mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-06 18:53:08 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
c5324cc5f6
commit
8b0e1b6038
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2008-5019",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors."
|
||||
"value": "CVE-2008-5019 Mozilla XSS via session restore"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,138 +21,240 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
|
||||
"cweId": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 2.1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.0.9-0.21.el2",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 3",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.0.9-0.25.el3",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 4",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.0.9-28.el4",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.4-1.el4",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.12.1.1-3.el4",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:0.12-20.el5",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.4-1.el5",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.12.1.1-3.el5",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.9.0.4-1.el5",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.16.0-22.el5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "ADV-2008-3146",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2008/3146"
|
||||
},
|
||||
{
|
||||
"name": "32281",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/32281"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2008-9667",
|
||||
"refsource": "FEDORA",
|
||||
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html"
|
||||
},
|
||||
{
|
||||
"name": "32713",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/32713"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2008:0977",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2008-0977.html"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2008:230",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:230"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2009-0977",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2009/0977"
|
||||
},
|
||||
{
|
||||
"name": "32695",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/32695"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2008:0978",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2008-0978.html"
|
||||
},
|
||||
{
|
||||
"name": "32778",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/32778"
|
||||
},
|
||||
{
|
||||
"name": "1021184",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id?1021184"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2008-9669",
|
||||
"refsource": "FEDORA",
|
||||
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html"
|
||||
},
|
||||
{
|
||||
"name": "256408",
|
||||
"refsource": "SUNALERT",
|
||||
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SA:2008:055",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html"
|
||||
},
|
||||
{
|
||||
"name": "32694",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/32694"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:10943",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10943"
|
||||
},
|
||||
{
|
||||
"name": "32721",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/32721"
|
||||
},
|
||||
{
|
||||
"name": "TA08-319A",
|
||||
"refsource": "CERT",
|
||||
"url": "http://www.us-cert.gov/cas/techalerts/TA08-319A.html"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=459906,460983",
|
||||
"url": "http://secunia.com/advisories/34501",
|
||||
"refsource": "MISC",
|
||||
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=459906,460983"
|
||||
"name": "http://secunia.com/advisories/34501"
|
||||
},
|
||||
{
|
||||
"name": "http://www.mozilla.org/security/announce/2008/mfsa2008-53.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-53.html"
|
||||
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
|
||||
},
|
||||
{
|
||||
"name": "32693",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/32693"
|
||||
"url": "http://www.vupen.com/english/advisories/2009/0977",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2009/0977"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2008:228",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:228"
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html"
|
||||
},
|
||||
{
|
||||
"name": "32684",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/32684"
|
||||
"url": "http://secunia.com/advisories/32684",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/32684"
|
||||
},
|
||||
{
|
||||
"name": "USN-667-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://ubuntu.com/usn/usn-667-1"
|
||||
"url": "http://secunia.com/advisories/32693",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/32693"
|
||||
},
|
||||
{
|
||||
"name": "34501",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/34501"
|
||||
"url": "http://secunia.com/advisories/32694",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/32694"
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/32695",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/32695"
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/32713",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/32713"
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/32721",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/32721"
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/32778",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/32778"
|
||||
},
|
||||
{
|
||||
"url": "http://ubuntu.com/usn/usn-667-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://ubuntu.com/usn/usn-667-1"
|
||||
},
|
||||
{
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:228",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:228"
|
||||
},
|
||||
{
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:230",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:230"
|
||||
},
|
||||
{
|
||||
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-53.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.mozilla.org/security/announce/2008/mfsa2008-53.html"
|
||||
},
|
||||
{
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2008-0977.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.redhat.com/support/errata/RHSA-2008-0977.html"
|
||||
},
|
||||
{
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2008-0978.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.redhat.com/support/errata/RHSA-2008-0978.html"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/bid/32281",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/32281"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securitytracker.com/id?1021184",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securitytracker.com/id?1021184"
|
||||
},
|
||||
{
|
||||
"url": "http://www.us-cert.gov/cas/techalerts/TA08-319A.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.us-cert.gov/cas/techalerts/TA08-319A.html"
|
||||
},
|
||||
{
|
||||
"url": "http://www.vupen.com/english/advisories/2008/3146",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2008/3146"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2008:0977",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2008:0977"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2008:0978",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2008:0978"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2008-5019",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2008-5019"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=459906%2C460983",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=459906%2C460983"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=470889",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=470889"
|
||||
},
|
||||
{
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10943",
|
||||
"refsource": "MISC",
|
||||
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10943"
|
||||
},
|
||||
{
|
||||
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2008-7248",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain."
|
||||
"value": "CVE-2008-7248 rubygem-actionpack: Potential CSRF protection circumvention"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,63 +21,123 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Cross-Site Request Forgery (CSRF)",
|
||||
"cweId": "CWE-352"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a",
|
||||
"version_affected": "="
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "[oss-security] 20091128 CVE request: Ruby on Rails: CSRF circumvention (from 2008)",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2009/11/28/1"
|
||||
},
|
||||
{
|
||||
"name": "http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html"
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
|
||||
},
|
||||
{
|
||||
"name": "36600",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/36600"
|
||||
},
|
||||
{
|
||||
"name": "http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/",
|
||||
"url": "http://secunia.com/advisories/38915",
|
||||
"refsource": "MISC",
|
||||
"url": "http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/"
|
||||
"name": "http://secunia.com/advisories/38915"
|
||||
},
|
||||
{
|
||||
"name": "http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2009-2544",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2009/2544"
|
||||
},
|
||||
{
|
||||
"name": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en",
|
||||
"url": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en",
|
||||
"refsource": "MISC",
|
||||
"url": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en"
|
||||
"name": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SR:2010:006",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
|
||||
"url": "http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/",
|
||||
"refsource": "MISC",
|
||||
"name": "http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20091202 Re: CVE request: Ruby on Rails: CSRF circumvention (from 2008)",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2009/12/02/2"
|
||||
"url": "http://secunia.com/advisories/36600",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/36600"
|
||||
},
|
||||
{
|
||||
"name": "38915",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/38915"
|
||||
"url": "http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1"
|
||||
},
|
||||
{
|
||||
"url": "http://www.openwall.com/lists/oss-security/2009/11/28/1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2009/11/28/1"
|
||||
},
|
||||
{
|
||||
"url": "http://www.openwall.com/lists/oss-security/2009/12/02/2",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2009/12/02/2"
|
||||
},
|
||||
{
|
||||
"url": "http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html"
|
||||
},
|
||||
{
|
||||
"url": "http://www.vupen.com/english/advisories/2009/2544",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.vupen.com/english/advisories/2009/2544"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2008-7248",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2008-7248"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=544329",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=544329"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 4.3,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "NONE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2011-1576",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478."
|
||||
"value": "CVE-2011-1576 kernel: net: Fix memory leak/corruption on VLAN GRO_DROP"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,43 +21,156 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Missing Release of Memory after Effective Lifetime",
|
||||
"cweId": "CWE-401"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.18-238.19.1.el5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.32-131.12.1.el6",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6.0 EUS - Server Only",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.32-71.34.1.el6",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise MRG 2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.6.33.9-rt31.75.el6rt",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "48907",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/48907"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2011:1106",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2011-1106.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2011:0927",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2011:0927"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2011:0927",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2011:1253",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2011:1253"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=695173",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=695173"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2011:1189",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2011:1189"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2011:1090",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2011-1090.html"
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2011-1090.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.redhat.com/support/errata/RHSA-2011-1090.html"
|
||||
},
|
||||
{
|
||||
"name": "1025853",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id?1025853"
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2011-1106.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.redhat.com/support/errata/RHSA-2011-1106.html"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/bid/48907",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/48907"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securitytracker.com/id?1025853",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securitytracker.com/id?1025853"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2011:1090",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2011:1090"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2011:1106",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2011:1106"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2011-1576",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2011-1576"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=695173",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=695173"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "ADJACENT_NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "COMPLETE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 5.7,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "NONE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2011-1948",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
|
||||
"value": "CVE-2011-1948 plone: A reflected cross site scripting vulnerability"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,53 +21,118 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
|
||||
"cweId": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:0.12.2-51.el5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "44775",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/44775"
|
||||
"url": "http://osvdb.org/72727",
|
||||
"refsource": "MISC",
|
||||
"name": "http://osvdb.org/72727"
|
||||
},
|
||||
{
|
||||
"name": "48005",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/48005"
|
||||
"url": "http://plone.org/products/plone/security/advisories/CVE-2011-1948",
|
||||
"refsource": "MISC",
|
||||
"name": "http://plone.org/products/plone/security/advisories/CVE-2011-1948"
|
||||
},
|
||||
{
|
||||
"name": "http://plone.org/products/plone/security/advisories/CVE-2011-1948",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://plone.org/products/plone/security/advisories/CVE-2011-1948"
|
||||
"url": "http://secunia.com/advisories/44775",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/44775"
|
||||
},
|
||||
{
|
||||
"name": "72727",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://osvdb.org/72727"
|
||||
"url": "http://secunia.com/advisories/44776",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/44776"
|
||||
},
|
||||
{
|
||||
"name": "44776",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/44776"
|
||||
"url": "http://securityreason.com/securityalert/8269",
|
||||
"refsource": "MISC",
|
||||
"name": "http://securityreason.com/securityalert/8269"
|
||||
},
|
||||
{
|
||||
"name": "8269",
|
||||
"refsource": "SREASON",
|
||||
"url": "http://securityreason.com/securityalert/8269"
|
||||
"url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "plone-unspec-xss(67693)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67693"
|
||||
"url": "http://www.securityfocus.com/bid/48005",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/48005"
|
||||
},
|
||||
{
|
||||
"name": "20110526 [CVE-REQUEST] Plone XSS and permission errors",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2012:0151",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2012:0151"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2011-1948",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2011-1948"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=711494",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=711494"
|
||||
},
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67693",
|
||||
"refsource": "MISC",
|
||||
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67693"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 4.3,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2012-3401",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow."
|
||||
"value": "CVE-2012-3401 libtiff (tiff2pdf): Heap-based buffer overflow due to improper initialization of T2P context struct pointer"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,103 +21,174 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Heap-based Buffer Overflow",
|
||||
"cweId": "CWE-122"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:3.8.2-18.el5_8",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:3.9.4-9.el6_3",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=837577",
|
||||
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
|
||||
"refsource": "MISC",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=837577"
|
||||
"name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2012:0955",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00011.html"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20120719 tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2012/07/19/1"
|
||||
},
|
||||
{
|
||||
"name": "http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830",
|
||||
"url": "http://secunia.com/advisories/50726",
|
||||
"refsource": "MISC",
|
||||
"url": "http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830"
|
||||
"name": "http://secunia.com/advisories/50726"
|
||||
},
|
||||
{
|
||||
"name": "54601",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/54601"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20120719 Re: tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2012/07/19/4"
|
||||
},
|
||||
{
|
||||
"name": "DSA-2552",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2012/dsa-2552"
|
||||
},
|
||||
{
|
||||
"name": "49938",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/49938"
|
||||
},
|
||||
{
|
||||
"name": "50007",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/50007"
|
||||
},
|
||||
{
|
||||
"name": "USN-1511-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-1511-1"
|
||||
},
|
||||
{
|
||||
"name": "GLSA-201209-02",
|
||||
"refsource": "GENTOO",
|
||||
"url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
|
||||
},
|
||||
{
|
||||
"name": "84090",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://osvdb.org/84090"
|
||||
},
|
||||
{
|
||||
"name": "libtiff-t2preadtiffinit-bo(77088)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77088"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/attachment.cgi?id=596457",
|
||||
"url": "http://security.gentoo.org/glsa/glsa-201209-02.xml",
|
||||
"refsource": "MISC",
|
||||
"url": "https://bugzilla.redhat.com/attachment.cgi?id=596457"
|
||||
"name": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2012:127",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:127"
|
||||
"url": "http://www.debian.org/security/2012/dsa-2552",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.debian.org/security/2012/dsa-2552"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2012:1590",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2012-1590.html"
|
||||
"url": "http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830",
|
||||
"refsource": "MISC",
|
||||
"name": "http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830"
|
||||
},
|
||||
{
|
||||
"name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00011.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00011.html"
|
||||
},
|
||||
{
|
||||
"name": "50726",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/50726"
|
||||
"url": "http://osvdb.org/84090",
|
||||
"refsource": "MISC",
|
||||
"name": "http://osvdb.org/84090"
|
||||
},
|
||||
{
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2012-1590.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2012-1590.html"
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/49938",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/49938"
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/50007",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/50007"
|
||||
},
|
||||
{
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:127",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:127"
|
||||
},
|
||||
{
|
||||
"url": "http://www.openwall.com/lists/oss-security/2012/07/19/1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2012/07/19/1"
|
||||
},
|
||||
{
|
||||
"url": "http://www.openwall.com/lists/oss-security/2012/07/19/4",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2012/07/19/4"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/bid/54601",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/54601"
|
||||
},
|
||||
{
|
||||
"url": "http://www.ubuntu.com/usn/USN-1511-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-1511-1"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2012:1590",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2012:1590"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2012-3401",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2012-3401"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/attachment.cgi?id=596457",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/attachment.cgi?id=596457"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=837577",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=837577"
|
||||
},
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77088",
|
||||
"refsource": "MISC",
|
||||
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77088"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 6.8,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,66 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-23110",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2023-23110",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "An exploitable firmware modification vulnerability was discovered in WNR612v2 Wireless Routers firmware version 1.0.0.3 and earlier. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.netgear.com/about/security/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.netgear.com/about/security/"
|
||||
},
|
||||
{
|
||||
"url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/SJCGkb-9o",
|
||||
"refsource": "MISC",
|
||||
"name": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/SJCGkb-9o"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user