE-2020-35517.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
"value": "A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Privilege Management",
"value": "CWE-269",
"cweId": "CWE-269"
}
]
@ -32,38 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Advanced Virtualization for RHEL 8.2.1",
"product_name": "qemu",
"version": {
"version_data": [
{
"version_value": "8020120210211153838.863bb0db",
"version_affected": "!"
}
]
}
},
{
"product_name": "Advanced Virtualization for RHEL 8.3.1",
"version": {
"version_data": [
{
"version_value": "8030120210211160750.71132145",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "8030020210210212009.229f0a1c",
"version_affected": "!"
"version_affected": "=",
"version_value": "qemu 5.2.0"
}
]
}
@ -81,6 +59,11 @@
"refsource": "MISC",
"name": "https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915823",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1915823"
},
{
"url": "https://www.openwall.com/lists/oss-security/2021/01/22/1",
"refsource": "MISC",
@ -96,64 +79,10 @@
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202208-27"
},
{
"url": "https://access.redhat.com/errata/RHBA-2021:0639",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2021:0639"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:0711",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:0711"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:0743",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:0743"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-35517",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2020-35517"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915823",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1915823"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210312-0002/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20210312-0002/"
},
{
"url": "https://virtio-fs.gitlab.io/",
"refsource": "MISC",
"name": "https://virtio-fs.gitlab.io/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Alex Xu (alxu.ca) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

54
2020/35xxx/CVE-2020-35519.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35519",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v5.12-rc5"
}
]
@ -30,37 +52,17 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908251",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1908251",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908251"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1908251"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210618-0009/",
"url": "https://security.netapp.com/advisory/ntap-20210618-0009/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
"url": "https://security.netapp.com/advisory/ntap-20210618-0009/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20210618-0009/"
}
]
}