mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
parent
d66e96fd10
commit
7e34509b69
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2012-1583",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets."
|
||||
"value": "CVE-2012-1583 kernel: ipv6: panic using raw sockets"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,63 +21,134 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
|
||||
"cweId": "CWE-119"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.18-308.4.1.el5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5.6 EUS - Server Only",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.18-238.39.1.el5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d0772b70faaf8e9f2013b6c4273d94d5eac8047a",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d0772b70faaf8e9f2013b6c4273d94d5eac8047a"
|
||||
"url": "http://marc.info/?l=bugtraq&m=133951357207000&w=2",
|
||||
"refsource": "MISC",
|
||||
"name": "http://marc.info/?l=bugtraq&m=133951357207000&w=2"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=752304",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=752304"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
|
||||
},
|
||||
{
|
||||
"name": "1026930",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id?1026930"
|
||||
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22",
|
||||
"refsource": "MISC",
|
||||
"name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22"
|
||||
},
|
||||
{
|
||||
"name": "53139",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/53139"
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d0772b70faaf8e9f2013b6c4273d94d5eac8047a",
|
||||
"refsource": "MISC",
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d0772b70faaf8e9f2013b6c4273d94d5eac8047a"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2012:0488",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
|
||||
"url": "http://secunia.com/advisories/48881",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/48881"
|
||||
},
|
||||
{
|
||||
"name": "48881",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/48881"
|
||||
"url": "http://www.securityfocus.com/bid/53139",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/53139"
|
||||
},
|
||||
{
|
||||
"name": "SSRT100852",
|
||||
"refsource": "HP",
|
||||
"url": "http://marc.info/?l=bugtraq&m=133951357207000&w=2"
|
||||
"url": "http://www.securitytracker.com/id?1026930",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securitytracker.com/id?1026930"
|
||||
},
|
||||
{
|
||||
"name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2012:0480",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2012:0480"
|
||||
},
|
||||
{
|
||||
"name": "HPSBMU02776",
|
||||
"refsource": "HP",
|
||||
"url": "http://marc.info/?l=bugtraq&m=133951357207000&w=2"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2012:0720",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2012:0720"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/torvalds/linux/commit/d0772b70faaf8e9f2013b6c4273d94d5eac8047a",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/torvalds/linux/commit/d0772b70faaf8e9f2013b6c4273d94d5eac8047a"
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2012-1583",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2012-1583"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=752304",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=752304"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/torvalds/linux/commit/d0772b70faaf8e9f2013b6c4273d94d5eac8047a",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/torvalds/linux/commit/d0772b70faaf8e9f2013b6c4273d94d5eac8047a"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "LOW",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "COMPLETE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 7.8,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "NONE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2012-2088",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow."
|
||||
"value": "CVE-2012-2088 libtiff: Type conversion flaw leading to heap-buffer overflow"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,73 +21,144 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Heap-based Buffer Overflow",
|
||||
"cweId": "CWE-122"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:3.8.2-15.el5_8",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:3.9.4-6.el6_3",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT6163",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT6163"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2012:0829",
|
||||
"refsource": "SUSE",
|
||||
"url": "https://hermes.opensuse.org/messages/15083566"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SU-2012:0894",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2012:1054",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2012-1054.html"
|
||||
},
|
||||
{
|
||||
"name": "54270",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/54270"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2013-03-14-1",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
|
||||
},
|
||||
{
|
||||
"name": "GLSA-201209-02",
|
||||
"refsource": "GENTOO",
|
||||
"url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
|
||||
},
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT6162",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT6162"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=832864",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html",
|
||||
"refsource": "MISC",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=832864"
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2012:101",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:101"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2012-1054.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2012-1054.html"
|
||||
},
|
||||
{
|
||||
"name": "49686",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/49686"
|
||||
"url": "http://secunia.com/advisories/49686",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/49686"
|
||||
},
|
||||
{
|
||||
"name": "50726",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/50726"
|
||||
"url": "http://secunia.com/advisories/50726",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/50726"
|
||||
},
|
||||
{
|
||||
"url": "http://security.gentoo.org/glsa/glsa-201209-02.xml",
|
||||
"refsource": "MISC",
|
||||
"name": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
|
||||
},
|
||||
{
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:101",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:101"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2012:1054",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2012:1054"
|
||||
},
|
||||
{
|
||||
"url": "https://hermes.opensuse.org/messages/15083566",
|
||||
"refsource": "MISC",
|
||||
"name": "https://hermes.opensuse.org/messages/15083566"
|
||||
},
|
||||
{
|
||||
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
|
||||
},
|
||||
{
|
||||
"url": "http://support.apple.com/kb/HT6162",
|
||||
"refsource": "MISC",
|
||||
"name": "http://support.apple.com/kb/HT6162"
|
||||
},
|
||||
{
|
||||
"url": "http://support.apple.com/kb/HT6163",
|
||||
"refsource": "MISC",
|
||||
"name": "http://support.apple.com/kb/HT6163"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/bid/54270",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/54270"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2012-2088",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2012-2088"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=832864",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=832864"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 6.8,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2012-2133",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges by interacting with a hugetlbfs filesystem, as demonstrated by a umount operation that triggers improper handling of quota data."
|
||||
"value": "CVE-2012-2133 kernel: use after free bug in \"quota\" handling"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,58 +21,150 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Use After Free",
|
||||
"cweId": "CWE-416"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.32-279.14.1.el6",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6.2 EUS - Server and Compute Node Only",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.32-220.34.1.el6",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise MRG 2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:3.2.33-rt50.66.el6rt",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=90481622d75715bfcb68501280a917dbfe516029",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=90481622d75715bfcb68501280a917dbfe516029"
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html"
|
||||
},
|
||||
{
|
||||
"name": "DSA-2469",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2012/dsa-2469"
|
||||
"url": "http://www.debian.org/security/2012/dsa-2469",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.debian.org/security/2012/dsa-2469"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=817430",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=817430"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2012:1491",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2012:1491"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SU-2012:0616",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2012:1426",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2012:1426"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20120424 Re: CVE Request: use after free bug in \"quota\" handling in hugetlb code",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2012/04/24/12"
|
||||
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6"
|
||||
},
|
||||
{
|
||||
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6"
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=90481622d75715bfcb68501280a917dbfe516029",
|
||||
"refsource": "MISC",
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=90481622d75715bfcb68501280a917dbfe516029"
|
||||
},
|
||||
{
|
||||
"name": "53233",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/53233"
|
||||
"url": "http://www.openwall.com/lists/oss-security/2012/04/24/12",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2012/04/24/12"
|
||||
},
|
||||
{
|
||||
"name": "linux-kernel-hugepages-dos(75168)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75168"
|
||||
"url": "http://www.securityfocus.com/bid/53233",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/53233"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/torvalds/linux/commit/90481622d75715bfcb68501280a917dbfe516029",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/torvalds/linux/commit/90481622d75715bfcb68501280a917dbfe516029"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2013:0741",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2013:0741"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2012-2133",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2012-2133"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=817430",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=817430"
|
||||
},
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75168",
|
||||
"refsource": "MISC",
|
||||
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75168"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/torvalds/linux/commit/90481622d75715bfcb68501280a917dbfe516029",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/torvalds/linux/commit/90481622d75715bfcb68501280a917dbfe516029"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "HIGH",
|
||||
"accessVector": "LOCAL",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "COMPLETE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 6.2,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "COMPLETE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "COMPLETE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2012-2136",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device."
|
||||
"value": "CVE-2012-2136 kernel: net: insufficient data_len validation in sock_alloc_send_pskb()"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,63 +21,155 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
|
||||
"cweId": "CWE-119"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.18-308.8.1.el5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5.6 EUS - Server Only",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.18-238.40.1.el5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.32-220.23.1.el6",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5"
|
||||
"url": "http://ubuntu.com/usn/usn-1529-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://ubuntu.com/usn/usn-1529-1"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2012:0743",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2012-0743.html"
|
||||
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5"
|
||||
},
|
||||
{
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2012-0743.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2012-0743.html"
|
||||
},
|
||||
{
|
||||
"name": "53721",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/53721"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2012:0743",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2012:0743"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/torvalds/linux/commit/cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/torvalds/linux/commit/cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc"
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc",
|
||||
"refsource": "MISC",
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc"
|
||||
},
|
||||
{
|
||||
"name": "USN-1535-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-1535-1"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2012-1087.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2012-1087.html"
|
||||
},
|
||||
{
|
||||
"name": "USN-1529-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://ubuntu.com/usn/usn-1529-1"
|
||||
"url": "http://secunia.com/advisories/50807",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/50807"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=816289",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=816289"
|
||||
"url": "http://www.securityfocus.com/bid/53721",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/53721"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2012:1087",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2012-1087.html"
|
||||
"url": "http://www.ubuntu.com/usn/USN-1535-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-1535-1"
|
||||
},
|
||||
{
|
||||
"name": "50807",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/50807"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2012:0690",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2012:0690"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2012:1087",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2012:1087"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2012-2136",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2012-2136"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=816289",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=816289"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/torvalds/linux/commit/cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/torvalds/linux/commit/cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "HIGH",
|
||||
"accessVector": "LOCAL",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "COMPLETE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 6.2,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "COMPLETE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "COMPLETE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2012-2319",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel before 3.3.5 allow local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020."
|
||||
"value": "CVE-2012-2319 kernel: Buffer overflow in the HFS plus filesystem (different issue than CVE-2009-4020)"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,58 +21,134 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
|
||||
"cweId": "CWE-119"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.18-308.16.1.el5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5.6 EUS - Server Only",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.18-238.45.1.el5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "50811",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/50811"
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20120507 Re: CVE request: Linux kernel: Buffer overflow in HFS plus filesystem",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2012/05/07/11"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2012-1323.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2012-1323.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2012:1323",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2012-1323.html"
|
||||
"url": "http://secunia.com/advisories/50811",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/50811"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2012:1347",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2012-1347.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2012:1323",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2012:1323"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=819471",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=819471"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2012-1347.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2012-1347.html"
|
||||
},
|
||||
{
|
||||
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.5",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.5"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2012:1347",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2012:1347"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/torvalds/linux/commit/6f24f892871acc47b40dd594c63606a17c714f77",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/torvalds/linux/commit/6f24f892871acc47b40dd594c63606a17c714f77"
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6f24f892871acc47b40dd594c63606a17c714f77",
|
||||
"refsource": "MISC",
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6f24f892871acc47b40dd594c63606a17c714f77"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SU-2015:0812",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
|
||||
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.5",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.5"
|
||||
},
|
||||
{
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f24f892871acc47b40dd594c63606a17c714f77",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f24f892871acc47b40dd594c63606a17c714f77"
|
||||
"url": "http://www.openwall.com/lists/oss-security/2012/05/07/11",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2012/05/07/11"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2012-2319",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2012-2319"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=819471",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=819471"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/torvalds/linux/commit/6f24f892871acc47b40dd594c63606a17c714f77",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/torvalds/linux/commit/6f24f892871acc47b40dd594c63606a17c714f77"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "HIGH",
|
||||
"accessVector": "LOCAL",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "COMPLETE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 6.2,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "COMPLETE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "COMPLETE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2013-0333",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156."
|
||||
"value": "CVE-2013-0333 rubygem-activesupport: json to yaml parsing"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,68 +21,174 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Deserialization of Untrusted Data",
|
||||
"cweId": "CWE-502"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "CloudForms for RHEL 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.1.12.1-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "1:3.0.10-9.el6cf",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Subscription Asset Manager 1.1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "1:3.0.10-7.el6cf",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RHEL 6 Version of OpenShift Enterprise",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "1:3.0.13-4.el6op",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "VU#628463",
|
||||
"refsource": "CERT-VN",
|
||||
"url": "http://www.kb.cert.org/vuls/id/628463"
|
||||
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
|
||||
},
|
||||
{
|
||||
"name": "DSA-2613",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2013/dsa-2613"
|
||||
"url": "http://support.apple.com/kb/HT5784",
|
||||
"refsource": "MISC",
|
||||
"name": "http://support.apple.com/kb/HT5784"
|
||||
},
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT5784",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT5784"
|
||||
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2013-06-04-1",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
|
||||
"url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/",
|
||||
"refsource": "MISC",
|
||||
"name": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2013-03-14-1",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
|
||||
"url": "http://www.kb.cert.org/vuls/id/628463",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.kb.cert.org/vuls/id/628463"
|
||||
},
|
||||
{
|
||||
"name": "[rubyonrails-security] 20130129 Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3",
|
||||
"refsource": "MLIST",
|
||||
"url": "https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source&output=gplain"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0201.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2013-0201.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2013:0201",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0201.html"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0202.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2013-0202.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2013:0202",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0202.html"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0203.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2013-0203.html"
|
||||
},
|
||||
{
|
||||
"name": "https://puppet.com/security/cve/cve-2013-0333",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://puppet.com/security/cve/cve-2013-0333"
|
||||
"url": "http://www.debian.org/security/2013/dsa-2613",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.debian.org/security/2013/dsa-2613"
|
||||
},
|
||||
{
|
||||
"name": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2013:0201",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2013:0201"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2013:0203",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0203.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2013:0202",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2013:0202"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2013:0203",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2013:0203"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2013-0333",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2013-0333"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=903440",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=903440"
|
||||
},
|
||||
{
|
||||
"url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo",
|
||||
"refsource": "MISC",
|
||||
"name": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo"
|
||||
},
|
||||
{
|
||||
"url": "https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source&output=gplain",
|
||||
"refsource": "MISC",
|
||||
"name": "https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source&output=gplain"
|
||||
},
|
||||
{
|
||||
"url": "https://puppet.com/security/cve/cve-2013-0333",
|
||||
"refsource": "MISC",
|
||||
"name": "https://puppet.com/security/cve/cve-2013-0333"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "LOW",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 7.5,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2013-1763",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message."
|
||||
"value": "CVE-2013-1763 kernel: sock_diag: out-of-bounds access to sock_diag_handlers[]"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,83 +21,143 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
|
||||
"cweId": "CWE-119"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise MRG 2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:3.6.11-rt30.25.el6rt",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=915052",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915052"
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/torvalds/linux/commit/6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/torvalds/linux/commit/6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2013:0622",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2013:0622"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20130225 Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://openwall.com/lists/oss-security/2013/02/25/12"
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2013:176",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0",
|
||||
"refsource": "MISC",
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0"
|
||||
},
|
||||
{
|
||||
"name": "USN-1750-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-1750-1"
|
||||
"url": "http://openwall.com/lists/oss-security/2013/02/25/12",
|
||||
"refsource": "MISC",
|
||||
"name": "http://openwall.com/lists/oss-security/2013/02/25/12"
|
||||
},
|
||||
{
|
||||
"name": "33336",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "http://www.exploit-db.com/exploits/33336"
|
||||
"url": "http://www.exploit-db.com/exploits/24555",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.exploit-db.com/exploits/24555"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20130224 Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2013/02/24/3"
|
||||
"url": "http://www.exploit-db.com/exploits/24746",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.exploit-db.com/exploits/24746"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2013:0395",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html"
|
||||
"url": "http://www.exploit-db.com/exploits/33336",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.exploit-db.com/exploits/33336"
|
||||
},
|
||||
{
|
||||
"name": "24746",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "http://www.exploit-db.com/exploits/24746"
|
||||
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10"
|
||||
},
|
||||
{
|
||||
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10"
|
||||
"url": "http://www.openwall.com/lists/oss-security/2013/02/24/3",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2013/02/24/3"
|
||||
},
|
||||
{
|
||||
"name": "USN-1749-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-1749-1"
|
||||
"url": "http://www.ubuntu.com/usn/USN-1749-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-1749-1"
|
||||
},
|
||||
{
|
||||
"name": "24555",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "http://www.exploit-db.com/exploits/24555"
|
||||
"url": "http://www.ubuntu.com/usn/USN-1750-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-1750-1"
|
||||
},
|
||||
{
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0"
|
||||
"url": "http://www.ubuntu.com/usn/USN-1751-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-1751-1"
|
||||
},
|
||||
{
|
||||
"name": "USN-1751-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-1751-1"
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2013-1763",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2013-1763"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915052",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=915052"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/torvalds/linux/commit/6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/torvalds/linux/commit/6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "LOW",
|
||||
"accessVector": "LOCAL",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "COMPLETE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 7.2,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "COMPLETE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "COMPLETE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2013-1767",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option."
|
||||
"value": "CVE-2013-1767 Kernel: tmpfs: fix use-after-free of mempolicy object"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,113 +21,221 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Use After Free",
|
||||
"cweId": "CWE-416"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.32-358.6.1.el6",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6.2 EUS - Server and Compute Node Only",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.32-220.38.1.el6",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.32-279.31.1.el6",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise MRG 2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:3.6.11.2-rt33.39.el6rt",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "openSUSE-SU-2013:0847",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html"
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"
|
||||
},
|
||||
{
|
||||
"name": "USN-1796-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-1796-1"
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=915592",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915592"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0882.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2013-0882.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2013:0882",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0882.html"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0928.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2013-0928.html"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2013:176",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2013:0882",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2013:0882"
|
||||
},
|
||||
{
|
||||
"name": "USN-1797-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-1797-1"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2013:0928",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2013:0928"
|
||||
},
|
||||
{
|
||||
"name": "USN-1788-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-1788-1"
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html"
|
||||
},
|
||||
{
|
||||
"name": "USN-1793-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-1793-1"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
|
||||
},
|
||||
{
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5f00110f7273f9ff04ac69a5f85bb535a4fd0987",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5f00110f7273f9ff04ac69a5f85bb535a4fd0987"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2013:0744",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2013:0744"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2013:0928",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0928.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2013:0829",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2013:0829"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/torvalds/linux/commit/5f00110f7273f9ff04ac69a5f85bb535a4fd0987",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/torvalds/linux/commit/5f00110f7273f9ff04ac69a5f85bb535a4fd0987"
|
||||
"url": "http://www.ubuntu.com/usn/USN-1795-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-1795-1"
|
||||
},
|
||||
{
|
||||
"name": "USN-1792-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-1792-1"
|
||||
"url": "http://www.ubuntu.com/usn/USN-1796-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-1796-1"
|
||||
},
|
||||
{
|
||||
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10"
|
||||
"url": "http://www.ubuntu.com/usn/USN-1797-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-1797-1"
|
||||
},
|
||||
{
|
||||
"name": "USN-1794-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-1794-1"
|
||||
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2013:0744",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5f00110f7273f9ff04ac69a5f85bb535a4fd0987",
|
||||
"refsource": "MISC",
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5f00110f7273f9ff04ac69a5f85bb535a4fd0987"
|
||||
},
|
||||
{
|
||||
"name": "USN-1795-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-1795-1"
|
||||
"url": "http://www.openwall.com/lists/oss-security/2013/02/25/23",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2013/02/25/23"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2013:0925",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"
|
||||
"url": "http://www.ubuntu.com/usn/USN-1787-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-1787-1"
|
||||
},
|
||||
{
|
||||
"name": "USN-1787-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-1787-1"
|
||||
"url": "http://www.ubuntu.com/usn/USN-1788-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-1788-1"
|
||||
},
|
||||
{
|
||||
"name": "USN-1798-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-1798-1"
|
||||
"url": "http://www.ubuntu.com/usn/USN-1792-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-1792-1"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20130225 Re: kernel: tmpfs use-after-free",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2013/02/25/23"
|
||||
"url": "http://www.ubuntu.com/usn/USN-1793-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-1793-1"
|
||||
},
|
||||
{
|
||||
"url": "http://www.ubuntu.com/usn/USN-1794-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-1794-1"
|
||||
},
|
||||
{
|
||||
"url": "http://www.ubuntu.com/usn/USN-1798-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-1798-1"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2013-1767",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2013-1767"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915592",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=915592"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/torvalds/linux/commit/5f00110f7273f9ff04ac69a5f85bb535a4fd0987",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/torvalds/linux/commit/5f00110f7273f9ff04ac69a5f85bb535a4fd0987"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "HIGH",
|
||||
"accessVector": "LOCAL",
|
||||
"authentication": "SINGLE",
|
||||
"availabilityImpact": "COMPLETE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 6,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "COMPLETE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "COMPLETE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2013-1774",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter."
|
||||
"value": "CVE-2013-1774 Kernel: USB io_ti driver NULL pointer dereference in routine chase_port"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,78 +21,154 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "NULL Pointer Dereference",
|
||||
"cweId": "CWE-476"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.32-358.6.1.el6",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise MRG 2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:3.6.11.2-rt33.39.el6rt",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "openSUSE-SU-2013:0847",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=916191",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916191"
|
||||
},
|
||||
{
|
||||
"name": "USN-1805-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-1805-1"
|
||||
},
|
||||
{
|
||||
"name": "USN-1808-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-1808-1"
|
||||
},
|
||||
{
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1ee0a224bc9aad1de496c795f96bc6ba2c394811",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1ee0a224bc9aad1de496c795f96bc6ba2c394811"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/torvalds/linux/commit/1ee0a224bc9aad1de496c795f96bc6ba2c394811",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/torvalds/linux/commit/1ee0a224bc9aad1de496c795f96bc6ba2c394811"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SU-2013:1474",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20130227 Re: CVE request: Linux kernel: USB: io_ti: NULL pointer dereference",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/29"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2013:0744",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2013:0925",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SU-2013:1182",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html"
|
||||
},
|
||||
{
|
||||
"name": "http://xorl.wordpress.com/2013/05/18/cve-2013-1774-linux-kernel-edgeport-usb-serial-converter-null-pointer-dereference/",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://xorl.wordpress.com/2013/05/18/cve-2013-1774-linux-kernel-edgeport-usb-serial-converter-null-pointer-dereference/"
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"
|
||||
},
|
||||
{
|
||||
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.4",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.4"
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html"
|
||||
},
|
||||
{
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2013:0744",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2013:0744"
|
||||
},
|
||||
{
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2013:0829",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2013:0829"
|
||||
},
|
||||
{
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html"
|
||||
},
|
||||
{
|
||||
"url": "http://www.ubuntu.com/usn/USN-1805-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-1805-1"
|
||||
},
|
||||
{
|
||||
"url": "http://www.ubuntu.com/usn/USN-1808-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-1808-1"
|
||||
},
|
||||
{
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1ee0a224bc9aad1de496c795f96bc6ba2c394811",
|
||||
"refsource": "MISC",
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1ee0a224bc9aad1de496c795f96bc6ba2c394811"
|
||||
},
|
||||
{
|
||||
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.4",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.4"
|
||||
},
|
||||
{
|
||||
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/29",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2013/02/27/29"
|
||||
},
|
||||
{
|
||||
"url": "http://xorl.wordpress.com/2013/05/18/cve-2013-1774-linux-kernel-edgeport-usb-serial-converter-null-pointer-dereference/",
|
||||
"refsource": "MISC",
|
||||
"name": "http://xorl.wordpress.com/2013/05/18/cve-2013-1774-linux-kernel-edgeport-usb-serial-converter-null-pointer-dereference/"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2013-1774",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2013-1774"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916191",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=916191"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/torvalds/linux/commit/1ee0a224bc9aad1de496c795f96bc6ba2c394811",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/torvalds/linux/commit/1ee0a224bc9aad1de496c795f96bc6ba2c394811"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "HIGH",
|
||||
"accessVector": "LOCAL",
|
||||
"authentication": "SINGLE",
|
||||
"availabilityImpact": "COMPLETE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 3.8,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "NONE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:L/AC:H/Au:S/C:N/I:N/A:C",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2013-1797",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation."
|
||||
"value": "CVE-2013-1797 kernel: kvm: after free issue with the handling of MSR_KVM_SYSTEM_TIME"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,93 +21,217 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Use After Free",
|
||||
"cweId": "CWE-416"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:83-262.el5_9.3",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.32-358.6.1.el6",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6.2 EUS - Server and Compute Node Only",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.32-220.39.1.el6",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.32-279.31.1.el6",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:6.4-20130415.0.el6_4",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "openSUSE-SU-2013:0847",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html"
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2013:1187",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html"
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
|
||||
},
|
||||
{
|
||||
"name": "USN-1812-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-1812-1"
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html"
|
||||
},
|
||||
{
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0b79459b482e85cb7426aa7da683a9f2c97aeae1",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0b79459b482e85cb7426aa7da683a9f2c97aeae1"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0928.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2013-0928.html"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2013:176",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2013:0928",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2013:0928"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2013:0928",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0928.html"
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html"
|
||||
},
|
||||
{
|
||||
"name": "USN-1809-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-1809-1"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0727.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2013-0727.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2013:0727",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0727.html"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8]",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2013/03/20/9"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0746.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2013-0746.html"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=917013",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917013"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-1026.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2013-1026.html"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/torvalds/linux/commit/0b79459b482e85cb7426aa7da683a9f2c97aeae1",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/torvalds/linux/commit/0b79459b482e85cb7426aa7da683a9f2c97aeae1"
|
||||
"url": "http://www.openwall.com/lists/oss-security/2013/03/20/9",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2013/03/20/9"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2013:0744",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
|
||||
"url": "http://www.ubuntu.com/usn/USN-1809-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-1809-1"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2013:0746",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0746.html"
|
||||
"url": "http://www.ubuntu.com/usn/USN-1812-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-1812-1"
|
||||
},
|
||||
{
|
||||
"name": "USN-1813-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-1813-1"
|
||||
"url": "http://www.ubuntu.com/usn/USN-1813-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-1813-1"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2013:0925",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2013:0727",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2013:0727"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2013:1026",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-1026.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2013:0744",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2013:0744"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2013:0746",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2013:0746"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2013:1026",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2013:1026"
|
||||
},
|
||||
{
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0b79459b482e85cb7426aa7da683a9f2c97aeae1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0b79459b482e85cb7426aa7da683a9f2c97aeae1"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2013-1797",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2013-1797"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917013",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=917013"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/torvalds/linux/commit/0b79459b482e85cb7426aa7da683a9f2c97aeae1",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/torvalds/linux/commit/0b79459b482e85cb7426aa7da683a9f2c97aeae1"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "HIGH",
|
||||
"accessVector": "ADJACENT_NETWORK",
|
||||
"authentication": "SINGLE",
|
||||
"availabilityImpact": "COMPLETE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 6.5,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "COMPLETE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "COMPLETE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2013-1854",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method."
|
||||
"value": "A flaw was found in the way Ruby on Rails handled hashes in certain queries. A remote attacker could use this flaw to perform a denial of service (resource consumption) attack by sending specially crafted queries that would result in the creation of Ruby symbols, which were never garbage collected."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,73 +21,182 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Uncontrolled Resource Consumption",
|
||||
"cweId": "CWE-400"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Subscription Asset Manager 1.4",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.4.3.28-1.el6sam_splice",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "1:3.2.17-1.el6sam",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "1:3.2.17-6.el6sam",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "1:3.2.17-5.el6sam",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "1:3.2.17-2.el6sam",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.6.9-1.el6sam",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.5.4-1.el6sam",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "1:1.4.5-3.el6sam",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RHEL 6 Version of OpenShift Enterprise",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "1:3.2.8-6.el6",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "openSUSE-SU-2013:0667",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html"
|
||||
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2013-10-22-5",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
|
||||
"url": "http://support.apple.com/kb/HT5784",
|
||||
"refsource": "MISC",
|
||||
"name": "http://support.apple.com/kb/HT5784"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2013:0659",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html"
|
||||
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2013:0660",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html"
|
||||
"url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/",
|
||||
"refsource": "MISC",
|
||||
"name": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/"
|
||||
},
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT5784",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT5784"
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2013-06-04-1",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:1863",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html"
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2013:0664",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html"
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2013:0668",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html"
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html"
|
||||
},
|
||||
{
|
||||
"name": "[ruby-security-ann] 20130318 [CVE-2013-1854] Symbol DoS vulnerability in Active Record",
|
||||
"refsource": "MLIST",
|
||||
"url": "https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0699.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2013-0699.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2013:0699",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0699.html"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-1863.html"
|
||||
},
|
||||
{
|
||||
"name": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2013:0699",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2013:0699"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:1863",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:1863"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2013-1854",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2013-1854"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=921329",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=921329"
|
||||
},
|
||||
{
|
||||
"url": "https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain",
|
||||
"refsource": "MISC",
|
||||
"name": "https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 4.3,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "NONE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2013-1855",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \\n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences."
|
||||
"value": "A cross-site scripting (XSS) flaw was found in Action Pack. A remote attacker could use this flaw to conduct XSS attacks against users of an application using Action Pack."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,63 +21,176 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
|
||||
"cweId": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Subscription Asset Manager 1.4",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.4.3.28-1.el6sam_splice",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "1:3.2.17-1.el6sam",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "1:3.2.17-6.el6sam",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "1:3.2.17-5.el6sam",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "1:3.2.17-2.el6sam",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.6.9-1.el6sam",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.5.4-1.el6sam",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "1:1.4.5-3.el6sam",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RHEL 6 Version of OpenShift Enterprise",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "1:3.2.8-5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "1:3.0.13-8.el6op",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "APPLE-SA-2013-10-22-5",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
|
||||
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
|
||||
},
|
||||
{
|
||||
"name": "[rubyonrails-security] 20130318 [CVE-2013-1855] XSS vulnerability in sanitize_css in Action Pack",
|
||||
"refsource": "MLIST",
|
||||
"url": "https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain"
|
||||
"url": "http://support.apple.com/kb/HT5784",
|
||||
"refsource": "MISC",
|
||||
"name": "http://support.apple.com/kb/HT5784"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2014:0019",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html"
|
||||
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2013:0662",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html"
|
||||
"url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/",
|
||||
"refsource": "MISC",
|
||||
"name": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/"
|
||||
},
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT5784",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT5784"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-1863.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2013:0698",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:1863",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:1863"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2013-06-04-1",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2013:0661",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html"
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:1863",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html"
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html"
|
||||
},
|
||||
{
|
||||
"name": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2013-0698.html"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2013:0698",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2013:0698"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2013-1855",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2013-1855"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=921331",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=921331"
|
||||
},
|
||||
{
|
||||
"url": "https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain",
|
||||
"refsource": "MISC",
|
||||
"name": "https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 4.3,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user