admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 02:32:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-04-22 16:00:50 +00:00
parent 22e316f2b9
commit 822ae32873
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
29 changed files with 2169 additions and 1930 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

181
2011/1xxx/CVE-2011-1830.json
View File

@ -1,92 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2009-07-01T00:00:00.000Z",
"ID": "CVE-2011-1830",
"STATE": "PUBLIC",
"TITLE": "Ekiga attempts to dlopen /tmp/ekiga_test.so"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ekiga",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "3.3.0"
}
]
}
}
]
},
"vendor_name": "Gnome"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": " Robert Collins"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Accidentally enabled debugging code."
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2009-07-01T00:00:00.000Z",
"ID": "CVE-2011-1830",
"STATE": "PUBLIC",
"TITLE": "Ekiga attempts to dlopen /tmp/ekiga_test.so"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ekiga",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "3.3.0"
}
]
}
}
]
},
"vendor_name": "Gnome"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://gitlab.gnome.org/GNOME/ekiga/commit/02654fc949722a78d41fcffac8687d73d8574647"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/ekiga/+bug/791652"
],
"discovery": "INTERNAL"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": " Robert Collins"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Accidentally enabled debugging code."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/ekiga/commit/02654fc949722a78d41fcffac8687d73d8574647",
"name": "https://gitlab.gnome.org/GNOME/ekiga/commit/02654fc949722a78d41fcffac8687d73d8574647"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/ekiga/+bug/791652"
],
"discovery": "INTERNAL"
}
}

190
2011/3xxx/CVE-2011-3145.json
View File

@ -1,101 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2011-08-23T00:00:00.000Z",
"ID": "CVE-2011-3145",
"STATE": "PUBLIC",
"TITLE": "mount.ecrpytfs_private sets group owner of /etc/mtab to user's primary group"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eCryptfs",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "87-0ubuntu1.2"
},
{
"affected": "<",
"version_value": "83-0ubuntu3.2.10.10.2"
},
{
"affected": "<",
"version_value": "83-0ubuntu3.2.10.04.2"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": " John L. Templer"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect privilege dropping."
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2011-08-23T00:00:00.000Z",
"ID": "CVE-2011-3145",
"STATE": "PUBLIC",
"TITLE": "mount.ecrpytfs_private sets group owner of /etc/mtab to user's primary group"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/1196-1/",
"defect": [
"https://bugs.launchpad.net/ubuntu/%2Bsource/ecryptfs-utils/%2Bbug/830850"
],
"discovery": "EXTERNAL"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": " John L. Templer"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558",
"name": "http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/558"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/1196-1/",
"defect": [
"https://bugs.launchpad.net/ubuntu/%2Bsource/ecryptfs-utils/%2Bbug/830850"
],
"discovery": "EXTERNAL"
}
}

180
2011/3xxx/CVE-2011-3147.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2011-09-20T00:00:00.000Z",
"ID": "CVE-2011-3147",
"STATE": "PUBLIC",
"TITLE": "qcow format could expose host filesystem information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nova",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "2012.1"
}
]
}
}
]
},
"vendor_name": "OpenStack"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": " Scott Moser"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Impedance mismatch between the features offered by a file format and the features required by a consumer."
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2011-09-20T00:00:00.000Z",
"ID": "CVE-2011-3147",
"STATE": "PUBLIC",
"TITLE": "qcow format could expose host filesystem information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "http://bazaar.launchpad.net/~hudson-openstack/nova/trunk/revision/1604"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/nova/%2Bbug/853330"
],
"discovery": "INTERNAL"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": " Scott Moser"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "http://bazaar.launchpad.net/~hudson-openstack/nova/trunk/revision/1604",
"name": "http://bazaar.launchpad.net/~hudson-openstack/nova/trunk/revision/1604"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/nova/%2Bbug/853330"
],
"discovery": "INTERNAL"
}
}

180
2011/3xxx/CVE-2011-3151.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2011-12-21T00:00:00.000Z",
"ID": "CVE-2011-3151",
"STATE": "PUBLIC",
"TITLE": "SELinux initscript misuse of touch"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "selinux",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "1:0.10"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Hayawardh Vijayakumar"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unsafe lock file creation."
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2011-12-21T00:00:00.000Z",
"ID": "CVE-2011-3151",
"STATE": "PUBLIC",
"TITLE": "SELinux initscript misuse of touch"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://launchpadlibrarian.net/88098106/selinux_0.10~10.04.1.debdiff"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/selinux/+bug/876994"
],
"discovery": "UNKNOWN"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Hayawardh Vijayakumar"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://launchpadlibrarian.net/88098106/selinux_0.10~10.04.1.debdiff",
"name": "https://launchpadlibrarian.net/88098106/selinux_0.10~10.04.1.debdiff"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/selinux/+bug/876994"
],
"discovery": "UNKNOWN"
}
}

169
2014/1xxx/CVE-2014-1426.json
View File

@ -1,86 +1,87 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2016-04-28T00:00:00.000Z",
"ID": "CVE-2014-1426",
"STATE": "PUBLIC",
"TITLE": "get_file_by_name does not check owner"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "maas",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "1.9.2"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file.\nThis issue affects: Ubuntu MAAS versions prior to 1.9.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing access controls."
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2016-04-28T00:00:00.000Z",
"ID": "CVE-2014-1426",
"STATE": "PUBLIC",
"TITLE": "get_file_by_name does not check owner"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "maas",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "1.9.2"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://launchpad.net/maas/+milestone/1.9.2"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/maas/+bug/1212205"
],
"discovery": "INTERNAL"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing access controls."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://launchpad.net/maas/+milestone/1.9.2",
"name": "https://launchpad.net/maas/+milestone/1.9.2"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/maas/+bug/1212205"
],
"discovery": "INTERNAL"
}
}

169
2014/1xxx/CVE-2014-1427.json
View File

@ -1,86 +1,87 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2016-04-28T00:00:00.000Z",
"ID": "CVE-2014-1427",
"STATE": "PUBLIC",
"TITLE": "MAAS API vulnerable to CSRF attack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MAAS",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "1.9.2"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2016-04-28T00:00:00.000Z",
"ID": "CVE-2014-1427",
"STATE": "PUBLIC",
"TITLE": "MAAS API vulnerable to CSRF attack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MAAS",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "1.9.2"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://launchpad.net/maas/+milestone/1.9.2"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/maas/+bug/1298772"
],
"discovery": "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://launchpad.net/maas/+milestone/1.9.2",
"name": "https://launchpad.net/maas/+milestone/1.9.2"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/maas/+bug/1298772"
],
"discovery": "UNKNOWN"
}
}

169
2014/1xxx/CVE-2014-1428.json
View File

@ -1,86 +1,87 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2016-04-28T00:00:00.000Z",
"ID": "CVE-2014-1428",
"STATE": "PUBLIC",
"TITLE": "uuid.uuid1() is not suitable as an unguessable identifier/token"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MAAS",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "1.9.2"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient randomness in generated filenames."
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2016-04-28T00:00:00.000Z",
"ID": "CVE-2014-1428",
"STATE": "PUBLIC",
"TITLE": "uuid.uuid1() is not suitable as an unguessable identifier/token"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MAAS",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "1.9.2"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://launchpad.net/maas/+milestone/1.9.2"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/maas/+bug/1379826"
],
"discovery": "INTERNAL"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient randomness in generated filenames."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://launchpad.net/maas/+milestone/1.9.2",
"name": "https://launchpad.net/maas/+milestone/1.9.2"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/maas/+bug/1379826"
],
"discovery": "INTERNAL"
}
}

171
2015/1xxx/CVE-2015-1316.json
View File

@ -1,87 +1,88 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2015-01-28T00:00:00.000Z",
"ID": "CVE-2015-1316",
"STATE": "PUBLIC",
"TITLE": "Juju Joyent provider uploads user's private ssh key by default"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Juju",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "Juju Core",
"version_value": "1.25.5"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unsafe default behaviour exposed private credentials."
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2015-01-28T00:00:00.000Z",
"ID": "CVE-2015-1316",
"STATE": "PUBLIC",
"TITLE": "Juju Joyent provider uploads user's private ssh key by default"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Juju",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "Juju Core",
"version_value": "1.25.5"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "http://bazaar.launchpad.net/~juju-core/juju-core/trunk/revision/4119"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/juju-core/+bug/1415671"
],
"discovery": "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unsafe default behaviour exposed private credentials."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "http://bazaar.launchpad.net/~juju-core/juju-core/trunk/revision/4119",
"name": "http://bazaar.launchpad.net/~juju-core/juju-core/trunk/revision/4119"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/juju-core/+bug/1415671"
],
"discovery": "UNKNOWN"
}
}

169
2015/1xxx/CVE-2015-1320.json
View File

@ -1,86 +1,87 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2015-03-05T00:00:00.000Z",
"ID": "CVE-2015-1320",
"STATE": "PUBLIC",
"TITLE": "Probe-and-enlist for SeaMicro chassis writes password to the log"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MAAS",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "1.9.2"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Password logged in log file."
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2015-03-05T00:00:00.000Z",
"ID": "CVE-2015-1320",
"STATE": "PUBLIC",
"TITLE": "Probe-and-enlist for SeaMicro chassis writes password to the log"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MAAS",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "1.9.2"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://launchpad.net/maas/+milestone/1.9.2"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/maas/+bug/1428666"
],
"discovery": "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Password logged in log file."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://launchpad.net/maas/+milestone/1.9.2",
"name": "https://launchpad.net/maas/+milestone/1.9.2"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/maas/+bug/1428666"
],
"discovery": "UNKNOWN"
}
}

181
2015/1xxx/CVE-2015-1326.json
View File

@ -1,92 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2015-05-12T00:00:00.000Z",
"ID": "CVE-2015-1326",
"STATE": "PUBLIC",
"TITLE": "python-dbusmock arbitrary code execution or file overwrite when templates are loaded from /tmp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "python-dbusmock",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "0.15.1"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Simon McVittie"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted compiled bytecode"
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2015-05-12T00:00:00.000Z",
"ID": "CVE-2015-1326",
"STATE": "PUBLIC",
"TITLE": "python-dbusmock arbitrary code execution or file overwrite when templates are loaded from /tmp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "python-dbusmock",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "0.15.1"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/martinpitt/python-dbusmock/commit/4e7d0df9093"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/python-dbusmock/+bug/1453815"
],
"discovery": "EXTERNAL"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Simon McVittie"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted compiled bytecode"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://github.com/martinpitt/python-dbusmock/commit/4e7d0df9093",
"name": "https://github.com/martinpitt/python-dbusmock/commit/4e7d0df9093"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/python-dbusmock/+bug/1453815"
],
"discovery": "EXTERNAL"
}
}

169
2015/1xxx/CVE-2015-1327.json
View File

@ -1,86 +1,87 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2015-06-03T00:00:00.000Z",
"ID": "CVE-2015-1327",
"STATE": "PUBLIC",
"TITLE": "Content-hub DBUS API doesn't prevent confined apps from passing paths to files without access"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Content Hub",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "0.0+15.04.20150331-0ubuntu1.0"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing access control checks."
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2015-06-03T00:00:00.000Z",
"ID": "CVE-2015-1327",
"STATE": "PUBLIC",
"TITLE": "Content-hub DBUS API doesn't prevent confined apps from passing paths to files without access"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Content Hub",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "0.0+15.04.20150331-0ubuntu1.0"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://bazaar.launchpad.net/~phablet-team/content-hub/trunk/revision/212"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/content-hub/+bug/1456628"
],
"discovery": "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing access control checks."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://bazaar.launchpad.net/~phablet-team/content-hub/trunk/revision/212",
"name": "https://bazaar.launchpad.net/~phablet-team/content-hub/trunk/revision/212"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/content-hub/+bug/1456628"
],
"discovery": "UNKNOWN"
}
}

169
2015/1xxx/CVE-2015-1340.json
View File

@ -1,86 +1,87 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2015-10-02T00:00:00.000Z",
"ID": "CVE-2015-1340",
"STATE": "PUBLIC",
"TITLE": "chmod race in doUidshiftIntoContainer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LXD",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "0.19-0ubuntu5"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Race condition."
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2015-10-02T00:00:00.000Z",
"ID": "CVE-2015-1340",
"STATE": "PUBLIC",
"TITLE": "chmod race in doUidshiftIntoContainer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LXD",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "0.19-0ubuntu5"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/lxc/lxd/commit/19c6961cc1012c8a529f20807328a9357f5034f4"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1502270"
],
"discovery": "INTERNAL"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Race condition."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://github.com/lxc/lxd/commit/19c6961cc1012c8a529f20807328a9357f5034f4",
"name": "https://github.com/lxc/lxd/commit/19c6961cc1012c8a529f20807328a9357f5034f4"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1502270"
],
"discovery": "INTERNAL"
}
}

222
2015/1xxx/CVE-2015-1341.json
View File

@ -1,112 +1,114 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2015-10-27T00:00:00.000Z",
"ID": "CVE-2015-1341",
"STATE": "PUBLIC",
"TITLE": "Apport privilege escalation through Python module imports"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apport",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "2.0.1-0ubuntu17.13"
},
{
"affected": "<",
"version_value": "2.19.1-0ubuntu4"
},
{
"affected": "<",
"version_value": "2.17.2-0ubuntu1.7"
},
{
"affected": "<",
"version_value": "2.14.1-0ubuntu3.18"
},
{
"affected": "<",
"version_value": "2.19.2"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Gabriel Campana"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Appoprt before 2.19.2 function _python_module_path."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Parsing a Python module by executing the module."
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2015-10-27T00:00:00.000Z",
"ID": "CVE-2015-1341",
"STATE": "PUBLIC",
"TITLE": "Apport privilege escalation through Python module imports"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apport",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "2.0.1-0ubuntu17.13"
},
{
"affected": "<",
"version_value": "2.19.1-0ubuntu4"
},
{
"affected": "<",
"version_value": "2.17.2-0ubuntu1.7"
},
{
"affected": "<",
"version_value": "2.14.1-0ubuntu3.18"
},
{
"affected": "<",
"version_value": "2.19.2"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://launchpad.net/apport/trunk/2.19.2"
},
{
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/2782-1/"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1507480"
],
"discovery": "EXTERNAL"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Gabriel Campana"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Appoprt before 2.19.2 function _python_module_path."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Parsing a Python module by executing the module."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://launchpad.net/apport/trunk/2.19.2",
"name": "https://launchpad.net/apport/trunk/2.19.2"
},
{
"refsource": "MISC",
"url": "https://usn.ubuntu.com/2782-1/",
"name": "https://usn.ubuntu.com/2782-1/"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1507480"
],
"discovery": "EXTERNAL"
}
}

179
2015/1xxx/CVE-2015-1343.json
View File

@ -1,91 +1,92 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2019-03-07T00:00:00.000Z",
"ID": "CVE-2015-1343",
"STATE": "PUBLIC",
"TITLE": "unity-scope-gdrive search feature logs search terms to syslog"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "unity-scope-gdrive",
"version": {
"version_data": [
{
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lasse Hietala"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of unity-scope-gdrive logs search terms to syslog."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Logging private data."
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2019-03-07T00:00:00.000Z",
"ID": "CVE-2015-1343",
"STATE": "PUBLIC",
"TITLE": "unity-scope-gdrive search feature logs search terms to syslog"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "unity-scope-gdrive",
"version": {
"version_data": [
{
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/unity-scope-gdrive/+bug/1509076"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/unity-scope-gdrive/+bug/1509076"
],
"discovery": "EXTERNAL"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Lasse Hietala"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of unity-scope-gdrive logs search terms to syslog."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Logging private data."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/unity-scope-gdrive/+bug/1509076",
"name": "https://bugs.launchpad.net/ubuntu/+source/unity-scope-gdrive/+bug/1509076"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/unity-scope-gdrive/+bug/1509076"
],
"discovery": "EXTERNAL"
}
}

169
2016/1xxx/CVE-2016-1573.json
View File

@ -1,86 +1,87 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2016-03-31T00:00:00.000Z",
"ID": "CVE-2016-1573",
"STATE": "PUBLIC",
"TITLE": "Using a specially crafted fallback art property, scopes can execute arbitrary QML code in context of unity8-dash"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Unity8",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "8.11+16.04.20160122-0ubuntu1"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Dash/CardCreator.js will execute any code found in place of a fallback image supplied by a scope."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Executing data as code."
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2016-03-31T00:00:00.000Z",
"ID": "CVE-2016-1573",
"STATE": "PUBLIC",
"TITLE": "Using a specially crafted fallback art property, scopes can execute arbitrary QML code in context of unity8-dash"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Unity8",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "8.11+16.04.20160122-0ubuntu1"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://bazaar.launchpad.net/~unity-team/unity8/stable/revision/2138"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/unity8/+bug/1536296"
],
"discovery": "INTERNAL"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Dash/CardCreator.js will execute any code found in place of a fallback image supplied by a scope."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Executing data as code."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://bazaar.launchpad.net/~unity-team/unity8/stable/revision/2138",
"name": "https://bazaar.launchpad.net/~unity-team/unity8/stable/revision/2138"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/unity8/+bug/1536296"
],
"discovery": "INTERNAL"
}
}

169
2016/1xxx/CVE-2016-1579.json
View File

@ -1,86 +1,87 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2016-04-12T00:00:00.000Z",
"ID": "CVE-2016-1579",
"STATE": "PUBLIC",
"TITLE": "UDM doesn't check for confinement before running post-processing commands"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ubuntu Download Manager",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "1.2+16.04.20160408-0ubuntu1"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-0ubuntu1 any confined application could make use of the UDM C++ API to run arbitrary commands in an unconfined environment as the phablet user."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing access control checks."
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2016-04-12T00:00:00.000Z",
"ID": "CVE-2016-1579",
"STATE": "PUBLIC",
"TITLE": "UDM doesn't check for confinement before running post-processing commands"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ubuntu Download Manager",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "1.2+16.04.20160408-0ubuntu1"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://bazaar.launchpad.net/~phablet-team/ubuntu-download-manager/trunk/revision/359"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu-download-manager/+bug/1567960"
],
"discovery": "INTERNAL"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-0ubuntu1 any confined application could make use of the UDM C++ API to run arbitrary commands in an unconfined environment as the phablet user."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing access control checks."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://bazaar.launchpad.net/~phablet-team/ubuntu-download-manager/trunk/revision/359",
"name": "https://bazaar.launchpad.net/~phablet-team/ubuntu-download-manager/trunk/revision/359"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu-download-manager/+bug/1567960"
],
"discovery": "INTERNAL"
}
}

167
2016/1xxx/CVE-2016-1584.json
View File

@ -1,85 +1,86 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2016-07-04T00:00:00.000Z",
"ID": "CVE-2016-1584",
"STATE": "PUBLIC",
"TITLE": "Unity8 converged application lifecycle allows background applications to use on-screen keyboard when not top-most"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Unity8",
"version": {
"version_data": [
{
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all versions of Unity8 a running but not active application on a large-screen device could talk with Maliit and consume keyboard input."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 1.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Lack of access controls."
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2016-07-04T00:00:00.000Z",
"ID": "CVE-2016-1584",
"STATE": "PUBLIC",
"TITLE": "Unity8 converged application lifecycle allows background applications to use on-screen keyboard when not top-most"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Unity8",
"version": {
"version_data": [
{
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://bazaar.launchpad.net/~mir-team/qtmir/trunk/revision/521"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/ubuntu-keyboard/+bug/1594863"
],
"discovery": "INTERNAL"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all versions of Unity8 a running but not active application on a large-screen device could talk with Maliit and consume keyboard input."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 1.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Lack of access controls."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://bazaar.launchpad.net/~mir-team/qtmir/trunk/revision/521",
"name": "https://bazaar.launchpad.net/~mir-team/qtmir/trunk/revision/521"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/ubuntu-keyboard/+bug/1594863"
],
"discovery": "INTERNAL"
}
}

167
2016/1xxx/CVE-2016-1585.json
View File

@ -1,85 +1,86 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2016-06-28T00:00:00.000Z",
"ID": "CVE-2016-1585",
"STATE": "PUBLIC",
"TITLE": "AppArmor mount rules grant excessive permissions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apparmor",
"version": {
"version_data": [
{
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "AppArmor"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all versions of AppArmor mount rules are accidentally widened when compiled."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper translation of access control rules to policy."
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2016-06-28T00:00:00.000Z",
"ID": "CVE-2016-1585",
"STATE": "PUBLIC",
"TITLE": "AppArmor mount rules grant excessive permissions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apparmor",
"version": {
"version_data": [
{
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "AppArmor"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/apparmor/+bug/1597017"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/apparmor/+bug/1597017"
],
"discovery": "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all versions of AppArmor mount rules are accidentally widened when compiled."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper translation of access control rules to policy."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://bugs.launchpad.net/apparmor/+bug/1597017",
"name": "https://bugs.launchpad.net/apparmor/+bug/1597017"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/apparmor/+bug/1597017"
],
"discovery": "UNKNOWN"
}
}

181
2016/1xxx/CVE-2016-1586.json
View File

@ -1,92 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2016-09-23T00:00:00.000Z",
"ID": "CVE-2016-1586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Oxide",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "1.18.3"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": " Chris Coulson"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 1.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Imprecise garbage collection."
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2016-09-23T00:00:00.000Z",
"ID": "CVE-2016-1586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Oxide",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "1.18.3"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://git.launchpad.net/oxide/commit/?id=29014da83e5fc358d6bff0f574e9ed45e61a35ac"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/3113-1/",
"defect": [
"https://bugs.launchpad.net/oxide/%2Bbug/1626099"
],
"discovery": "INTERNAL"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": " Chris Coulson"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 1.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Imprecise garbage collection."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://git.launchpad.net/oxide/commit/?id=29014da83e5fc358d6bff0f574e9ed45e61a35ac",
"name": "https://git.launchpad.net/oxide/commit/?id=29014da83e5fc358d6bff0f574e9ed45e61a35ac"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/3113-1/",
"defect": [
"https://bugs.launchpad.net/oxide/%2Bbug/1626099"
],
"discovery": "INTERNAL"
}
}

167
2016/1xxx/CVE-2016-1587.json
View File

@ -1,85 +1,86 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2016-10-27T00:00:00.000Z",
"ID": "CVE-2016-1587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snapweb",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "0.21.2"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Snapweb interface before version 0.21.2 was exposing controls to install or remove snap packages without controlling the identity of the user, nor the origin of the connection. An attacker could have used the controls to remotely add a valid, but malicious, snap package, from the Store, potentially using system resources without permission from the legitimate administrator of the system."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing access controls."
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2016-10-27T00:00:00.000Z",
"ID": "CVE-2016-1587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snapweb",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "0.21.2"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/snapcore/snapweb/commit/3f4cf9403f7687fbc8e27c0e01b2cf6aa5e7e0d5"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/snapweb/+bug/1637242"
],
"discovery": "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Snapweb interface before version 0.21.2 was exposing controls to install or remove snap packages without controlling the identity of the user, nor the origin of the connection. An attacker could have used the controls to remotely add a valid, but malicious, snap package, from the Store, potentially using system resources without permission from the legitimate administrator of the system."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing access controls."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://github.com/snapcore/snapweb/commit/3f4cf9403f7687fbc8e27c0e01b2cf6aa5e7e0d5",
"name": "https://github.com/snapcore/snapweb/commit/3f4cf9403f7687fbc8e27c0e01b2cf6aa5e7e0d5"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/snapweb/+bug/1637242"
],
"discovery": "UNKNOWN"
}
}

72
2019/11xxx/CVE-2019-11454.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c",
"refsource": "MISC",
"name": "https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c"
},
{
"url": "https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3",
"refsource": "MISC",
"name": "https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3"
},
{
"url": "https://github.com/dzflack/exploits/blob/master/unix/monit_xss.py",
"refsource": "MISC",
"name": "https://github.com/dzflack/exploits/blob/master/unix/monit_xss.py"
}
]
}
}

72
2019/11xxx/CVE-2019-11455.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a",
"refsource": "MISC",
"name": "https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a"
},
{
"url": "https://github.com/dzflack/exploits/blob/master/unix/monit_buffer_overread.py",
"refsource": "MISC",
"name": "https://github.com/dzflack/exploits/blob/master/unix/monit_buffer_overread.py"
},
{
"url": "https://github.com/dzflack/exploits/blob/master/macos/monit_dos.py",
"refsource": "MISC",
"name": "https://github.com/dzflack/exploits/blob/master/macos/monit_dos.py"
}
]
}
}

62
2019/11xxx/CVE-2019-11456.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cisk123456.blogspot.com/2019/04/gila-cms-1101-csrf.html",
"refsource": "MISC",
"name": "https://cisk123456.blogspot.com/2019/04/gila-cms-1101-csrf.html"
}
]
}
}

18
2019/11xxx/CVE-2019-11457.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11457",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2019/3xxx/CVE-2019-3899.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3899",
"ASSIGNER": "psampaio@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -68,4 +69,4 @@
]
]
}
}
}

5
2019/3xxx/CVE-2019-3901.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3901",
"ASSIGNER": "psampaio@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -68,4 +69,4 @@
]
]
}
}
}

5
2019/3xxx/CVE-2019-3902.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3902",
"ASSIGNER": "psampaio@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -68,4 +69,4 @@
]
]
}
}
}

181
2019/6xxx/CVE-2019-6155.json
View File

@ -1,92 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-04-18T16:00:00.000Z",
"ID": "CVE-2019-6155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System x BIOS",
"version": {
"version_data": [
{
"version_value": "various"
}
]
}
},
{
"product_name": "BladeCenter BIOS",
"version": {
"version_data": [
{
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-04-18T16:00:00.000Z",
"ID": "CVE-2019-6155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System x BIOS",
"version": {
"version_data": [
{
"version_value": "various"
}
]
}
},
{
"product_name": "BladeCenter BIOS",
"version": {
"version_data": [
{
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/solutions/LEN-25165"
}
]
},
"source": {
"advisory": "LEN-25165",
"discovery": "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-25165",
"name": "https://support.lenovo.com/solutions/LEN-25165"
}
]
},
"source": {
"advisory": "LEN-25165",
"discovery": "UNKNOWN"
}
}

161
2019/6xxx/CVE-2019-6157.json
View File

@ -1,82 +1,83 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-04-18T16:00:00.000Z",
"ID": "CVE-2019-6157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System x",
"version": {
"version_data": [
{
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-04-18T16:00:00.000Z",
"ID": "CVE-2019-6157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System x",
"version": {
"version_data": [
{
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/solutions/LEN-25667"
}
]
},
"source": {
"advisory": "LEN-25667",
"discovery": "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-25667",
"name": "https://support.lenovo.com/solutions/LEN-25667"
}
]
},
"source": {
"advisory": "LEN-25667",
"discovery": "UNKNOWN"
}
}