diff --git a/2016/5xxx/CVE-2016-5238.json b/2016/5xxx/CVE-2016-5238.json index a1322df9b9e..a665dd856f0 100644 --- a/2016/5xxx/CVE-2016-5238.json +++ b/2016/5xxx/CVE-2016-5238.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-5238", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,57 +27,81 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "USN-3047-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-3047-1" + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" }, { - "name": "[qemu-devel] 20160601 Re: [Qemu-devel] [PATCH] scsi: check buffer length before reading scsi command", - "refsource": "MLIST", - "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html" + "url": "https://security.gentoo.org/glsa/201609-01", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201609-01" }, { - "name": "[qemu-devel] 20160531 [Qemu-devel] [PATCH] scsi: check buffer length before reading scsi command", - "refsource": "MLIST", - "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05691.html" + "url": "http://www.ubuntu.com/usn/USN-3047-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3047-1" }, { - "name": "[oss-security] 20160602 CVE Request Qemu: scsi: esp: OOB write when using non-DMA mode in get_cmd", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/06/02/2" + "url": "http://www.ubuntu.com/usn/USN-3047-2", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3047-2" }, { - "name": "GLSA-201609-01", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201609-01" + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/06/02/2" }, { - "name": "USN-3047-2", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-3047-2" + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/9", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/06/02/9" }, { - "name": "90995", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/90995" + "url": "http://www.securityfocus.com/bid/90995", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/90995" }, { - "name": "[oss-security] 20160602 Re: CVE Request Qemu: scsi: esp: OOB write when using non-DMA mode in get_cmd", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/06/02/9" + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05691.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05691.html" }, { - "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1341931", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341931" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341931", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1341931" } ] } diff --git a/2016/5xxx/CVE-2016-5338.json b/2016/5xxx/CVE-2016-5338.json index 69d6d2b05ff..75b40347cda 100644 --- a/2016/5xxx/CVE-2016-5338.json +++ b/2016/5xxx/CVE-2016-5338.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-5338", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,52 +27,76 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec", - "refsource": "CONFIRM", - "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec" + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" }, { - "name": "USN-3047-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-3047-1" + "url": "https://security.gentoo.org/glsa/201609-01", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201609-01" }, { - "name": "[qemu-devel] 20160606 [Qemu-devel] [PATCH v3] scsi: esp: check TI buffer index before read/write", - "refsource": "MLIST", - "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html" + "url": "http://www.ubuntu.com/usn/USN-3047-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3047-1" }, { - "name": "[oss-security] 20160608 Re: CVE Request Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/06/08/14" + "url": "http://www.ubuntu.com/usn/USN-3047-2", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3047-2" }, { - "name": "GLSA-201609-01", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201609-01" + "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec", + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec" }, { - "name": "USN-3047-2", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-3047-2" + "url": "http://www.openwall.com/lists/oss-security/2016/06/07/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/06/07/3" }, { - "name": "91079", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/91079" + "url": "http://www.openwall.com/lists/oss-security/2016/06/08/14", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/06/08/14" }, { - "name": "[oss-security] 20160607 CVE Request Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/06/07/3" + "url": "http://www.securityfocus.com/bid/91079", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/91079" }, { - "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html" } ] } diff --git a/2016/5xxx/CVE-2016-5362.json b/2016/5xxx/CVE-2016-5362.json index fe4e010add6..f1b08b6237c 100644 --- a/2016/5xxx/CVE-2016-5362.json +++ b/2016/5xxx/CVE-2016-5362.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-5362", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,52 +27,76 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2016:1473", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2016:1473" + "url": "http://www.openwall.com/lists/oss-security/2016/06/10/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/06/10/5" }, { - "name": "[oss-security] 20160610 CVE request for vulnerability in OpenStack Neutron", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/06/10/5" + "url": "http://www.openwall.com/lists/oss-security/2016/06/10/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/06/10/6" }, { - "name": "[oss-security] 20160610 Re: CVE request for vulnerability in OpenStack Neutron", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/06/10/6" + "url": "https://access.redhat.com/errata/RHSA-2016:1473", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:1473" }, { - "name": "https://security.openstack.org/ossa/OSSA-2016-009.html", - "refsource": "CONFIRM", - "url": "https://security.openstack.org/ossa/OSSA-2016-009.html" + "url": "https://access.redhat.com/errata/RHSA-2016:1474", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:1474" }, { - "name": "https://bugs.launchpad.net/neutron/+bug/1558658", - "refsource": "CONFIRM", - "url": "https://bugs.launchpad.net/neutron/+bug/1558658" + "url": "https://security.openstack.org/ossa/OSSA-2016-009.html", + "refsource": "MISC", + "name": "https://security.openstack.org/ossa/OSSA-2016-009.html" }, { - "name": "https://review.openstack.org/#/c/303572/", - "refsource": "CONFIRM", - "url": "https://review.openstack.org/#/c/303572/" + "url": "https://bugs.launchpad.net/neutron/+bug/1558658", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/neutron/+bug/1558658" }, { - "name": "https://review.openstack.org/#/c/300202/", - "refsource": "CONFIRM", - "url": "https://review.openstack.org/#/c/300202/" + "url": "https://review.openstack.org/#/c/300202/", + "refsource": "MISC", + "name": "https://review.openstack.org/#/c/300202/" }, { - "name": "RHSA-2016:1474", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2016:1474" + "url": "https://review.openstack.org/#/c/303563/", + "refsource": "MISC", + "name": "https://review.openstack.org/#/c/303563/" }, { - "name": "https://review.openstack.org/#/c/303563/", - "refsource": "CONFIRM", - "url": "https://review.openstack.org/#/c/303563/" + "url": "https://review.openstack.org/#/c/303572/", + "refsource": "MISC", + "name": "https://review.openstack.org/#/c/303572/" } ] } diff --git a/2016/5xxx/CVE-2016-5388.json b/2016/5xxx/CVE-2016-5388.json index 9f457c453c4..27ef9aa6557 100644 --- a/2016/5xxx/CVE-2016-5388.json +++ b/2016/5xxx/CVE-2016-5388.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request." + "value": "Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388\"; in other words, this is not a CVE ID for a vulnerability." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation", - "cweId": "CWE-20" + "value": "n/a" } ] } @@ -32,65 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 6", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:6.0.24-98.el6_8", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "0:7.0.54-8.el7_2", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat JBoss Web Server 3 for RHEL 6", - "version": { - "version_data": [ - { - "version_value": "0:2.4.6-62.ep7.el6", - "version_affected": "!" - }, - { - "version_value": "0:7.0.59-51_patch_01.ep7.el6", - "version_affected": "!" - }, - { - "version_value": "0:8.0.18-62_patch_01.ep7.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", - "version": { - "version_data": [ - { - "version_value": "0:2.4.6-62.ep7.el7", - "version_affected": "!" - }, - { - "version_value": "0:7.0.59-51_patch_01.ep7.el7", - "version_affected": "!" - }, - { - "version_value": "0:8.0.18-62_patch_01.ep7.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -168,11 +118,6 @@ "refsource": "MISC", "name": "http://www.securitytracker.com/id/1036331" }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:1624", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:1624" - }, { "url": "https://access.redhat.com/errata/RHSA-2016:1635", "refsource": "MISC", @@ -183,26 +128,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2016:1636" }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:2045", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:2045" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:2046", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:2046" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-5388", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-5388" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353809", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1353809" - }, { "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759", "refsource": "MISC", @@ -254,50 +179,5 @@ "name": "https://www.apache.org/security/asf-httpoxy-response.txt" } ] - }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue." - } - ], - "impact": { - "cvss": [ - { - "accessComplexity": "HIGH", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "NONE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 2.6, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "version": "2.0" - }, - { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 3.5, - "baseSeverity": "LOW", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N", - "version": "3.0" - } - ] } } \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5390.json b/2016/5xxx/CVE-2016-5390.json index f22adbd084d..03d42113c1e 100644 --- a/2016/5xxx/CVE-2016-5390.json +++ b/2016/5xxx/CVE-2016-5390.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-5390", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,27 +27,51 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://projects.theforeman.org/issues/15653", - "refsource": "CONFIRM", - "url": "http://projects.theforeman.org/issues/15653" + "url": "http://projects.theforeman.org/issues/15653", + "refsource": "MISC", + "name": "http://projects.theforeman.org/issues/15653" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1355728", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1355728" + "url": "http://www.securityfocus.com/bid/91770", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/91770" }, { - "name": "https://theforeman.org/security.html#2016-5390", - "refsource": "CONFIRM", - "url": "https://theforeman.org/security.html#2016-5390" + "url": "https://theforeman.org/security.html#2016-5390", + "refsource": "MISC", + "name": "https://theforeman.org/security.html#2016-5390" }, { - "name": "91770", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/91770" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1355728", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1355728" } ] } diff --git a/2016/5xxx/CVE-2016-5391.json b/2016/5xxx/CVE-2016-5391.json index 4e3cd173f59..e89538752ef 100644 --- a/2016/5xxx/CVE-2016-5391.json +++ b/2016/5xxx/CVE-2016-5391.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-5391", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,27 +27,51 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "FEDORA-2016-d46685629d", - "refsource": "FEDORA", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65R6OA5AY7K2UBQUDOLOS5Y3SCULQI6I/" + "url": "https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt", + "refsource": "MISC", + "name": "https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt" }, { - "name": "FEDORA-2016-26a03340e6", - "refsource": "FEDORA", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKMS7R4TG6LTAGEBOWVUXF6LAWQXLNXV/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65R6OA5AY7K2UBQUDOLOS5Y3SCULQI6I/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65R6OA5AY7K2UBQUDOLOS5Y3SCULQI6I/" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1356183", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356183" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKMS7R4TG6LTAGEBOWVUXF6LAWQXLNXV/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKMS7R4TG6LTAGEBOWVUXF6LAWQXLNXV/" }, { - "name": "https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt", - "refsource": "CONFIRM", - "url": "https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356183", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1356183" } ] } diff --git a/2016/5xxx/CVE-2016-5392.json b/2016/5xxx/CVE-2016-5392.json index 7fe96b00644..84a0cda14ca 100644 --- a/2016/5xxx/CVE-2016-5392.json +++ b/2016/5xxx/CVE-2016-5392.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The Kubernetes API server contains a watch cache that speeds up performance. Due to an input validation error OpenShift Enterprise may return data for other users and projects when queried by a user. An attacker with knowledge of other project names could use this vulnerability to view their information." + "value": "The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation", - "cweId": "CWE-20" + "value": "n/a" } ] } @@ -32,16 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat OpenShift Container Platform 3.2", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:3.2.1.7-1.git.0.2702170.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -64,61 +63,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2016:1427" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-5392", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-5392" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356195", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1356195" } ] - }, - "credits": [ - { - "lang": "en", - "value": "This issue was discovered by Yanping Zhang (Red Hat)." - } - ], - "impact": { - "cvss": [ - { - "accessComplexity": "LOW", - "accessVector": "NETWORK", - "authentication": "SINGLE", - "availabilityImpact": "NONE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 6.8, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "COMPLETE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N", - "version": "2.0" - }, - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "version": "3.0" - } - ] } } \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5398.json b/2016/5xxx/CVE-2016-5398.json index 25fbd09c23e..185256220f7 100644 --- a/2016/5xxx/CVE-2016-5398.json +++ b/2016/5xxx/CVE-2016-5398.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-5398", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,27 +27,51 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "93219", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/93219" + "url": "http://rhn.redhat.com/errata/RHSA-2016-1968.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-1968.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1358523", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358523" + "url": "http://rhn.redhat.com/errata/RHSA-2016-1969.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-1969.html" }, { - "name": "RHSA-2016:1969", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-1969.html" + "url": "http://www.securityfocus.com/bid/93219", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/93219" }, { - "name": "RHSA-2016:1968", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-1968.html" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358523", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1358523" } ] } diff --git a/2016/5xxx/CVE-2016-5399.json b/2016/5xxx/CVE-2016-5399.json index e1779bab442..ebe97397707 100644 --- a/2016/5xxx/CVE-2016-5399.json +++ b/2016/5xxx/CVE-2016-5399.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in the way certain error conditions were handled by bzread() function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application." + "value": "The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Detection of Error Condition Without Action", - "cweId": "CWE-390" + "value": "n/a" } ] } @@ -32,111 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:5.4.16-42.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", - "version": { - "version_data": [ - { - "version_value": "0:2.3-1.el6", - "version_affected": "!" - }, - { - "version_value": "0:5.6.25-1.el6", - "version_affected": "!" - }, - { - "version_value": "1:1.9.5-4.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", - "version": { - "version_data": [ - { - "version_value": "0:2.3-1.el6", - "version_affected": "!" - }, - { - "version_value": "0:5.6.25-1.el6", - "version_affected": "!" - }, - { - "version_value": "1:1.9.5-4.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "0:2.3-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:5.6.25-1.el7", - "version_affected": "!" - }, - { - "version_value": "1:1.9.5-4.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", - "version": { - "version_data": [ - { - "version_value": "0:2.3-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:5.6.25-1.el7", - "version_affected": "!" - }, - { - "version_value": "1:1.9.5-4.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", - "version": { - "version_data": [ - { - "version_value": "0:2.3-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:5.6.25-1.el7", - "version_affected": "!" - }, - { - "version_value": "1:1.9.5-4.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -204,31 +108,11 @@ "refsource": "MISC", "name": "http://www.securitytracker.com/id/1036430" }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:2598", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:2598" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:2750", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:2750" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-5399", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-5399" - }, { "url": "https://bugs.php.net/bug.php?id=72613", "refsource": "MISC", "name": "https://bugs.php.net/bug.php?id=72613" }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358395", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1358395" - }, { "url": "https://security.netapp.com/advisory/ntap-20180112-0001/", "refsource": "MISC", @@ -238,51 +122,11 @@ "url": "https://www.exploit-db.com/exploits/40155/", "refsource": "MISC", "name": "https://www.exploit-db.com/exploits/40155/" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Hans Jerry Illikainen for reporting this issue." - } - ], - "impact": { - "cvss": [ - { - "accessComplexity": "HIGH", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 5.1, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "PARTIAL", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "version": "2.0" }, { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358395", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1358395" } ] } diff --git a/2016/5xxx/CVE-2016-5400.json b/2016/5xxx/CVE-2016-5400.json index 0fe1585ada9..5ceafe292ba 100644 --- a/2016/5xxx/CVE-2016-5400.json +++ b/2016/5xxx/CVE-2016-5400.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-5400", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,57 +27,81 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "USN-3070-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-3070-1" + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa93d1fee85c890a34f2510a310e55ee76a27848", + "refsource": "MISC", + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa93d1fee85c890a34f2510a310e55ee76a27848" }, { - "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa93d1fee85c890a34f2510a310e55ee76a27848", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa93d1fee85c890a34f2510a310e55ee76a27848" + "url": "http://www.openwall.com/lists/oss-security/2016/07/25/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/07/25/1" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1358184", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358184" + "url": "http://www.securityfocus.com/bid/92104", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/92104" }, { - "name": "USN-3070-3", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-3070-3" + "url": "http://www.securitytracker.com/id/1036432", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1036432" }, { - "name": "[oss-security] 20160725 CVE-2016-5400 - linux kernel: denial of service in airspy USB driver.", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/07/25/1" + "url": "http://www.ubuntu.com/usn/USN-3070-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3070-1" }, { - "name": "USN-3070-2", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-3070-2" + "url": "http://www.ubuntu.com/usn/USN-3070-2", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3070-2" }, { - "name": "1036432", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1036432" + "url": "http://www.ubuntu.com/usn/USN-3070-3", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3070-3" }, { - "name": "USN-3070-4", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-3070-4" + "url": "http://www.ubuntu.com/usn/USN-3070-4", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3070-4" }, { - "name": "https://github.com/torvalds/linux/commit/aa93d1fee85c890a34f2510a310e55ee76a27848", - "refsource": "CONFIRM", - "url": "https://github.com/torvalds/linux/commit/aa93d1fee85c890a34f2510a310e55ee76a27848" + "url": "https://github.com/torvalds/linux/commit/aa93d1fee85c890a34f2510a310e55ee76a27848", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/aa93d1fee85c890a34f2510a310e55ee76a27848" }, { - "name": "92104", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/92104" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358184", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1358184" } ] } diff --git a/2016/5xxx/CVE-2016-5401.json b/2016/5xxx/CVE-2016-5401.json index 051fde14e32..3b1321c13d7 100644 --- a/2016/5xxx/CVE-2016-5401.json +++ b/2016/5xxx/CVE-2016-5401.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-5401", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,12 +27,36 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1357731", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1357731" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1357731", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1357731" } ] } diff --git a/2016/5xxx/CVE-2016-5402.json b/2016/5xxx/CVE-2016-5402.json index 41ea2069f93..b927b717efc 100644 --- a/2016/5xxx/CVE-2016-5402.json +++ b/2016/5xxx/CVE-2016-5402.json @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Control of Generation of Code ('Code Injection')", + "value": "CWE-94", "cweId": "CWE-94" } ] @@ -32,20 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "[UNKNOWN]", "product": { "product_data": [ { - "product_name": "CloudForms Management Engine 5.6", + "product_name": "cfme", "version": { "version_data": [ { - "version_value": "0:5.6.3.3-1.el7cf", - "version_affected": "!" - }, - { - "version_value": "0:1.5.1-2.el7cf", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -68,21 +64,6 @@ "refsource": "MISC", "name": "http://www.securityfocus.com/bid/94612" }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:2839", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:2839" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-5402", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-5402" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1357559", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1357559" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5402", "refsource": "MISC", @@ -90,35 +71,8 @@ } ] }, - "credits": [ - { - "lang": "en", - "value": "This issue was discovered by Simon Lukasik (Red Hat)." - } - ], "impact": { "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "NETWORK", - "authentication": "SINGLE", - "availabilityImpact": "COMPLETE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 8.5, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "COMPLETE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "COMPLETE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", - "version": "2.0" - }, { "attackComplexity": "LOW", "attackVector": "NETWORK", diff --git a/2016/5xxx/CVE-2016-5406.json b/2016/5xxx/CVE-2016-5406.json index 61f49bd6252..c89333f7fca 100644 --- a/2016/5xxx/CVE-2016-5406.json +++ b/2016/5xxx/CVE-2016-5406.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-5406", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,52 +27,76 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2016:1841", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-1841.html" + "url": "http://rhn.redhat.com/errata/RHSA-2016-1838.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-1838.html" }, { - "name": "RHSA-2017:3458", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3458" + "url": "http://rhn.redhat.com/errata/RHSA-2016-1839.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-1839.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1359014", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1359014" + "url": "http://rhn.redhat.com/errata/RHSA-2016-1840.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-1840.html" }, { - "name": "RHSA-2016:1838", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-1838.html" + "url": "http://rhn.redhat.com/errata/RHSA-2016-1841.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-1841.html" }, { - "name": "RHSA-2017:3455", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3455" + "url": "https://access.redhat.com/errata/RHSA-2017:3454", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:3454" }, { - "name": "RHSA-2017:3456", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3456" + "url": "https://access.redhat.com/errata/RHSA-2017:3455", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:3455" }, { - "name": "RHSA-2017:3454", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3454" + "url": "https://access.redhat.com/errata/RHSA-2017:3456", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:3456" }, { - "name": "RHSA-2016:1839", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-1839.html" + "url": "https://access.redhat.com/errata/RHSA-2017:3458", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:3458" }, { - "name": "RHSA-2016:1840", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-1840.html" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1359014", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1359014" } ] } diff --git a/2016/5xxx/CVE-2016-5409.json b/2016/5xxx/CVE-2016-5409.json index 6d9a379fd03..01535ab9cfb 100644 --- a/2016/5xxx/CVE-2016-5409.json +++ b/2016/5xxx/CVE-2016-5409.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-5409", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,17 +27,41 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1366461", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366461" + "url": "http://www.securityfocus.com/bid/97988", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/97988" }, { - "name": "97988", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/97988" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366461", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1366461" } ] } diff --git a/2016/5xxx/CVE-2016-5411.json b/2016/5xxx/CVE-2016-5411.json index e4c6a146263..d48b016ec01 100644 --- a/2016/5xxx/CVE-2016-5411.json +++ b/2016/5xxx/CVE-2016-5411.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-5411", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,17 +27,41 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1366412", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366412" + "url": "http://www.securityfocus.com/bid/92669", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/92669" }, { - "name": "92669", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/92669" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366412", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1366412" } ] } diff --git a/2016/5xxx/CVE-2016-5412.json b/2016/5xxx/CVE-2016-5412.json index 8bd42118a6c..ec3c0766d86 100644 --- a/2016/5xxx/CVE-2016-5412.json +++ b/2016/5xxx/CVE-2016-5412.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2016-5412 Kernel: powerpc: kvm: Infinite loop via H_CEDE hypercall when running under hypervisor-mode" + "value": "arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Loop with Unreachable Exit Condition ('Infinite Loop')", - "cweId": "CWE-835" + "value": "n/a" } ] } @@ -32,16 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:3.10.0-514.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -59,11 +58,6 @@ "refsource": "MISC", "name": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:2574", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:2574" - }, { "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93d17397e4e2182fdaad503e2f9da46202c0f1c3", "refsource": "MISC", @@ -79,16 +73,6 @@ "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2016/07/28/2" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-5412", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-5412" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349916", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1349916" - }, { "url": "https://github.com/torvalds/linux/commit/93d17397e4e2182fdaad503e2f9da46202c0f1c3", "refsource": "MISC", @@ -98,45 +82,11 @@ "url": "https://github.com/torvalds/linux/commit/f024ee098476a3e620232e4a78cfac505f121245", "refsource": "MISC", "name": "https://github.com/torvalds/linux/commit/f024ee098476a3e620232e4a78cfac505f121245" - } - ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "HIGH", - "accessVector": "ADJACENT_NETWORK", - "authentication": "SINGLE", - "availabilityImpact": "COMPLETE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 4.3, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:A/AC:H/Au:S/C:N/I:N/A:C", - "version": "2.0" }, { - "attackComplexity": "HIGH", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 5.4, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", - "version": "3.0" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349916", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1349916" } ] } diff --git a/2016/5xxx/CVE-2016-5416.json b/2016/5xxx/CVE-2016-5416.json index e8b2a9a9521..6ce07420340 100644 --- a/2016/5xxx/CVE-2016-5416.json +++ b/2016/5xxx/CVE-2016-5416.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "It was found that 389 Directory Server was vulnerable to a flaw in which the default ACI (Access Control Instructions) could be read by an anonymous user. This could lead to leakage of sensitive information." + "value": "389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Exposure of Sensitive Information to an Unauthorized Actor", - "cweId": "CWE-200" + "value": "n/a" } ] } @@ -32,27 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 6", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:1.2.11.15-84.el6_8", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "0:1.3.5.10-11.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -75,76 +63,16 @@ "refsource": "MISC", "name": "http://rhn.redhat.com/errata/RHSA-2016-2765.html" }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:2594", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:2594" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:2765", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:2765" - }, { "url": "http://www.securityfocus.com/bid/99097", "refsource": "MISC", "name": "http://www.securityfocus.com/bid/99097" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-5416", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-5416" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349540", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1349540" } ] - }, - "credits": [ - { - "lang": "en", - "value": "This issue was discovered by Viktor Ashirov (Red Hat)." - } - ], - "impact": { - "cvss": [ - { - "accessComplexity": "LOW", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "NONE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 5, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "PARTIAL", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "version": "2.0" - }, - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 5.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "version": "3.0" - } - ] } } \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5422.json b/2016/5xxx/CVE-2016-5422.json index e5c923179ef..147186a80f7 100644 --- a/2016/5xxx/CVE-2016-5422.json +++ b/2016/5xxx/CVE-2016-5422.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-5422", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,17 +27,41 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2016:1785", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-1785.html" + "url": "http://rhn.redhat.com/errata/RHSA-2016-1785.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-1785.html" }, { - "name": "92722", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/92722" + "url": "http://www.securityfocus.com/bid/92722", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/92722" } ] } diff --git a/2016/5xxx/CVE-2016-5432.json b/2016/5xxx/CVE-2016-5432.json index 6c3b06f1563..9cb53110589 100644 --- a/2016/5xxx/CVE-2016-5432.json +++ b/2016/5xxx/CVE-2016-5432.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "It was found that the ovirt-engine-provisiondb utility did not correctly sanitize the authentication details used with the \u201c\u2014provision*db\u201d options from the output before storing them in log files. This could allow an attacker with read access to these log files to obtain sensitive information such as passwords." + "value": "The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Cleartext Storage of Sensitive Information", - "cweId": "CWE-312" + "value": "n/a" } ] } @@ -32,16 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "RHEV Engine version 4.0", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:4.0.4.4-1", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -65,69 +64,14 @@ "name": "http://www.securityfocus.com/bid/92694" }, { - "url": "https://access.redhat.com/errata/RHSA-2016:1967", + "url": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129", "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:1967" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-5432", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-5432" + "name": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371428", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1371428" - }, - { - "url": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129", - "refsource": "MISC", - "name": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "This issue was discovered by Yedidyah Bar David (Red Hat)." - } - ], - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "NONE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 4.3, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "PARTIAL", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "version": "2.0" - }, - { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 5.9, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "version": "3.0" } ] } diff --git a/2016/5xxx/CVE-2016-5699.json b/2016/5xxx/CVE-2016-5699.json index 8cbd9600297..b55bcbca539 100644 --- a/2016/5xxx/CVE-2016-5699.json +++ b/2016/5xxx/CVE-2016-5699.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values." + "value": "CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation", - "cweId": "CWE-20" + "value": "n/a" } ] } @@ -32,153 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 6", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:2.6.6-66.el6_8", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "0:2.7.5-38.el7_2", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", - "version": { - "version_data": [ - { - "version_value": "0:2.7.8-18.el6", - "version_affected": "!" - }, - { - "version_value": "0:3.3.2-18.el6", - "version_affected": "!" - }, - { - "version_value": "0:3.4.2-14.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", - "version": { - "version_data": [ - { - "version_value": "0:2.7.8-18.el6", - "version_affected": "!" - }, - { - "version_value": "0:3.3.2-18.el6", - "version_affected": "!" - }, - { - "version_value": "0:3.4.2-14.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", - "version": { - "version_data": [ - { - "version_value": "0:2.7.8-18.el6", - "version_affected": "!" - }, - { - "version_value": "0:3.3.2-18.el6", - "version_affected": "!" - }, - { - "version_value": "0:3.4.2-14.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "0:3.5.1-9.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.7.8-16.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.3.2-16.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.4.2-13.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", - "version": { - "version_data": [ - { - "version_value": "0:3.5.1-9.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.7.8-16.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.3.2-16.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.4.2-13.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", - "version": { - "version_data": [ - { - "version_value": "0:3.5.1-9.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.7.8-16.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.3.2-16.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.4.2-13.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -236,31 +98,6 @@ "refsource": "MISC", "name": "http://www.splunk.com/view/SP-CAAAPUE" }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:1626", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:1626" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:1627", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:1627" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:1628", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:1628" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:1629", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:1629" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:1630", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:1630" - }, { "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html", "refsource": "MISC", @@ -291,16 +128,6 @@ "refsource": "MISC", "name": "http://www.securityfocus.com/bid/91226" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-5699", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-5699" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303699", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1303699" - }, { "url": "https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-4", "refsource": "MISC", @@ -322,44 +149,5 @@ "name": "https://hg.python.org/cpython/rev/bf3e1c9b80e9" } ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "LOW", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "NONE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 5, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "version": "2.0" - }, - { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "LOW", - "baseScore": 5.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "version": "3.0" - } - ] } } \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6318.json b/2016/6xxx/CVE-2016-6318.json index ab26c4f61c9..b8cf42ac642 100644 --- a/2016/6xxx/CVE-2016-6318.json +++ b/2016/6xxx/CVE-2016-6318.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-6318", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,42 +27,66 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20160816 cracklib: Stack-based buffer overflow when parsing large GECOS field", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/08/16/2" + "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E" }, { - "name": "openSUSE-SU-2016:2204", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html" + "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E" }, { - "name": "92478", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/92478" + "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html" }, { - "name": "GLSA-201612-25", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201612-25" + "url": "http://www.openwall.com/lists/oss-security/2016/08/16/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/08/16/2" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20200524 [SECURITY] [DLA 2220-1] cracklib2 security update", - "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00023.html" + "url": "http://www.securityfocus.com/bid/92478", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/92478" }, { - "refsource": "MLIST", - "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", - "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E" + "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00023.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2020/05/msg00023.html" }, { - "refsource": "MLIST", - "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", - "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" + "url": "https://security.gentoo.org/glsa/201612-25", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201612-25" } ] } diff --git a/2016/6xxx/CVE-2016-6328.json b/2016/6xxx/CVE-2016-6328.json index 6d0bbd4bddd..3ef0a27b9f0 100644 --- a/2016/6xxx/CVE-2016-6328.json +++ b/2016/6xxx/CVE-2016-6328.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-6328", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "libexif", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "[UNKNOWN]" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,60 +15,87 @@ } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "6.1/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", - "version": "3.0" - } - ], - [ - { - "vectorString": "5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P", - "version": "2.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-190" + "value": "CWE-190", + "cweId": "CWE-190" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "libexif", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6328", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6328" + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html" }, { - "refsource": "UBUNTU", - "name": "USN-4277-1", - "url": "https://usn.ubuntu.com/4277-1/" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6328", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6328" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20200518 [SECURITY] [DLA 2214-1] libexif security update", - "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html" + "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2020:0793", - "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html" + "url": "https://security.gentoo.org/glsa/202007-05", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/202007-05" }, { - "refsource": "GENTOO", - "name": "GLSA-202007-05", - "url": "https://security.gentoo.org/glsa/202007-05" + "url": "https://usn.ubuntu.com/4277-1/", + "refsource": "MISC", + "name": "https://usn.ubuntu.com/4277-1/" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", + "version": "3.0" } ] } diff --git a/2016/6xxx/CVE-2016-6338.json b/2016/6xxx/CVE-2016-6338.json index 06edb8b385c..e8fc2be0dc2 100644 --- a/2016/6xxx/CVE-2016-6338.json +++ b/2016/6xxx/CVE-2016-6338.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "It was discovered that the ovirt-engine webadmin session would not properly enforce timeouts. Browser sessions would remain logged in beyond the administratively configured session timeout period." + "value": "ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation", - "cweId": "CWE-20" + "value": "n/a" } ] } @@ -32,16 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Virtualization Engine 4.1", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:4.1.8.2-1", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -64,61 +63,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2017:3427" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-6338", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-6338" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369285", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369285" } ] - }, - "credits": [ - { - "lang": "en", - "value": "This issue was discovered by Greg Sheremeta (Red Hat)." - } - ], - "impact": { - "cvss": [ - { - "accessComplexity": "HIGH", - "accessVector": "LOCAL", - "authentication": "NONE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 3.7, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "PARTIAL", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "version": "2.0" - }, - { - "attackComplexity": "HIGH", - "attackVector": "PHYSICAL", - "availabilityImpact": "LOW", - "baseScore": 3.8, - "baseSeverity": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "version": "3.0" - } - ] } } \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6351.json b/2016/6xxx/CVE-2016-6351.json index d37c68a8a45..764779fe5e3 100644 --- a/2016/6xxx/CVE-2016-6351.json +++ b/2016/6xxx/CVE-2016-6351.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-6351", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,47 +27,71 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "USN-3047-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-3047-1" + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" }, { - "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3", - "refsource": "CONFIRM", - "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3" + "url": "http://www.ubuntu.com/usn/USN-3047-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3047-1" }, { - "name": "USN-3047-2", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-3047-2" + "url": "http://www.ubuntu.com/usn/USN-3047-2", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3047-2" }, { - "name": "[oss-security] 20160726 CVE request Qemu: scsi: esp: oob write access while reading ESP command", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/07/25/14" + "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11", + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11" }, { - "name": "[oss-security] 20160726 Re: CVE request Qemu: scsi: esp: oob write access while reading ESP command", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/07/26/7" + "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=cc96677469388bad3d66479379735cf75db069e3", + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=cc96677469388bad3d66479379735cf75db069e3" }, { - "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11", - "refsource": "CONFIRM", - "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11" + "url": "http://www.openwall.com/lists/oss-security/2016/07/25/14", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/07/25/14" }, { - "name": "92119", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/92119" + "url": "http://www.openwall.com/lists/oss-security/2016/07/26/7", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/07/26/7" }, { - "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" + "url": "http://www.securityfocus.com/bid/92119", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/92119" } ] } diff --git a/2016/6xxx/CVE-2016-6828.json b/2016/6xxx/CVE-2016-6828.json index e8f1450df6e..1005e25fbbe 100644 --- a/2016/6xxx/CVE-2016-6828.json +++ b/2016/6xxx/CVE-2016-6828.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection." + "value": "The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Use After Free", - "cweId": "CWE-416" + "value": "n/a" } ] } @@ -32,42 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 6", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:2.6.32-642.13.1.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "0:3.10.0-514.6.1.rt56.429.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.10.0-514.6.1.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise MRG 2", - "version": { - "version_data": [ - { - "version_value": "1:3.10.0-514.rt56.210.el6rt", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -90,11 +63,6 @@ "refsource": "MISC", "name": "http://rhn.redhat.com/errata/RHSA-2017-0036.html" }, - { - "url": "https://access.redhat.com/errata/RHSA-2017:0036", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2017:0036" - }, { "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bb1fceca22492109be12640d49f5ea5a544c6bb4", "refsource": "MISC", @@ -130,31 +98,6 @@ "refsource": "MISC", "name": "http://www.securityfocus.com/bid/92452" }, - { - "url": "https://access.redhat.com/errata/RHSA-2017:0086", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2017:0086" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2017:0091", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2017:0091" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2017:0113", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2017:0113" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-6828", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-6828" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367091", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1367091" - }, { "url": "https://github.com/torvalds/linux/commit/bb1fceca22492109be12640d49f5ea5a544c6bb4", "refsource": "MISC", @@ -164,45 +107,11 @@ "url": "https://marcograss.github.io/security/linux/2016/08/18/cve-2016-6828-linux-kernel-tcp-uaf.html", "refsource": "MISC", "name": "https://marcograss.github.io/security/linux/2016/08/18/cve-2016-6828-linux-kernel-tcp-uaf.html" - } - ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "LOW", - "accessVector": "LOCAL", - "authentication": "NONE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 3.6, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", - "version": "2.0" }, { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "LOW", - "baseScore": 4.4, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", - "version": "3.0" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367091", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1367091" } ] } diff --git a/2017/12xxx/CVE-2017-12149.json b/2017/12xxx/CVE-2017-12149.json index 1bad35bf6d5..f8bf1b6fbdb 100644 --- a/2017/12xxx/CVE-2017-12149.json +++ b/2017/12xxx/CVE-2017-12149.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "DATE_PUBLIC": "2017-08-29T00:00:00", "ID": "CVE-2017-12149", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "jbossas", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "Red Hat, Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,38 +21,63 @@ "description": [ { "lang": "eng", - "value": "CWE-502" + "value": "CWE-502", + "cweId": "CWE-502" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat, Inc.", + "product": { + "product_data": [ + { + "product_name": "jbossas", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1486220", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486220" - }, - { - "name": "RHSA-2018:1608", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:1608" - }, - { - "name": "https://github.com/gottburgm/Exploits/tree/master/CVE-2017-12149", + "url": "http://www.securityfocus.com/bid/100591", "refsource": "MISC", - "url": "https://github.com/gottburgm/Exploits/tree/master/CVE-2017-12149" + "name": "http://www.securityfocus.com/bid/100591" }, { - "name": "100591", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/100591" + "url": "https://access.redhat.com/errata/RHSA-2018:1607", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:1607" }, { - "name": "RHSA-2018:1607", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:1607" + "url": "https://access.redhat.com/errata/RHSA-2018:1608", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:1608" + }, + { + "url": "https://github.com/gottburgm/Exploits/tree/master/CVE-2017-12149", + "refsource": "MISC", + "name": "https://github.com/gottburgm/Exploits/tree/master/CVE-2017-12149" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486220", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1486220" } ] } diff --git a/2017/12xxx/CVE-2017-12153.json b/2017/12xxx/CVE-2017-12153.json index 12a0cd970c7..448496261bd 100644 --- a/2017/12xxx/CVE-2017-12153.json +++ b/2017/12xxx/CVE-2017-12153.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-12153", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "kernel since v3.1-rc1 through v4.13", - "version": { - "version_data": [ - { - "version_value": "kernel since v3.1-rc1 through v4.13" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,58 +21,83 @@ "description": [ { "lang": "eng", - "value": "CWE-476" + "value": "CWE-476", + "cweId": "CWE-476" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel since v3.1-rc1 through v4.13", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "kernel since v3.1-rc1 through v4.13" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git/commit/?id=e785fa0a164aa11001cba931367c7f94ffaff888", - "refsource": "CONFIRM", - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git/commit/?id=e785fa0a164aa11001cba931367c7f94ffaff888" + "url": "http://seclists.org/oss-sec/2017/q3/437", + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2017/q3/437" }, { - "name": "https://bugzilla.novell.com/show_bug.cgi?id=1058410", - "refsource": "CONFIRM", - "url": "https://bugzilla.novell.com/show_bug.cgi?id=1058410" + "url": "http://www.debian.org/security/2017/dsa-3981", + "refsource": "MISC", + "name": "http://www.debian.org/security/2017/dsa-3981" }, { - "name": "USN-3583-2", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3583-2/" + "url": "http://www.securityfocus.com/bid/100855", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/100855" }, { - "name": "100855", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/100855" + "url": "https://bugzilla.novell.com/show_bug.cgi?id=1058410", + "refsource": "MISC", + "name": "https://bugzilla.novell.com/show_bug.cgi?id=1058410" }, { - "name": "DSA-3981", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2017/dsa-3981" + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git/commit/?id=e785fa0a164aa11001cba931367c7f94ffaff888", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git/commit/?id=e785fa0a164aa11001cba931367c7f94ffaff888" }, { - "name": "USN-3583-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3583-1/" + "url": "https://marc.info/?t=150525503100001&r=1&w=2", + "refsource": "MISC", + "name": "https://marc.info/?t=150525503100001&r=1&w=2" }, { - "name": "http://seclists.org/oss-sec/2017/q3/437", - "refsource": "CONFIRM", - "url": "http://seclists.org/oss-sec/2017/q3/437" + "url": "https://usn.ubuntu.com/3583-1/", + "refsource": "MISC", + "name": "https://usn.ubuntu.com/3583-1/" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1491046", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491046" + "url": "https://usn.ubuntu.com/3583-2/", + "refsource": "MISC", + "name": "https://usn.ubuntu.com/3583-2/" }, { - "name": "https://marc.info/?t=150525503100001&r=1&w=2", - "refsource": "CONFIRM", - "url": "https://marc.info/?t=150525503100001&r=1&w=2" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491046", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1491046" } ] } diff --git a/2017/12xxx/CVE-2017-12154.json b/2017/12xxx/CVE-2017-12154.json index a66593ab9cf..41876f5b961 100644 --- a/2017/12xxx/CVE-2017-12154.json +++ b/2017/12xxx/CVE-2017-12154.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization (nVMX) feature enabled (nested=1), is vulnerable to a crash due to disabled external interrupts. As L2 guest could access (r/w) hardware CR8 register of the host(L0). In a nested visualization setup, L2 guest user could use this flaw to potentially crash the host(L0) resulting in DoS." + "value": "The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the \"CR8-load exiting\" and \"CR8-store exiting\" L0 vmcs02 controls exist in cases where L1 omits the \"use TPR shadow\" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Access Control", - "cweId": "CWE-284" + "value": "incorrect access control" } ] } @@ -32,31 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "Linux kernel through 4.13.3", "version": { "version_data": [ { - "version_value": "0:3.10.0-862.rt56.804.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.10.0-862.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support", - "version": { - "version_data": [ - { - "version_value": "0:3.10.0-693.55.1.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "Linux kernel through 4.13.3" } ] } @@ -99,16 +83,6 @@ "refsource": "MISC", "name": "http://www.securityfocus.com/bid/100856" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2017-12154", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-12154" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491224", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1491224" - }, { "url": "https://github.com/torvalds/linux/commit/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f", "refsource": "MISC", @@ -128,51 +102,11 @@ "url": "https://www.spinics.net/lists/kvm/msg155414.html", "refsource": "MISC", "name": "https://www.spinics.net/lists/kvm/msg155414.html" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Jim Mattson (Google.com) for reporting this issue." - } - ], - "impact": { - "cvss": [ - { - "accessComplexity": "HIGH", - "accessVector": "ADJACENT_NETWORK", - "authentication": "SINGLE", - "availabilityImpact": "COMPLETE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 4.3, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:A/AC:H/Au:S/C:N/I:N/A:C", - "version": "2.0" }, { - "attackComplexity": "HIGH", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 5.8, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", - "version": "3.0" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491224", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1491224" } ] } diff --git a/2017/12xxx/CVE-2017-12161.json b/2017/12xxx/CVE-2017-12161.json index dbf3217a1e7..6321d173450 100644 --- a/2017/12xxx/CVE-2017-12161.json +++ b/2017/12xxx/CVE-2017-12161.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "DATE_PUBLIC": "2018-02-16T00:00:00", "ID": "CVE-2017-12161", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Keycloak", - "version": { - "version_data": [ - { - "version_value": "before 3.4.2.Final" - } - ] - } - } - ] - }, - "vendor_name": "Red Hat, Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-602" + "value": "CWE-602", + "cweId": "CWE-602" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat, Inc.", + "product": { + "product_data": [ + { + "product_name": "Keycloak", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before 3.4.2.Final" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1484564", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484564" + "url": "https://github.com/keycloak/keycloak-documentation/pull/268/commits/a2b58aadee42af2c375b72e86dffc2cf23cc3770", + "refsource": "MISC", + "name": "https://github.com/keycloak/keycloak-documentation/pull/268/commits/a2b58aadee42af2c375b72e86dffc2cf23cc3770" }, { - "name": "https://github.com/keycloak/keycloak-documentation/pull/268/commits/a2b58aadee42af2c375b72e86dffc2cf23cc3770", - "refsource": "CONFIRM", - "url": "https://github.com/keycloak/keycloak-documentation/pull/268/commits/a2b58aadee42af2c375b72e86dffc2cf23cc3770" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484564", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1484564" } ] } diff --git a/2017/12xxx/CVE-2017-12163.json b/2017/12xxx/CVE-2017-12163.json index 58f0f4590ad..540fa3ea399 100644 --- a/2017/12xxx/CVE-2017-12163.json +++ b/2017/12xxx/CVE-2017-12163.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker." + "value": "An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Exposure of Sensitive Information to an Unauthorized Actor", + "value": "CWE-200", "cweId": "CWE-200" } ] @@ -32,53 +32,28 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "Samba", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 6", + "product_name": "Samba", "version": { "version_data": [ { - "version_value": "0:3.6.23-45.el6_9", - "version_affected": "!" + "version_affected": "=", + "version_value": "4.7" }, { - "version_value": "0:4.2.10-11.el6_9", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7", - "version": { - "version_data": [ + "version_affected": "=", + "version_value": "4.6.8" + }, { - "version_value": "0:4.6.2-11.el7_4", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Gluster Storage 3.3 for RHEL 6", - "version": { - "version_data": [ + "version_affected": "=", + "version_value": "4.5.14" + }, { - "version_value": "0:4.6.3-6.el6rhs", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Gluster Storage 3.3 for RHEL 7", - "version": { - "version_data": [ - { - "version_value": "0:4.6.3-6.el7rhgs", - "version_affected": "!" + "version_affected": "=", + "version_value": "4.4.16" } ] } @@ -121,16 +96,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2017:2858" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2017-12163", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-12163" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491206", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1491206" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163", "refsource": "MISC", @@ -168,18 +133,6 @@ } ] }, - "work_around": [ - { - "lang": "en", - "value": "As this is an SMB1-only vulnerability, it can be avoided by setting the server to only use SMB2 via adding:\n\nserver min protocol = SMB2_02\n\nto the [global] section of your smb.conf and restarting smbd." - } - ], - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Jeremy Allison (Google), Stefan Metzmacher (SerNet), and Yihan Lian and Zhibin Hu (Qihoo 360 Gear Team) for reporting this issue." - } - ], "impact": { "cvss": [ { diff --git a/2017/12xxx/CVE-2017-12164.json b/2017/12xxx/CVE-2017-12164.json index e9754846bda..aacae1255d8 100644 --- a/2017/12xxx/CVE-2017-12164.json +++ b/2017/12xxx/CVE-2017-12164.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-12164", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "gdm", - "version": { - "version_data": [ - { - "version_value": "3.24.1" - } - ] - } - } - ] - }, - "vendor_name": "GNOME" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,39 +15,72 @@ } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "4.1/CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "version": "3.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-592" + "value": "CWE-592", + "cweId": "CWE-592" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GNOME", + "product": { + "product_data": [ + { + "product_name": "gdm", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.24.1" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28", - "refsource": "CONFIRM", - "url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164" + "url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28", + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "LOW", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "version": "3.0" } ] } diff --git a/2017/12xxx/CVE-2017-12167.json b/2017/12xxx/CVE-2017-12167.json index 577ba22dbe3..2c6682dc8a4 100644 --- a/2017/12xxx/CVE-2017-12167.json +++ b/2017/12xxx/CVE-2017-12167.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-12167", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "EAP-7", - "version": { - "version_data": [ - { - "version_value": "7.0.9" - } - ] - } - } - ] - }, - "vendor_name": "Red Hat" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,79 +15,112 @@ } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "version": "3.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-732" + "value": "CWE-732", + "cweId": "CWE-732" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "EAP-7", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.0.9" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2018:0002", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0002" + "url": "https://access.redhat.com/errata/RHSA-2017:3454", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:3454" }, { - "name": "RHSA-2017:3458", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3458" + "url": "https://access.redhat.com/errata/RHSA-2017:3455", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:3455" }, { - "name": "RHSA-2018:0004", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0004" + "url": "https://access.redhat.com/errata/RHSA-2017:3456", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:3456" }, { - "name": "100903", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/100903" + "url": "https://access.redhat.com/errata/RHSA-2017:3458", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:3458" }, { - "name": "RHSA-2017:3455", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3455" + "url": "https://access.redhat.com/errata/RHSA-2018:0002", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0002" }, { - "name": "RHSA-2017:3456", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3456" + "url": "https://access.redhat.com/errata/RHSA-2018:0003", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0003" }, { - "name": "RHSA-2018:0003", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0003" + "url": "https://access.redhat.com/errata/RHSA-2018:0004", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0004" }, { - "name": "RHSA-2018:0005", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0005" + "url": "https://access.redhat.com/errata/RHSA-2018:0005", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0005" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167" + "url": "http://www.securityfocus.com/bid/100903", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/100903" }, { - "name": "RHSA-2017:3454", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3454" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" } ] } diff --git a/2019/19xxx/CVE-2019-19352.json b/2019/19xxx/CVE-2019-19352.json index 4324a2e50f7..e20800039c1 100644 --- a/2019/19xxx/CVE-2019-19352.json +++ b/2019/19xxx/CVE-2019-19352.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges." + "value": "An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Incorrect Privilege Assignment", + "value": "CWE-266", "cweId": "CWE-266" } ] @@ -32,16 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat OpenShift Container Platform 4.4", + "product_name": "operator-framework/presto", "version": { "version_data": [ { - "version_value": "v4.4.0-202004261927", - "version_affected": "!" + "version_affected": "=", + "version_value": "as shipped in Red Hat Openshift 4" } ] } @@ -59,50 +59,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1791534" }, - { - "url": "https://access.redhat.com/articles/4859371", - "refsource": "MISC", - "name": "https://access.redhat.com/articles/4859371" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2020:1942", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2020:1942" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2019-19352", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2019-19352" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793281", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793281" } ] - }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Joseph LaMagna-Reiter (SPR Inc.) for reporting this issue." - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "HIGH", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 7, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" - } - ] } } \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19353.json b/2019/19xxx/CVE-2019-19353.json index ff17ea0964b..a5653fdfbce 100644 --- a/2019/19xxx/CVE-2019-19353.json +++ b/2019/19xxx/CVE-2019-19353.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19353", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-266", + "cweId": "CWE-266" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,6 +40,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "as shipped in Red Hat Openshift 4" } ] @@ -30,42 +52,22 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-266" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791534", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1791534", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791534" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1791534" }, { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793279", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793279", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793279" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793279" }, { + "url": "https://access.redhat.com/articles/4859371", "refsource": "MISC", - "name": "https://access.redhat.com/articles/4859371", - "url": "https://access.redhat.com/articles/4859371" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges." + "name": "https://access.redhat.com/articles/4859371" } ] } diff --git a/2019/19xxx/CVE-2019-19354.json b/2019/19xxx/CVE-2019-19354.json index 6e7c7d5d234..1567c1af6c6 100644 --- a/2019/19xxx/CVE-2019-19354.json +++ b/2019/19xxx/CVE-2019-19354.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges." + "value": "An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Incorrect Privilege Assignment", + "value": "CWE-266", "cweId": "CWE-266" } ] @@ -32,16 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat OpenShift Container Platform 4.4", + "product_name": "operator-framework/hadoop", "version": { "version_data": [ { - "version_value": "v4.4.0-202004261927", - "version_affected": "!" + "version_affected": "=", + "version_value": "as shipped in Red Hat Openshift 4" } ] } @@ -64,45 +64,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/articles/4859371" }, - { - "url": "https://access.redhat.com/errata/RHSA-2020:1938", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2020:1938" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2019-19354", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2019-19354" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793278", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793278" } ] - }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Joseph LaMagna-Reiter (SPR Inc.) for reporting this issue." - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "HIGH", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 7, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" - } - ] } } \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19355.json b/2019/19xxx/CVE-2019-19355.json index aab8b2f8539..c64266a57dd 100644 --- a/2019/19xxx/CVE-2019-19355.json +++ b/2019/19xxx/CVE-2019-19355.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges." + "value": "An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Incorrect Privilege Assignment", + "value": "CWE-266", "cweId": "CWE-266" } ] @@ -36,34 +36,12 @@ "product": { "product_data": [ { - "product_name": "Red Hat OpenShift Container Platform 4.1", + "product_name": "openshift", "version": { "version_data": [ { - "version_value": "v4.1.41-202004151639", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenShift Container Platform 4.2", - "version": { - "version_data": [ - { - "version_value": "v4.2.27-202003301126", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenShift Container Platform 4.3", - "version": { - "version_data": [ - { - "version_value": "v4.3.5-202003020549", - "version_affected": "!" + "version_affected": "=", + "version_value": "Openshift 4" } ] } @@ -76,36 +54,6 @@ }, "references": { "reference_data": [ - { - "url": "https://access.redhat.com/articles/4859371", - "refsource": "MISC", - "name": "https://access.redhat.com/articles/4859371" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2020:0683", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2020:0683" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2020:1280", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2020:1280" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2020:1545", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2020:1545" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2019-19355", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2019-19355" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793277", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793277" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19355", "refsource": "MISC", @@ -113,12 +61,6 @@ } ] }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Joseph LaMagna-Reiter (SPR Inc.) for reporting this issue." - } - ], "impact": { "cvss": [ { diff --git a/2019/3xxx/CVE-2019-3805.json b/2019/3xxx/CVE-2019-3805.json index b5ef233d68d..19ff6efcb08 100644 --- a/2019/3xxx/CVE-2019-3805.json +++ b/2019/3xxx/CVE-2019-3805.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-3805", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-364", + "cweId": "CWE-364" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,6 +40,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "affects up to 16.0.0.Final" } ] @@ -30,78 +52,66 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-364" - } - ] - } - ] - }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2019:1106", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:1106" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:1107", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:1107" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:1108", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:1108" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:1140", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:1140" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:2413", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:2413" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2020:0727", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2020:0727" + }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1107", - "url": "https://access.redhat.com/errata/RHSA-2019:1107" - }, - { - "refsource": "REDHAT", - "name": "RHSA-2019:1108", - "url": "https://access.redhat.com/errata/RHSA-2019:1108" - }, - { - "refsource": "REDHAT", - "name": "RHSA-2019:1106", - "url": "https://access.redhat.com/errata/RHSA-2019:1106" - }, - { - "refsource": "REDHAT", - "name": "RHSA-2019:1140", - "url": "https://access.redhat.com/errata/RHSA-2019:1140" - }, - { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190517-0004/", - "url": "https://security.netapp.com/advisory/ntap-20190517-0004/" - }, - { - "refsource": "REDHAT", - "name": "RHSA-2019:2413", - "url": "https://access.redhat.com/errata/RHSA-2019:2413" - }, - { - "refsource": "REDHAT", - "name": "RHSA-2020:0727", - "url": "https://access.redhat.com/errata/RHSA-2020:0727" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root." + "url": "https://security.netapp.com/advisory/ntap-20190517-0004/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20190517-0004/" } ] }, "impact": { "cvss": [ - [ - { - "vectorString": "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" - } - ] + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3811.json b/2019/3xxx/CVE-2019-3811.json index af5ad255492..11fdb7a1a76 100644 --- a/2019/3xxx/CVE-2019-3811.json +++ b/2019/3xxx/CVE-2019-3811.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in sssd where, if a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot()." + "value": "A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable." } ] }, @@ -21,7 +21,16 @@ "description": [ { "lang": "eng", - "value": "Exposure of Sensitive Information to an Unauthorized Actor", + "value": "CWE-552", + "cweId": "CWE-552" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-200", "cweId": "CWE-200" } ] @@ -32,16 +41,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "The sssd Project", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "sssd", "version": { "version_data": [ { - "version_value": "0:1.16.4-21.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "2.1" } ] } @@ -74,16 +83,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2019:2177" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2019-3811", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2019-3811" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656618", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1656618" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811", "refsource": "MISC", diff --git a/2020/10xxx/CVE-2020-10728.json b/2020/10xxx/CVE-2020-10728.json index 087cbefa808..d1360b35b10 100644 --- a/2020/10xxx/CVE-2020-10728.json +++ b/2020/10xxx/CVE-2020-10728.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10728", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in automationbroker/apb container in versions up to and including 2.0.4-1. This container grants all users sudoer permissions allowing an unauthorized user with access to the running container the ability to escalate their own privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-266", + "cweId": "CWE-266" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,6 +40,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "up to and including 2.0.4-1" } ] @@ -30,32 +52,12 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-266" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1829674", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1829674", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1829674" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A flaw was found in automationbroker/apb container in versions up to and including 2.0.4-1. This container grants all users sudoer permissions allowing an unauthorized user with access to the running container the ability to escalate their own privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1829674" } ] } diff --git a/2020/25xxx/CVE-2020-25673.json b/2020/25xxx/CVE-2020-25673.json index e88e08bd450..9ac8304b1a9 100644 --- a/2020/25xxx/CVE-2020-25673.json +++ b/2020/25xxx/CVE-2020-25673.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-25673", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400", + "cweId": "CWE-400" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,6 +40,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "All" } ] @@ -30,57 +52,37 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-400" - } - ] - } - ] - }, "references": { "reference_data": [ { - "refsource": "MLIST", - "name": "[oss-security] 20201101 [CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673]Linux kernel: many bugs in nfc socket", - "url": "http://www.openwall.com/lists/oss-security/2020/11/01/1" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2021-1c170a7c7c", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2021-21360476b6", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH/" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2021-d56567bdab", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS/" - }, - { + "url": "https://www.openwall.com/lists/oss-security/2020/11/01/1", "refsource": "MISC", - "name": "https://www.openwall.com/lists/oss-security/2020/11/01/1", - "url": "https://www.openwall.com/lists/oss-security/2020/11/01/1" + "name": "https://www.openwall.com/lists/oss-security/2020/11/01/1" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20210702-0008/", - "url": "https://security.netapp.com/advisory/ntap-20210702-0008/" - } - ] - }, - "description": { - "description_data": [ + "url": "http://www.openwall.com/lists/oss-security/2020/11/01/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/11/01/1" + }, { - "lang": "eng", - "value": "A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system." + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS/" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20210702-0008/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20210702-0008/" } ] } diff --git a/2020/25xxx/CVE-2020-25678.json b/2020/25xxx/CVE-2020-25678.json index eb5d97ae1cc..115152d403d 100644 --- a/2020/25xxx/CVE-2020-25678.json +++ b/2020/25xxx/CVE-2020-25678.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in Ceph where Ceph stores mgr module passwords in clear text. This issue can be found by searching the mgr logs for Grafana and dashboard, with passwords visible. The highest threat from this vulnerability is to confidentiality." + "value": "A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Cleartext Storage of Sensitive Information", + "value": "CWE-312", "cweId": "CWE-312" } ] @@ -32,28 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Ceph Storage 4.2", + "product_name": "ceph", "version": { "version_data": [ { - "version_value": "2:14.2.11-147.el7cp", - "version_affected": "!" - }, - { - "version_value": "0:4.0.49.2-1.el8cp", - "version_affected": "!" - }, - { - "version_value": "0:2.6.3-3.el8cp", - "version_affected": "!" - }, - { - "version_value": "0:1.5.2-3.el8cp", - "version_affected": "!" + "version_affected": "=", + "version_value": "ceph versions prior to 16.y.z" } ] } @@ -66,26 +54,16 @@ }, "references": { "reference_data": [ - { - "url": "https://tracker.ceph.com/issues/37503", - "refsource": "MISC", - "name": "https://tracker.ceph.com/issues/37503" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2021:1452", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2021:1452" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2020-25678", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2020-25678" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892109", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1892109" }, + { + "url": "https://tracker.ceph.com/issues/37503", + "refsource": "MISC", + "name": "https://tracker.ceph.com/issues/37503" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M/", "refsource": "MISC", @@ -97,23 +75,5 @@ "name": "https://security.gentoo.org/glsa/202105-39" } ] - }, - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "NONE", - "baseScore": 4.4, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "HIGH", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", - "version": "3.1" - } - ] } } \ No newline at end of file diff --git a/2020/25xxx/CVE-2020-25689.json b/2020/25xxx/CVE-2020-25689.json index ae78bf4c4cc..55ea6faa280 100644 --- a/2020/25xxx/CVE-2020-25689.json +++ b/2020/25xxx/CVE-2020-25689.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-25689", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-401", + "cweId": "CWE-401" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,6 +40,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "up to 21.0.0.Final" } ] @@ -30,48 +52,36 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-401" - } - ] - } - ] - }, "references": { "reference_data": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25689", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25689", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25689" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20201123-0006/", - "url": "https://security.netapp.com/advisory/ntap-20201123-0006/" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability." + "url": "https://security.netapp.com/advisory/ntap-20201123-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20201123-0006/" } ] }, "impact": { "cvss": [ - [ - { - "vectorString": "5.3/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" - } - ] + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } ] } } \ No newline at end of file diff --git a/2020/25xxx/CVE-2020-25691.json b/2020/25xxx/CVE-2020-25691.json index 97c4e90c352..8f8917d4fed 100644 --- a/2020/25xxx/CVE-2020-25691.json +++ b/2020/25xxx/CVE-2020-25691.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-25691", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-755", + "cweId": "CWE-755" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,6 +40,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "versions up to and including darkhttpd-1.13-1" } ] @@ -30,32 +52,12 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-755" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893725", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1893725", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893725" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability." + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1893725" } ] } diff --git a/2020/25xxx/CVE-2020-25697.json b/2020/25xxx/CVE-2020-25697.json index fb3d0ec4d63..b81429502bc 100644 --- a/2020/25xxx/CVE-2020-25697.json +++ b/2020/25xxx/CVE-2020-25697.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-25697", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server it is expecting to connect to." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306", + "cweId": "CWE-306" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,6 +40,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "All" } ] @@ -30,52 +52,27 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-306" - } - ] - } - ] - }, "references": { "reference_data": [ { - "refsource": "MLIST", - "name": "[oss-security] 20201109 The importance of mutual authentication: Local Privilege Escalation in X11", - "url": "http://www.openwall.com/lists/oss-security/2020/11/09/3" - }, - { - "refsource": "MLIST", - "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", - "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E" - }, - { + "url": "https://seclists.org/oss-sec/2020/q4/105", "refsource": "MISC", - "name": "https://seclists.org/oss-sec/2020/q4/105", - "url": "https://seclists.org/oss-sec/2020/q4/105" + "name": "https://seclists.org/oss-sec/2020/q4/105" }, { + "url": "http://www.openwall.com/lists/oss-security/2020/11/09/3", "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2020/11/09/3", - "url": "http://www.openwall.com/lists/oss-security/2020/11/09/3" + "name": "http://www.openwall.com/lists/oss-security/2020/11/09/3" }, { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895295", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1895295", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895295" - } - ] - }, - "description": { - "description_data": [ + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1895295" + }, { - "lang": "eng", - "value": "A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server it is expecting to connect to." + "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" } ] } diff --git a/2020/27xxx/CVE-2020-27795.json b/2020/27xxx/CVE-2020-27795.json index 20be0901ebb..8b02c9750f8 100644 --- a/2020/27xxx/CVE-2020-27795.json +++ b/2020/27xxx/CVE-2020-27795.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27795", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command \"adf\" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, -1); returns null pointer for fcn causing segmentation fault later in ensure_fcn_range (fcn)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-908 - Use of Uninitialized Resource", + "cweId": "CWE-908" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,6 +40,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "Fixed in v4.4.0." } ] @@ -30,42 +52,22 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-908 - Use of Uninitialized Resource" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://github.com/radareorg/radare2/issues/16215", "refsource": "MISC", - "name": "https://github.com/radareorg/radare2/issues/16215", - "url": "https://github.com/radareorg/radare2/issues/16215" + "name": "https://github.com/radareorg/radare2/issues/16215" }, { + "url": "https://github.com/radareorg/radare2/pull/16230", "refsource": "MISC", - "name": "https://github.com/radareorg/radare2/pull/16230", - "url": "https://github.com/radareorg/radare2/pull/16230" + "name": "https://github.com/radareorg/radare2/pull/16230" }, { + "url": "https://github.com/radareorg/radare2/commit/4d3811681a80f92a53e795f6a64c4b0fc2c8dd22", "refsource": "MISC", - "name": "https://github.com/radareorg/radare2/commit/4d3811681a80f92a53e795f6a64c4b0fc2c8dd22", - "url": "https://github.com/radareorg/radare2/commit/4d3811681a80f92a53e795f6a64c4b0fc2c8dd22" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command \"adf\" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, -1); returns null pointer for fcn causing segmentation fault later in ensure_fcn_range (fcn)." + "name": "https://github.com/radareorg/radare2/commit/4d3811681a80f92a53e795f6a64c4b0fc2c8dd22" } ] } diff --git a/2020/27xxx/CVE-2020-27815.json b/2020/27xxx/CVE-2020-27815.json index 680a1c5f916..f9a17fa1930 100644 --- a/2020/27xxx/CVE-2020-27815.json +++ b/2020/27xxx/CVE-2020-27815.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27815", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119", + "cweId": "CWE-119" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,6 +40,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "5.9.6" } ] @@ -30,77 +52,57 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-119" - } - ] - } - ] - }, "references": { "reference_data": [ { - "refsource": "MLIST", - "name": "[oss-security] 20201201 CVE-2020-27815 Linux kernel: jfs: array-index-out-of-bounds in dbAdjTree", - "url": "http://www.openwall.com/lists/oss-security/2020/11/30/5" - }, - { - "refsource": "MLIST", - "name": "[oss-security] 20201228 Re: CVE-2020-27815 Linux kernel: jfs: array-index-out-of-bounds in dbAdjTree", - "url": "http://www.openwall.com/lists/oss-security/2020/12/28/1" - }, - { - "refsource": "DEBIAN", - "name": "DSA-4843", - "url": "https://www.debian.org/security/2021/dsa-4843" - }, - { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update", - "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html" - }, - { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update", - "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html" - }, - { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c61b3e4839007668360ed8b87d7da96d2e59fc6c", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1897668,", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897668," + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c61b3e4839007668360ed8b87d7da96d2e59fc6c" }, { + "url": "http://www.openwall.com/lists/oss-security/2020/11/30/5", "refsource": "MISC", - "name": "https://www.openwall.com/lists/oss-security/2020/11/30/5,", - "url": "https://www.openwall.com/lists/oss-security/2020/11/30/5," + "name": "http://www.openwall.com/lists/oss-security/2020/11/30/5" }, { + "url": "http://www.openwall.com/lists/oss-security/2020/12/28/1", "refsource": "MISC", - "name": "https://www.openwall.com/lists/oss-security/2020/12/28/1,", - "url": "https://www.openwall.com/lists/oss-security/2020/12/28/1," + "name": "http://www.openwall.com/lists/oss-security/2020/12/28/1" }, { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897668%2C", "refsource": "MISC", - "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c61b3e4839007668360ed8b87d7da96d2e59fc6c", - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c61b3e4839007668360ed8b87d7da96d2e59fc6c" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1897668%2C" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20210702-0004/", - "url": "https://security.netapp.com/advisory/ntap-20210702-0004/" - } - ] - }, - "description": { - "description_data": [ + "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html" + }, { - "lang": "eng", - "value": "A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." + "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20210702-0004/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20210702-0004/" + }, + { + "url": "https://www.debian.org/security/2021/dsa-4843", + "refsource": "MISC", + "name": "https://www.debian.org/security/2021/dsa-4843" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2020/11/30/5%2C", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2020/11/30/5%2C" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2020/12/28/1%2C", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2020/12/28/1%2C" } ] } diff --git a/2020/27xxx/CVE-2020-27820.json b/2020/27xxx/CVE-2020-27820.json index ca7d7cc9c73..87627f7bb54 100644 --- a/2020/27xxx/CVE-2020-27820.json +++ b/2020/27xxx/CVE-2020-27820.json @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Use After Free", + "value": "CWE-416", "cweId": "CWE-416" } ] @@ -32,20 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 8", + "product_name": "kernel", "version": { "version_data": [ { - "version_value": "0:4.18.0-372.9.1.rt7.166.el8", - "version_affected": "!" - }, - { - "version_value": "0:4.18.0-372.9.1.el8", - "version_affected": "!" + "version_affected": "=", + "version_value": "to be fixed in RHEL-9 release" } ] } @@ -59,45 +55,15 @@ "references": { "reference_data": [ { - "url": "https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline@redhat.com/", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901726", "refsource": "MISC", - "name": "https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline@redhat.com/" - }, - { - "url": "https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline@redhat.com/", - "refsource": "MISC", - "name": "https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline@redhat.com/" - }, - { - "url": "https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline@redhat.com/", - "refsource": "MISC", - "name": "https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline@redhat.com/" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1901726" }, { "url": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2022.html" }, - { - "url": "https://access.redhat.com/errata/RHSA-2022:1975", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2022:1975" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2022:1988", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2022:1988" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2020-27820", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2020-27820" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901726", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1901726" - }, { "url": "https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline%40redhat.com/", "refsource": "MISC", @@ -114,35 +80,5 @@ "name": "https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline%40redhat.com/" } ] - }, - "work_around": [ - { - "lang": "en", - "value": "To mitigate this issue, prevent the module nouveau from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically." - } - ], - "credits": [ - { - "lang": "en", - "value": "This issue was discovered by Jeremy Cline (Red Hat)." - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "HIGH", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 4.1, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "HIGH", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", - "version": "3.1" - } - ] } } \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27822.json b/2020/27xxx/CVE-2020-27822.json index e43431dd412..6a701fbba03 100644 --- a/2020/27xxx/CVE-2020-27822.json +++ b/2020/27xxx/CVE-2020-27822.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27822", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-401", + "cweId": "CWE-401" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,6 +40,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, 21.0.0.Final" } ] @@ -30,32 +52,12 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-401" - } - ] - } - ] - }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1904060", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1904060" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability." + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1904060", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1904060" } ] } diff --git a/2020/27xxx/CVE-2020-27833.json b/2020/27xxx/CVE-2020-27833.json index f57b81f22e6..e57f4d3b85d 100644 --- a/2020/27xxx/CVE-2020-27833.json +++ b/2020/27xxx/CVE-2020-27833.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27833", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first created pointing within the tarball, this allows further symbolic links to bypass the existing path check. This flaw allows the tarball to create links outside the tarball's parent directory, allowing for executables or configuration files to be overwritten, resulting in arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions up to and including openshift-clients-4.7.0-202104250659.p0.git.95881af are affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20", + "cweId": "CWE-20" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,6 +40,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "up to & including openshift-clients-4.7.0-202104250659.p0.git.95881af" } ] @@ -30,37 +52,17 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-20" - } - ] - } - ] - }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "name": "https://access.redhat.com/security/cve/CVE-2020-27833", - "url": "https://access.redhat.com/security/cve/CVE-2020-27833" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905945", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1905945" }, { + "url": "https://access.redhat.com/security/cve/CVE-2020-27833", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1905945", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905945" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first created pointing within the tarball, this allows further symbolic links to bypass the existing path check. This flaw allows the tarball to create links outside the tarball's parent directory, allowing for executables or configuration files to be overwritten, resulting in arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions up to and including openshift-clients-4.7.0-202104250659.p0.git.95881af are affected." + "name": "https://access.redhat.com/security/cve/CVE-2020-27833" } ] } diff --git a/2020/35xxx/CVE-2020-35492.json b/2020/35xxx/CVE-2020-35492.json index 78a84a91a01..6e9aad0c4cb 100644 --- a/2020/35xxx/CVE-2020-35492.json +++ b/2020/35xxx/CVE-2020-35492.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in cairo's image-compositor.c. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability." + "value": "A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Stack-based Buffer Overflow", + "value": "CWE-121", "cweId": "CWE-121" } ] @@ -32,16 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 8", + "product_name": "cairo", "version": { "version_data": [ { - "version_value": "0:1.15.12-6.el8", - "version_affected": "!" + "version_affected": "=", + "version_value": "All cairo versions" } ] } @@ -54,51 +54,11 @@ }, "references": { "reference_data": [ - { - "url": "https://access.redhat.com/errata/RHSA-2022:1961", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2022:1961" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2020-35492", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2020-35492" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396" } ] - }, - "work_around": [ - { - "lang": "en", - "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." - } - ], - "credits": [ - { - "lang": "en", - "value": "This issue was discovered by Stephan Bergmann (Red Hat)." - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.1" - } - ] } } \ No newline at end of file diff --git a/2020/35xxx/CVE-2020-35501.json b/2020/35xxx/CVE-2020-35501.json index 5a190d253dc..efb02c826dd 100644 --- a/2020/35xxx/CVE-2020-35501.json +++ b/2020/35xxx/CVE-2020-35501.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-35501", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863", + "cweId": "CWE-863" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,6 +40,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "affecting all versions up to kernel 5.17" } ] @@ -30,32 +52,12 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-863" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908577", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1908577", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908577" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1908577" } ] } diff --git a/2020/35xxx/CVE-2020-35503.json b/2020/35xxx/CVE-2020-35503.json index 3ebabd5a14c..5f51046459b 100644 --- a/2020/35xxx/CVE-2020-35503.json +++ b/2020/35xxx/CVE-2020-35503.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-35503", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476", + "cweId": "CWE-476" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,6 +40,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "All QEMU versions before and including 6.0" } ] @@ -30,37 +52,17 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-476" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1910346", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1910346", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1910346" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1910346" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20210720-0008/", - "url": "https://security.netapp.com/advisory/ntap-20210720-0008/" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability." + "url": "https://security.netapp.com/advisory/ntap-20210720-0008/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20210720-0008/" } ] } diff --git a/2020/35xxx/CVE-2020-35508.json b/2020/35xxx/CVE-2020-35508.json index 55792e0d6e6..35cd922a055 100644 --- a/2020/35xxx/CVE-2020-35508.json +++ b/2020/35xxx/CVE-2020-35508.json @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Initialization", + "value": "CWE-665", "cweId": "CWE-665" } ] @@ -32,35 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 8", + "product_name": "kernel", "version": { "version_data": [ { - "version_value": "0:4.18.0-305.rt7.72.el8", - "version_affected": "!" - }, - { - "version_value": "0:4.18.0-305.el8", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", - "version": { - "version_data": [ - { - "version_value": "0:4.18.0-193.60.2.rt13.112.el8_2", - "version_affected": "!" - }, - { - "version_value": "0:4.18.0-193.60.2.el8_2", - "version_affected": "!" + "version_affected": "=", + "version_value": "kernel 5.12" } ] } @@ -73,76 +54,21 @@ }, "references": { "reference_data": [ - { - "url": "https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948", - "refsource": "MISC", - "name": "https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2021:1578", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2021:1578" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2021:1739", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2021:1739" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2021:2718", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2021:2718" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2021:2719", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2021:2719" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2020-35508", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2020-35508" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902724", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1902724" }, + { + "url": "https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948" + }, { "url": "https://security.netapp.com/advisory/ntap-20210513-0006/", "refsource": "MISC", "name": "https://security.netapp.com/advisory/ntap-20210513-0006/" } ] - }, - "work_around": [ - { - "lang": "en", - "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." - } - ], - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Eddy Wu (trendmicro.com) for reporting this issue." - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "HIGH", - "attackVector": "LOCAL", - "availabilityImpact": "LOW", - "baseScore": 4.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "version": "3.1" - } - ] } } \ No newline at end of file diff --git a/2020/35xxx/CVE-2020-35509.json b/2020/35xxx/CVE-2020-35509.json index 472f2c7a51f..bd4b7e1e9d4 100644 --- a/2020/35xxx/CVE-2020-35509.json +++ b/2020/35xxx/CVE-2020-35509.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-35509", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20", + "cweId": "CWE-20" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,6 +40,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "11.0.3, 12.0.0" } ] @@ -30,32 +52,12 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-20" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://access.redhat.com/security/cve/cve-2020-35509", "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/cve-2020-35509", - "url": "https://access.redhat.com/security/cve/cve-2020-35509" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity." + "name": "https://access.redhat.com/security/cve/cve-2020-35509" } ] } diff --git a/2020/35xxx/CVE-2020-35514.json b/2020/35xxx/CVE-2020-35514.json index 624bd3b64af..6cff655c49b 100644 --- a/2020/35xxx/CVE-2020-35514.json +++ b/2020/35xxx/CVE-2020-35514.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-35514", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-266", + "cweId": "CWE-266" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,6 +40,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "Unspecified" } ] @@ -30,32 +52,12 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-266" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914714", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1914714", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914714" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0." + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1914714" } ] } diff --git a/2020/35xxx/CVE-2020-35517.json b/2020/35xxx/CVE-2020-35517.json index 7265ae95be8..814c24eb2ce 100644 --- a/2020/35xxx/CVE-2020-35517.json +++ b/2020/35xxx/CVE-2020-35517.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." + "value": "A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Privilege Management", + "value": "CWE-269", "cweId": "CWE-269" } ] @@ -32,38 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Advanced Virtualization for RHEL 8.2.1", + "product_name": "qemu", "version": { "version_data": [ { - "version_value": "8020120210211153838.863bb0db", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Advanced Virtualization for RHEL 8.3.1", - "version": { - "version_data": [ - { - "version_value": "8030120210211160750.71132145", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 8", - "version": { - "version_data": [ - { - "version_value": "8030020210210212009.229f0a1c", - "version_affected": "!" + "version_affected": "=", + "version_value": "qemu 5.2.0" } ] } @@ -81,6 +59,11 @@ "refsource": "MISC", "name": "https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c" }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915823", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1915823" + }, { "url": "https://www.openwall.com/lists/oss-security/2021/01/22/1", "refsource": "MISC", @@ -96,64 +79,10 @@ "refsource": "MISC", "name": "https://security.gentoo.org/glsa/202208-27" }, - { - "url": "https://access.redhat.com/errata/RHBA-2021:0639", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHBA-2021:0639" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2021:0711", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2021:0711" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2021:0743", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2021:0743" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2020-35517", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2020-35517" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915823", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1915823" - }, { "url": "https://security.netapp.com/advisory/ntap-20210312-0002/", "refsource": "MISC", "name": "https://security.netapp.com/advisory/ntap-20210312-0002/" - }, - { - "url": "https://virtio-fs.gitlab.io/", - "refsource": "MISC", - "name": "https://virtio-fs.gitlab.io/" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Alex Xu (alxu.ca) for reporting this issue." - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "HIGH", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" } ] } diff --git a/2020/35xxx/CVE-2020-35519.json b/2020/35xxx/CVE-2020-35519.json index ce5503ac161..472b9d5598a 100644 --- a/2020/35xxx/CVE-2020-35519.json +++ b/2020/35xxx/CVE-2020-35519.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-35519", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125", + "cweId": "CWE-125" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,6 +40,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "v5.12-rc5" } ] @@ -30,37 +52,17 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-125" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908251", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1908251", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908251" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1908251" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20210618-0009/", - "url": "https://security.netapp.com/advisory/ntap-20210618-0009/" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." + "url": "https://security.netapp.com/advisory/ntap-20210618-0009/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20210618-0009/" } ] }