admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-02 16:01:12 +00:00
parent 339e9ce3be
commit 908b8d9fd7
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
21 changed files with 3575 additions and 1509 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

347
2013/0xxx/CVE-2013-0162.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0162",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp."
"value": "CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage"
}
]
},
@ -44,28 +21,324 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Insecure Temporary File",
"cweId": "CWE-377"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "CloudForms for RHEL 6",
"version": {
"version_data": [
{
"version_value": "1:3.0.10-10.el6cf",
"version_affected": "!"
},
{
"version_value": "0:2.1.4-3.el6cf",
"version_affected": "!"
},
{
"version_value": "0:1.5.0-0.9.beta4.el6cf",
"version_affected": "!"
},
{
"version_value": "1:1.3.0-3.el6cf",
"version_affected": "!"
},
{
"version_value": "0:0.5.5-2.el6cf",
"version_affected": "!"
},
{
"version_value": "0:3.8-6.el6cf",
"version_affected": "!"
},
{
"version_value": "0:2.6.1-7.el6cf",
"version_affected": "!"
},
{
"version_value": "0:2.0.4-6.el6cf",
"version_affected": "!"
},
{
"version_value": "0:2.11.3-5.el6cf",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Subscription Asset Manager 1.2",
"version": {
"version_data": [
{
"version_value": "0:1.7-2.el6_3",
"version_affected": "!"
},
{
"version_value": "0:0.6-4_redhat_1.ep6.el6.1",
"version_affected": "!"
},
{
"version_value": "0:0.7.23-1.el6_3",
"version_affected": "!"
},
{
"version_value": "0:0.19.9-5.el6_3",
"version_affected": "!"
},
{
"version_value": "0:1.2.1-15h.el6_3",
"version_affected": "!"
},
{
"version_value": "0:1.2.1-1h.el6_3",
"version_affected": "!"
},
{
"version_value": "0:1.2.1-12h.el6_3",
"version_affected": "!"
},
{
"version_value": "0:1.2.3-3h.el6_3",
"version_affected": "!"
},
{
"version_value": "0:1.2.1-2h.el6_3",
"version_affected": "!"
},
{
"version_value": "0:3.6.1-10h.el6_3",
"version_affected": "!"
},
{
"version_value": "0:2.6.17-2.el6cf",
"version_affected": "!"
},
{
"version_value": "0:2.1.5-4.el6_3",
"version_affected": "!"
},
{
"version_value": "1:3.0.10-10.el6cf",
"version_affected": "!"
},
{
"version_value": "0:0.0.12-2.el6cf",
"version_affected": "!"
},
{
"version_value": "0:0.1.3-1.el6_3",
"version_affected": "!"
},
{
"version_value": "0:2.3.0-3.el6cf",
"version_affected": "!"
},
{
"version_value": "1:1.3.0-3.el6cf",
"version_affected": "!"
},
{
"version_value": "0:2.0.4-6.el6cf",
"version_affected": "!"
},
{
"version_value": "0:1.6.5-0.12.git58097d9h.el6_3",
"version_affected": "!"
},
{
"version_value": "0:1.0.4-2.el6_3",
"version_affected": "!"
},
{
"version_value": "0:0.0.28-1.el6_3",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEL 6 Version of OpenShift Enterprise",
"version": {
"version_data": [
{
"version_value": "0:2.26.0-10.el6",
"version_affected": "!"
},
{
"version_value": "0:0.0.16-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.0.11-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.0.15-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.0.3-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.0.4-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.0.13-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.0.5-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.0.3-2.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.0.7-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.0.8-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:5.3.3-22.el6",
"version_affected": "!"
},
{
"version_value": "0:1.9.3.327-25.el6",
"version_affected": "!"
},
{
"version_value": "1:3.2.8-3.el6",
"version_affected": "!"
},
{
"version_value": "0:3.2.8-2.el6",
"version_affected": "!"
},
{
"version_value": "0:2.3.1-3.el6op",
"version_affected": "!"
},
{
"version_value": "1:3.0.13-4.el6op",
"version_affected": "!"
},
{
"version_value": "0:3.0.13-3.el6op",
"version_affected": "!"
},
{
"version_value": "1:3.0.13-5.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.8.1-2.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.0.10-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.0.12-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.0.4-6.el6op",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=892806",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=892806"
"name": "http://rhn.redhat.com/errata/RHSA-2013-0544.html"
},
{
"name": "RHSA-2013:0548",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0548.html"
},
{
"name": "RHSA-2013:0544",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html"
"url": "https://access.redhat.com/errata/RHSA-2013:0544",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0544"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:0548",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0548"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:0582",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0582"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-0162",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-0162"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=892806",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=892806"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

203
2013/0xxx/CVE-2013-0170.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0170",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue."
"value": "CVE-2013-0170 libvirt: use-after-free in virNetMessageFree()"
}
]
},
@ -44,103 +21,163 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:0.9.10-21.el6_3.8",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "FEDORA-2013-1626",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098398.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html"
},
{
"name": "openSUSE-SU-2013:0275",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00002.html"
"url": "http://www.ubuntu.com/usn/USN-1708-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1708-1"
},
{
"name": "89644",
"refsource": "OSVDB",
"url": "http://osvdb.org/89644"
"url": "http://libvirt.org/news.html",
"refsource": "MISC",
"name": "http://libvirt.org/news.html"
},
{
"name": "http://libvirt.org/news.html",
"refsource": "CONFIRM",
"url": "http://libvirt.org/news.html"
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=46532e3e8ed5f5a736a02f67d6c805492f9ca720",
"refsource": "MISC",
"name": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=46532e3e8ed5f5a736a02f67d6c805492f9ca720"
},
{
"name": "libvirt-virnetmessagefree-code-exec(81552)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81552"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098326.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098326.html"
},
{
"name": "openSUSE-SU-2013:0274",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098370.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098370.html"
},
{
"name": "SUSE-SU-2013:0320",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00016.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098398.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098398.html"
},
{
"name": "FEDORA-2013-1644",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098326.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00002.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00002.html"
},
{
"name": "http://wiki.libvirt.org/page/Maintenance_Releases",
"refsource": "CONFIRM",
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00016.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00016.html"
},
{
"name": "1028047",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028047"
"url": "http://osvdb.org/89644",
"refsource": "MISC",
"name": "http://osvdb.org/89644"
},
{
"name": "USN-1708-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1708-1"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0199.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0199.html"
},
{
"name": "FEDORA-2013-1642",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098370.html"
"url": "http://secunia.com/advisories/52001",
"refsource": "MISC",
"name": "http://secunia.com/advisories/52001"
},
{
"name": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720",
"refsource": "CONFIRM",
"url": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720"
"url": "http://secunia.com/advisories/52003",
"refsource": "MISC",
"name": "http://secunia.com/advisories/52003"
},
{
"name": "52001",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52001"
"url": "http://wiki.libvirt.org/page/Maintenance_Releases",
"refsource": "MISC",
"name": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"name": "RHSA-2013:0199",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0199.html"
"url": "http://www.securityfocus.com/bid/57578",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/57578"
},
{
"name": "57578",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57578"
"url": "http://www.securitytracker.com/id/1028047",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1028047"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=893450",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=893450"
"url": "https://access.redhat.com/errata/RHSA-2013:0199",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0199"
},
{
"name": "52003",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52003"
"url": "https://access.redhat.com/security/cve/CVE-2013-0170",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-0170"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=893450",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=893450"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81552",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81552"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

165
2013/0xxx/CVE-2013-0200.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0200",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722."
"value": "CVE-2013-0200 hplip: insecure temporary file handling flaws"
}
]
},
@ -44,53 +21,113 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Insecure Temporary File",
"cweId": "CWE-377"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:3.12.4-4.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "55083",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55083"
},
{
"name": "USN-1981-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1981-1"
},
{
"name": "ftp://ftp.scientificlinux.org/linux/scientific/6x/SRPMS/vendor/hplip-3.12.4-4.el6.src.rpm",
"refsource": "CONFIRM",
"url": "ftp://ftp.scientificlinux.org/linux/scientific/6x/SRPMS/vendor/hplip-3.12.4-4.el6.src.rpm"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=902163",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=902163"
},
{
"name": "DSA-2829",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2829"
},
{
"name": "MDVSA-2013:088",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:088"
},
{
"name": "http://hplipopensource.com/hplip-web/release_notes.html",
"url": "http://www.debian.org/security/2013/dsa-2829",
"refsource": "MISC",
"url": "http://hplipopensource.com/hplip-web/release_notes.html"
"name": "http://www.debian.org/security/2013/dsa-2829"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0072",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0072"
"url": "ftp://ftp.scientificlinux.org/linux/scientific/6x/SRPMS/vendor/hplip-3.12.4-4.el6.src.rpm",
"refsource": "MISC",
"name": "ftp://ftp.scientificlinux.org/linux/scientific/6x/SRPMS/vendor/hplip-3.12.4-4.el6.src.rpm"
},
{
"url": "http://hplipopensource.com/hplip-web/release_notes.html",
"refsource": "MISC",
"name": "http://hplipopensource.com/hplip-web/release_notes.html"
},
{
"url": "http://secunia.com/advisories/55083",
"refsource": "MISC",
"name": "http://secunia.com/advisories/55083"
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:088",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:088"
},
{
"url": "http://www.ubuntu.com/usn/USN-1981-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1981-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:0500",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0500"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-0200",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-0200"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=902163",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=902163"
},
{
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0072",
"refsource": "MISC",
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0072"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 1.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

193
2013/0xxx/CVE-2013-0212.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0212",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages."
"value": "CVE-2013-0212 openstack-glance: Backend password leak in Glance error message"
}
]
},
@ -44,73 +21,133 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Generation of Error Message Containing Sensitive Information",
"cweId": "CWE-209"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "OpenStack Folsom for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2012.2.1-4.el6ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1"
},
{
"name": "[openstack] 20130129 [OSSA 2013-002] Backend password leak in Glance error message (CVE-2013-0212)",
"refsource": "MLIST",
"url": "https://lists.launchpad.net/openstack/msg20517.html"
},
{
"name": "USN-1710-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1710-1"
},
{
"name": "https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7"
},
{
"name": "https://bugs.launchpad.net/glance/+bug/1098962",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/glance/+bug/1098962"
},
{
"name": "https://launchpad.net/glance/+milestone/2012.2.3",
"refsource": "CONFIRM",
"url": "https://launchpad.net/glance/+milestone/2012.2.3"
},
{
"name": "[oss-security] 20130129 [OSSA 2013-002] Backend password leak in Glance error message (CVE-2013-0212)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/01/29/10"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=902964",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0209.html",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=902964"
"name": "http://rhn.redhat.com/errata/RHSA-2013-0209.html"
},
{
"name": "RHSA-2013:0209",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0209.html"
"url": "http://secunia.com/advisories/51957",
"refsource": "MISC",
"name": "http://secunia.com/advisories/51957"
},
{
"name": "51990",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51990"
"url": "http://secunia.com/advisories/51990",
"refsource": "MISC",
"name": "http://secunia.com/advisories/51990"
},
{
"name": "https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89"
"url": "http://ubuntu.com/usn/usn-1710-1",
"refsource": "MISC",
"name": "http://ubuntu.com/usn/usn-1710-1"
},
{
"name": "51957",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51957"
"url": "http://www.openwall.com/lists/oss-security/2013/01/29/10",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/01/29/10"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:0209",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0209"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-0212",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-0212"
},
{
"url": "https://bugs.launchpad.net/glance/+bug/1098962",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/glance/+bug/1098962"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=902964",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=902964"
},
{
"url": "https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7",
"refsource": "MISC",
"name": "https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7"
},
{
"url": "https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1",
"refsource": "MISC",
"name": "https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1"
},
{
"url": "https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89",
"refsource": "MISC",
"name": "https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89"
},
{
"url": "https://launchpad.net/glance/+milestone/2012.2.3",
"refsource": "MISC",
"name": "https://launchpad.net/glance/+milestone/2012.2.3"
},
{
"url": "https://lists.launchpad.net/openstack/msg20517.html",
"refsource": "MISC",
"name": "https://lists.launchpad.net/openstack/msg20517.html"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
]
}

237
2013/0xxx/CVE-2013-0219.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0219",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files."
"value": "CVE-2013-0219 sssd: TOCTOU race conditions by copying and removing directory trees"
}
]
},
@ -44,83 +21,159 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"cweId": "CWE-367"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:1.5.1-70.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:1.9.2-82.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4",
"refsource": "CONFIRM",
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4"
},
{
"name": "51928",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51928"
},
{
"name": "FEDORA-2013-1795",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html"
},
{
"name": "RHSA-2013:0508",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0508.html"
},
{
"name": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a",
"refsource": "CONFIRM",
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a"
},
{
"name": "RHSA-2013:1319",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1319.html"
},
{
"name": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047",
"refsource": "CONFIRM",
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047"
},
{
"name": "52315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52315"
},
{
"name": "https://fedorahosted.org/sssd/ticket/1782",
"refsource": "CONFIRM",
"url": "https://fedorahosted.org/sssd/ticket/1782"
},
{
"name": "57539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57539"
},
{
"name": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=3843b284cd3e8f88327772ebebc7249990fd87b9",
"refsource": "CONFIRM",
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=3843b284cd3e8f88327772ebebc7249990fd87b9"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=884254",
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884254"
"name": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047"
},
{
"name": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=e864d914a44a37016736554e9257c06b18c57d37",
"refsource": "CONFIRM",
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=e864d914a44a37016736554e9257c06b18c57d37"
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=3843b284cd3e8f88327772ebebc7249990fd87b9",
"refsource": "MISC",
"name": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=3843b284cd3e8f88327772ebebc7249990fd87b9"
},
{
"name": "FEDORA-2013-1826",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html"
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a",
"refsource": "MISC",
"name": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a"
},
{
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=e864d914a44a37016736554e9257c06b18c57d37",
"refsource": "MISC",
"name": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=e864d914a44a37016736554e9257c06b18c57d37"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-0508.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0508.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-1319.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1319.html"
},
{
"url": "http://secunia.com/advisories/51928",
"refsource": "MISC",
"name": "http://secunia.com/advisories/51928"
},
{
"url": "http://secunia.com/advisories/52315",
"refsource": "MISC",
"name": "http://secunia.com/advisories/52315"
},
{
"url": "http://www.securityfocus.com/bid/57539",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/57539"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:0508",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0508"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1319",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1319"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-0219",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-0219"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884254",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=884254"
},
{
"url": "https://fedorahosted.org/sssd/ticket/1782",
"refsource": "MISC",
"name": "https://fedorahosted.org/sssd/ticket/1782"
},
{
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4",
"refsource": "MISC",
"name": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.7,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

183
2013/0xxx/CVE-2013-0220.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0220",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet."
"value": "CVE-2013-0220 sssd: Out-of-bounds read flaws in autofs and ssh services responders"
}
]
},
@ -44,68 +21,128 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:1.9.2-82.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://fedorahosted.org/sssd/ticket/1781",
"refsource": "CONFIRM",
"url": "https://fedorahosted.org/sssd/ticket/1781"
},
{
"name": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4",
"refsource": "CONFIRM",
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4"
},
{
"name": "51928",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51928"
},
{
"name": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=30e2585dd46b62aa3a4abdf6de3f40a20e1743ab",
"refsource": "CONFIRM",
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=30e2585dd46b62aa3a4abdf6de3f40a20e1743ab"
},
{
"name": "FEDORA-2013-1795",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html"
},
{
"name": "RHSA-2013:0508",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0508.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=884601",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884601"
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html"
},
{
"name": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325",
"refsource": "CONFIRM",
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html"
},
{
"name": "52315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52315"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0508.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0508.html"
},
{
"name": "57539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57539"
"url": "http://secunia.com/advisories/51928",
"refsource": "MISC",
"name": "http://secunia.com/advisories/51928"
},
{
"name": "FEDORA-2013-1826",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html"
"url": "http://secunia.com/advisories/52315",
"refsource": "MISC",
"name": "http://secunia.com/advisories/52315"
},
{
"url": "http://www.securityfocus.com/bid/57539",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/57539"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:0508",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0508"
},
{
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4",
"refsource": "MISC",
"name": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4"
},
{
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325",
"refsource": "MISC",
"name": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325"
},
{
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=30e2585dd46b62aa3a4abdf6de3f40a20e1743ab",
"refsource": "MISC",
"name": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=30e2585dd46b62aa3a4abdf6de3f40a20e1743ab"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-0220",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-0220"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884601",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=884601"
},
{
"url": "https://fedorahosted.org/sssd/ticket/1781",
"refsource": "MISC",
"name": "https://fedorahosted.org/sssd/ticket/1781"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}

131
2013/0xxx/CVE-2013-0310.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0310",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call."
"value": "CVE-2013-0310 kernel: net: CIPSO_V4_TAG_LOCAL tag NULL pointer dereference"
}
]
},
@ -44,43 +21,103 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-358.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:0496",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0496.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0496.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0496.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=912900",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=912900"
"url": "https://access.redhat.com/errata/RHSA-2013:0496",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0496"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89d7ae34cdda4195809a5a987f697a517a2a3177",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89d7ae34cdda4195809a5a987f697a517a2a3177"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=89d7ae34cdda4195809a5a987f697a517a2a3177",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=89d7ae34cdda4195809a5a987f697a517a2a3177"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.8",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.8"
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.8",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.8"
},
{
"name": "https://github.com/torvalds/linux/commit/89d7ae34cdda4195809a5a987f697a517a2a3177",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/89d7ae34cdda4195809a5a987f697a517a2a3177"
"url": "http://www.openwall.com/lists/oss-security/2013/02/20/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/20/5"
},
{
"name": "[oss-security] 20130219 Re: CVE request -- Linux kernel: net: CIPSO_V4_TAG_LOCAL tag NULL pointer dereference",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/20/5"
"url": "https://access.redhat.com/security/cve/CVE-2013-0310",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-0310"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=912900",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=912900"
},
{
"url": "https://github.com/torvalds/linux/commit/89d7ae34cdda4195809a5a987f697a517a2a3177",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/89d7ae34cdda4195809a5a987f697a517a2a3177"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
]
}

408
2016/3xxx/CVE-2016-3714.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3714",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka \"ImageTragick.\""
"value": "It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application."
}
]
},
@ -44,163 +21,254 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:6.7.2.7-4.el6_7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:6.7.8.9-13.el7_2",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://access.redhat.com/security/vulnerabilities/2296071",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/vulnerabilities/2296071"
},
{
"name": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog",
"refsource": "CONFIRM",
"url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
},
{
"name": "openSUSE-SU-2016:1266",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
},
{
"name": "1035742",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035742"
},
{
"name": "https://imagetragick.com/",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "MISC",
"url": "https://imagetragick.com/"
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588",
"refsource": "CONFIRM",
"url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588"
},
{
"name": "[oss-security] 20160503 ImageMagick Is On Fire -- CVE-2016-3714",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/03/13"
},
{
"name": "SUSE-SU-2016:1301",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00041.html"
},
{
"name": "openSUSE-SU-2016:1326",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
},
{
"name": "USN-2990-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2990-1"
},
{
"name": "openSUSE-SU-2016:1261",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
},
{
"name": "20160513 May 2016 - HipChat Server - Critical Security Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
},
{
"name": "39767",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39767/"
},
{
"name": "SUSE-SU-2016:1260",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
},
{
"name": "http://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "MISC",
"url": "http://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
},
{
"name": "DSA-3746",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3746"
},
{
"name": "GLSA-201611-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-21"
},
{
"name": "SUSE-SU-2016:1275",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
},
{
"name": "SSA:2016-132-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568"
},
{
"name": "https://www.imagemagick.org/script/changelog.php",
"refsource": "CONFIRM",
"url": "https://www.imagemagick.org/script/changelog.php"
},
{
"name": "39791",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39791/"
},
{
"name": "DSA-3580",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3580"
},
{
"name": "89848",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89848"
},
{
"name": "RHSA-2016:0726",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332492",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332492"
},
{
"name": "VU#250519",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/250519"
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.html",
"url": "http://packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.html"
"name": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00041.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00041.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
},
{
"url": "http://packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
},
{
"url": "http://www.debian.org/security/2016/dsa-3580",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3580"
},
{
"url": "http://www.debian.org/security/2016/dsa-3746",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3746"
},
{
"url": "http://www.openwall.com/lists/oss-security/2016/05/03/13",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/05/03/13"
},
{
"url": "http://www.openwall.com/lists/oss-security/2016/05/03/18",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
},
{
"url": "http://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate",
"refsource": "MISC",
"name": "http://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate"
},
{
"url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
},
{
"url": "http://www.securityfocus.com/bid/89848",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/89848"
},
{
"url": "http://www.securitytracker.com/id/1035742",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1035742"
},
{
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568",
"refsource": "MISC",
"name": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568"
},
{
"url": "http://www.ubuntu.com/usn/USN-2990-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2990-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0726",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0726"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-3714",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3714"
},
{
"url": "https://access.redhat.com/security/vulnerabilities/2296071",
"refsource": "MISC",
"name": "https://access.redhat.com/security/vulnerabilities/2296071"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332492",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332492"
},
{
"url": "https://imagetragick.com/",
"refsource": "MISC",
"name": "https://imagetragick.com/"
},
{
"url": "https://security.gentoo.org/glsa/201611-21",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201611-21"
},
{
"url": "https://www.exploit-db.com/exploits/39767/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/39767/"
},
{
"url": "https://www.exploit-db.com/exploits/39791/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/39791/"
},
{
"url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588",
"refsource": "MISC",
"name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588"
},
{
"url": "https://www.imagemagick.org/script/changelog.php",
"refsource": "MISC",
"name": "https://www.imagemagick.org/script/changelog.php"
},
{
"url": "https://www.kb.cert.org/vuls/id/250519",
"refsource": "MISC",
"name": "https://www.kb.cert.org/vuls/id/250519"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\n\nRed Hat Enterprise Linux 6 and 7\n================================\n\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT, SHOW, WIN and PLT commands within image files, simply add the following lines:\n<policy domain=\"coder\" rights=\"none\" pattern=\"EPHEMERAL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"HTTPS\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"HTTP\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"URL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"FTP\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"MVG\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"MSL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"TEXT\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"LABEL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"SHOW\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"WIN\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"PLT\" />\n<policy domain=\"path\" rights=\"none\" pattern=\"@*\" />\n\nwithin the policy map stanza:\n<policymap>\n...\n</policymap>\n\n\nRed Hat Enterprise Linux 5\n==========================\n\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\n\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak"
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}

225
2016/3xxx/CVE-2016-3716.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3716",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image."
"value": "It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to move arbitrary files."
}
]
},
@ -44,103 +21,185 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:6.7.2.7-4.el6_7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:6.7.8.9-13.el7_2",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog",
"refsource": "CONFIRM",
"url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "openSUSE-SU-2016:1266",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
"url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog",
"refsource": "MISC",
"name": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
},
{
"name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588",
"refsource": "CONFIRM",
"url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
},
{
"name": "USN-2990-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2990-1"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
},
{
"name": "openSUSE-SU-2016:1261",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
},
{
"name": "20160513 May 2016 - HipChat Server - Critical Security Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
},
{
"name": "39767",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39767/"
"url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
},
{
"name": "SUSE-SU-2016:1260",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
"url": "http://www.debian.org/security/2016/dsa-3580",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3580"
},
{
"name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
"url": "http://www.openwall.com/lists/oss-security/2016/05/03/18",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
"url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
},
{
"name": "[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568",
"refsource": "MISC",
"name": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568"
},
{
"name": "GLSA-201611-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-21"
"url": "http://www.ubuntu.com/usn/USN-2990-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2990-1"
},
{
"name": "SUSE-SU-2016:1275",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
"url": "https://access.redhat.com/errata/RHSA-2016:0726",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0726"
},
{
"name": "SSA:2016-132-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568"
"url": "https://security.gentoo.org/glsa/201611-21",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201611-21"
},
{
"name": "https://www.imagemagick.org/script/changelog.php",
"refsource": "CONFIRM",
"url": "https://www.imagemagick.org/script/changelog.php"
"url": "https://www.exploit-db.com/exploits/39767/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/39767/"
},
{
"name": "DSA-3580",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3580"
"url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588",
"refsource": "MISC",
"name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588"
},
{
"name": "RHSA-2016:0726",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
"url": "https://www.imagemagick.org/script/changelog.php",
"refsource": "MISC",
"name": "https://www.imagemagick.org/script/changelog.php"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-3716",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3716"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332504",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332504"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\n\nRed Hat Enterprise Linux 6 and 7\n================================\n\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT,\nSHOW, WIN and PLT commands within image files, simply add the following lines:\n\n<policy domain=\"coder\" rights=\"none\" pattern=\"EPHEMERAL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"HTTPS\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"HTTP\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"URL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"FTP\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"MVG\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"MSL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"TEXT\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"LABEL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"SHOW\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"WIN\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"PLT\" />\n<policy domain=\"path\" rights=\"none\" pattern=\"@*\" />\n\nwithin the policy map stanza:\n\n<policymap>\n...\n</policymap>\n\n\nRed Hat Enterprise Linux 5\n==========================\n\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\n\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak"
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

231
2016/3xxx/CVE-2016-3717.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3717",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image."
"value": "It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to disclose the contents of arbitrary files."
}
]
},
@ -44,108 +21,190 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:6.7.2.7-4.el6_7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:6.7.8.9-13.el7_2",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog",
"refsource": "CONFIRM",
"url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "openSUSE-SU-2016:1266",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
"url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog",
"refsource": "MISC",
"name": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
},
{
"name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588",
"refsource": "CONFIRM",
"url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
},
{
"name": "openSUSE-SU-2016:1326",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
},
{
"name": "USN-2990-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2990-1"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
},
{
"name": "openSUSE-SU-2016:1261",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
},
{
"name": "20160513 May 2016 - HipChat Server - Critical Security Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
},
{
"name": "39767",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39767/"
"url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
},
{
"name": "SUSE-SU-2016:1260",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
"url": "http://www.debian.org/security/2016/dsa-3580",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3580"
},
{
"name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
"url": "http://www.openwall.com/lists/oss-security/2016/05/03/18",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
"url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
},
{
"name": "[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568",
"refsource": "MISC",
"name": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568"
},
{
"name": "GLSA-201611-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-21"
"url": "http://www.ubuntu.com/usn/USN-2990-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2990-1"
},
{
"name": "SUSE-SU-2016:1275",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
"url": "https://access.redhat.com/errata/RHSA-2016:0726",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0726"
},
{
"name": "SSA:2016-132-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568"
"url": "https://security.gentoo.org/glsa/201611-21",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201611-21"
},
{
"name": "https://www.imagemagick.org/script/changelog.php",
"refsource": "CONFIRM",
"url": "https://www.imagemagick.org/script/changelog.php"
"url": "https://www.exploit-db.com/exploits/39767/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/39767/"
},
{
"name": "DSA-3580",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3580"
"url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588",
"refsource": "MISC",
"name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588"
},
{
"name": "RHSA-2016:0726",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
"url": "https://www.imagemagick.org/script/changelog.php",
"refsource": "MISC",
"name": "https://www.imagemagick.org/script/changelog.php"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-3717",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3717"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332505",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332505"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\n\nRed Hat Enterprise Linux 6 and 7\n================================\n\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT,\nSHOW, WIN and PLT commands within image files, simply add the following lines:\n\n<policy domain=\"coder\" rights=\"none\" pattern=\"EPHEMERAL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"HTTPS\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"HTTP\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"URL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"FTP\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"MVG\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"MSL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"TEXT\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"LABEL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"SHOW\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"WIN\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"PLT\" />\n<policy domain=\"path\" rights=\"none\" pattern=\"@*\" />\n\nwithin the policy map stanza:\n\n<policymap>\n...\n</policymap>\n\n\nRed Hat Enterprise Linux 5\n==========================\n\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\n\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak"
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
]
}

231
2016/3xxx/CVE-2016-3718.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3718",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image."
"value": "A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images."
}
]
},
@ -44,108 +21,190 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:6.7.2.7-4.el6_7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:6.7.8.9-13.el7_2",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog",
"refsource": "CONFIRM",
"url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "openSUSE-SU-2016:1266",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
"url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog",
"refsource": "MISC",
"name": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
},
{
"name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588",
"refsource": "CONFIRM",
"url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
},
{
"name": "openSUSE-SU-2016:1326",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
},
{
"name": "USN-2990-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2990-1"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
},
{
"name": "openSUSE-SU-2016:1261",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
},
{
"name": "20160513 May 2016 - HipChat Server - Critical Security Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
},
{
"name": "39767",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39767/"
"url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
},
{
"name": "SUSE-SU-2016:1260",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
"url": "http://www.debian.org/security/2016/dsa-3580",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3580"
},
{
"name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
"url": "http://www.openwall.com/lists/oss-security/2016/05/03/18",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
"url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
},
{
"name": "[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568",
"refsource": "MISC",
"name": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568"
},
{
"name": "GLSA-201611-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-21"
"url": "http://www.ubuntu.com/usn/USN-2990-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2990-1"
},
{
"name": "SUSE-SU-2016:1275",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
"url": "https://access.redhat.com/errata/RHSA-2016:0726",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0726"
},
{
"name": "SSA:2016-132-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568"
"url": "https://security.gentoo.org/glsa/201611-21",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201611-21"
},
{
"name": "https://www.imagemagick.org/script/changelog.php",
"refsource": "CONFIRM",
"url": "https://www.imagemagick.org/script/changelog.php"
"url": "https://www.exploit-db.com/exploits/39767/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/39767/"
},
{
"name": "DSA-3580",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3580"
"url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588",
"refsource": "MISC",
"name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588"
},
{
"name": "RHSA-2016:0726",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
"url": "https://www.imagemagick.org/script/changelog.php",
"refsource": "MISC",
"name": "https://www.imagemagick.org/script/changelog.php"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-3718",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-3718"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332802",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332802"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\n\nRed Hat Enterprise Linux 6 and 7\n================================\n\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT,\nSHOW, WIN and PLT commands within image files, simply add the following lines:\n\n<policy domain=\"coder\" rights=\"none\" pattern=\"EPHEMERAL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"HTTPS\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"HTTP\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"URL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"FTP\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"MVG\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"MSL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"TEXT\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"LABEL\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"SHOW\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"WIN\" />\n<policy domain=\"coder\" rights=\"none\" pattern=\"PLT\" />\n<policy domain=\"path\" rights=\"none\" pattern=\"@*\" />\n\nwithin the policy map stanza:\n\n<policymap>\n...\n</policymap>\n\n\nRed Hat Enterprise Linux 5\n==========================\n\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\n\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak"
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

253
2016/4xxx/CVE-2016-4020.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4020",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR)."
"value": "An information-exposure flaw was found in Quick Emulator (QEMU) in Task Priority Register (TPR) optimizations for 32-bit Windows guests. The flaw could occur while accessing TPR. A privileged user inside a guest could use this issue to read portions of the host memory."
}
]
},
@ -44,68 +21,220 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:1.5.3-141.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 11.0 (Ocata)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-14.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=691a02e2ce0c413236a78dee6f2651c937b09fb0",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=691a02e2ce0c413236a78dee6f2651c937b09fb0"
"url": "http://www.ubuntu.com/usn/USN-2974-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1313686",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1313686"
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[qemu-devel] 20160407 [Qemu-devel] [PATCH] i386: kvmvapic: initialise imm32 variable",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.html"
"url": "https://security.gentoo.org/glsa/201609-01",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "86067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/86067"
"url": "https://access.redhat.com/errata/RHSA-2017:2392",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "[qemu-devel] 20160407 Re: [Qemu-devel] [PATCH] i386: kvmvapic: initialise imm32 variable",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html"
"url": "https://access.redhat.com/errata/RHSA-2017:2408",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=691a02e2ce0c413236a78dee6f2651c937b09fb0",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=691a02e2ce0c413236a78dee6f2651c937b09fb0"
},
{
"name": "GLSA-201609-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201609-01"
"url": "http://www.securityfocus.com/bid/86067",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/86067"
},
{
"name": "USN-2974-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2974-1"
"url": "https://access.redhat.com/errata/RHSA-2017:1856",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1856"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
"url": "https://access.redhat.com/security/cve/CVE-2016-4020",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-4020"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1313686",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1313686"
},
{
"name": "RHSA-2017:1856",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1856"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.html"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Donghai Zdh (Alibaba Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
]
}

395
2016/4xxx/CVE-2016-4451.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4451",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization."
"value": "It was found that Satellite 6 did not properly enforce access controls on certain resources. An attacker, with access to the API and knowledge of the ID name, can potentially access other resources in other organizations."
}
]
},
@ -44,33 +21,369 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 6.3 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2.1.14-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.34-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:201801241201-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.4-1",
"version_affected": "!"
},
{
"version_value": "1:1.15.6.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.4-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.15.6.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5-15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.5.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5.26-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.2.1.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.13.4.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.16-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:4.0.5-4.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.9-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.0-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.2.1-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.4-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.10-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.6.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.0-1.git.0.b5c2768.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.7-2.git.0.3b416c9.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.3.0-23.0.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.3.0.12-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.1.1.4-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:10.0.2.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:9.1.5.3-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.1.0.3-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.14-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.11-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.13-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.7.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.6-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.9.6.4-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.8-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.0.1-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.4.16-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.9-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.0.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.3.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.0.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3.3-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.5-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.12-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.3.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.4.5.58-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.fm1_15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.10-1.fm1_15.el7sat",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:0336",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0336"
"url": "https://access.redhat.com/errata/RHSA-2018:0336",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0336"
},
{
"name": "https://theforeman.org/security.html#2016-4451",
"refsource": "CONFIRM",
"url": "https://theforeman.org/security.html#2016-4451"
"url": "http://projects.theforeman.org/issues/15182",
"refsource": "MISC",
"name": "http://projects.theforeman.org/issues/15182"
},
{
"name": "http://projects.theforeman.org/projects/foreman/repository/revisions/1144040f444b4bf4aae81940a150b26b23b4623c",
"refsource": "CONFIRM",
"url": "http://projects.theforeman.org/projects/foreman/repository/revisions/1144040f444b4bf4aae81940a150b26b23b4623c"
"url": "http://projects.theforeman.org/projects/foreman/repository/revisions/1144040f444b4bf4aae81940a150b26b23b4623c",
"refsource": "MISC",
"name": "http://projects.theforeman.org/projects/foreman/repository/revisions/1144040f444b4bf4aae81940a150b26b23b4623c"
},
{
"name": "http://projects.theforeman.org/issues/15182",
"refsource": "CONFIRM",
"url": "http://projects.theforeman.org/issues/15182"
"url": "https://access.redhat.com/security/cve/CVE-2016-4451",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-4451"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1339889",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1339889"
},
{
"url": "https://theforeman.org/security.html#2016-4451",
"refsource": "MISC",
"name": "https://theforeman.org/security.html#2016-4451"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Marek Hul\u00e1n (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
}
]
}

333
2016/4xxx/CVE-2016-4457.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4457",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate."
"value": "CloudForms includes a default SSL/TLS certificate for the web server. This certificate is replaced at install time. However if an attacker were able to man-in-the-middle an administrator while installing the new certificate, the attacker could get a copy of the uploaded private key allowing for future attacks."
}
]
},
@ -44,33 +21,307 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Use of Hard-coded Credentials",
"cweId": "CWE-798"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "CloudForms Management Engine 5.7",
"version": {
"version_data": [
{
"version_value": "0:5.7.3.2-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.7.2-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:4.1.5-1.el7cf",
"version_affected": "!"
}
]
}
},
{
"product_name": "CloudForms Management Engine 5.8",
"version": {
"version_data": [
{
"version_value": "0:2.2.1.0-2.el7",
"version_affected": "!"
},
{
"version_value": "0:3.1.2-1.el7at",
"version_affected": "!"
},
{
"version_value": "0:0.1.7-1.el7",
"version_affected": "!"
},
{
"version_value": "0:5.8.0.17-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:19.0.4-1.el7at",
"version_affected": "!"
},
{
"version_value": "0:1.5.1-2.el7cf",
"version_affected": "!"
},
{
"version_value": "0:2.0.0-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.17-23.el7",
"version_affected": "!"
},
{
"version_value": "0:0.42.0-4.el7",
"version_affected": "!"
},
{
"version_value": "1:1.10.2-1.el7at",
"version_affected": "!"
},
{
"version_value": "0:9.4.11-2PGDG.el7at",
"version_affected": "!"
},
{
"version_value": "0:9.0r2-10.el7cf",
"version_affected": "!"
},
{
"version_value": "0:2.6.1-7.el7",
"version_affected": "!"
},
{
"version_value": "0:0.11-4.el7",
"version_affected": "!"
},
{
"version_value": "0:0.9.1-2.1.el7",
"version_affected": "!"
},
{
"version_value": "0:0.71c-2.el7",
"version_affected": "!"
},
{
"version_value": "0:0.6.10-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.15.2-3.el7",
"version_affected": "!"
},
{
"version_value": "0:1.6.5-1.1.el7",
"version_affected": "!"
},
{
"version_value": "0:3.6.5-1.el7at",
"version_affected": "!"
},
{
"version_value": "0:1.2.1-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:3.1.3-2.el7cf",
"version_affected": "!"
},
{
"version_value": "0:3.1.10-3.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.0.7-6.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.9.8-4.el7cf",
"version_affected": "!"
},
{
"version_value": "0:2.7.2-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.6.0-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:2.0.2-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.2.1-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.1.0-2.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.1.0-3.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.6.8-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:4.1.5-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.18.2-5.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.1.7-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:3.3.0-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.1.0-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.25.0-b10.2.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.7.0-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.0.7.1-3.el7cf",
"version_affected": "!"
},
{
"version_value": "0:0.6.3-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.4-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:1.06-1.el7",
"version_affected": "!"
},
{
"version_value": "0:3.1.3-3.el7",
"version_affected": "!"
},
{
"version_value": "0:1.3.14-7.el7cf",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1601",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1601"
"url": "http://www.securitytracker.com/id/1038599",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1038599"
},
{
"name": "RHSA-2017:1367",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1367"
"url": "https://access.redhat.com/errata/RHSA-2017:1367",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1367"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1341308",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341308"
"url": "https://access.redhat.com/errata/RHSA-2017:1601",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1601"
},
{
"name": "1038599",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038599"
"url": "https://access.redhat.com/security/cve/CVE-2016-4457",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-4457"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341308",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1341308"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Simon Lukasik (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
]
}

271
2016/4xxx/CVE-2016-4463.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4463",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD."
"value": "A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an application using Xerces-C by tricking it into processing specially crafted data."
}
]
},
@ -44,88 +21,184 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.1.1-9.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.1.1-8.el7_4.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.1.1-8.el7_5.1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "https://issues.apache.org/jira/browse/XERCESC-2069",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/XERCESC-2069"
},
{
"name": "https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510&version=12336069",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510&version=12336069"
},
{
"name": "RHSA-2018:3335",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3335"
},
{
"name": "DSA-3610",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2016/dsa-3610"
},
{
"name": "1036211",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036211"
},
{
"name": "openSUSE-SU-2016:2232",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00013.html"
},
{
"name": "RHSA-2018:3506",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3506"
},
{
"name": "RHSA-2018:3514",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3514"
},
{
"name": "91501",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91501"
},
{
"name": "http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt",
"refsource": "CONFIRM",
"url": "http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt"
},
{
"name": "20160629 CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538784/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/137714/Apache-Xerces-C-XML-Parser-Crash.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137714/Apache-Xerces-C-XML-Parser-Crash.html"
},
{
"name": "openSUSE-SU-2016:1808",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html"
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00013.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00013.html"
},
{
"url": "http://packetstormsecurity.com/files/137714/Apache-Xerces-C-XML-Parser-Crash.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/137714/Apache-Xerces-C-XML-Parser-Crash.html"
},
{
"url": "http://www.securityfocus.com/archive/1/538784/100/0/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/538784/100/0/threaded"
},
{
"url": "http://www.securityfocus.com/bid/91501",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/91501"
},
{
"url": "http://www.securitytracker.com/id/1036211",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1036211"
},
{
"url": "http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt",
"refsource": "MISC",
"name": "http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt"
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:3335",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3335"
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:3506",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3506"
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:3514",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3514"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-4463",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-4463"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348845",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1348845"
},
{
"url": "https://issues.apache.org/jira/browse/XERCESC-2069",
"refsource": "MISC",
"name": "https://issues.apache.org/jira/browse/XERCESC-2069"
},
{
"url": "https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510&version=12336069",
"refsource": "MISC",
"name": "https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510&version=12336069"
},
{
"url": "https://www.debian.org/security/2016/dsa-3610",
"refsource": "MISC",
"name": "https://www.debian.org/security/2016/dsa-3610"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

208
2016/4xxx/CVE-2016-4475.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4475",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors."
"value": "It was found that the foreman API and UI actions and URLs are not properly limited to the organizations and locations they were assigned to. This could allow an attacker to view and update other organizations and locations in the system that they should not be allowed to."
}
]
},
@ -44,38 +21,181 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 6.2 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:1.11.0.51-1.el6sat",
"version_affected": "!"
},
{
"version_value": "1:1.11.0.10-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.5-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.8.3.4-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:6.2.1-1.2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:5.0.0.9-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.5-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.22.25-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0.70-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.el6sat",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Satellite 6.2 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:1.11.0.51-1.el7sat",
"version_affected": "!"
},
{
"version_value": "1:1.11.0.10-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.8.3.4-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.2.1-1.2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.0.0.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.22.25-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0.70-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.el7sat",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://theforeman.org/security.html#2016-4475",
"refsource": "CONFIRM",
"url": "https://theforeman.org/security.html#2016-4475"
"url": "http://projects.theforeman.org/issues/15268",
"refsource": "MISC",
"name": "http://projects.theforeman.org/issues/15268"
},
{
"name": "http://projects.theforeman.org/issues/15268",
"refsource": "CONFIRM",
"url": "http://projects.theforeman.org/issues/15268"
"url": "http://projects.theforeman.org/projects/foreman/repository/revisions/a30ab44ed6f140f1791afc51a1e448afc2ff28f9",
"refsource": "MISC",
"name": "http://projects.theforeman.org/projects/foreman/repository/revisions/a30ab44ed6f140f1791afc51a1e448afc2ff28f9"
},
{
"name": "RHBA-2016:1615",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2016:1615"
"url": "http://www.securityfocus.com/bid/92125",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92125"
},
{
"name": "http://projects.theforeman.org/projects/foreman/repository/revisions/a30ab44ed6f140f1791afc51a1e448afc2ff28f9",
"refsource": "CONFIRM",
"url": "http://projects.theforeman.org/projects/foreman/repository/revisions/a30ab44ed6f140f1791afc51a1e448afc2ff28f9"
"url": "https://access.redhat.com/errata/RHBA-2016:1615",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2016:1615"
},
{
"name": "92125",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92125"
"url": "https://access.redhat.com/security/cve/CVE-2016-4475",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-4475"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342439",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1342439"
},
{
"url": "https://theforeman.org/security.html#2016-4475",
"refsource": "MISC",
"name": "https://theforeman.org/security.html#2016-4475"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
]
}

242
2016/4xxx/CVE-2016-4581.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4581",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls."
"value": "CVE-2016-4581 kernel: Slave being first propagated copy causes oops in propagate_mnt"
}
]
},
@ -44,123 +21,198 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.rt56.420.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-514.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-3006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3006-1"
"url": "http://www.debian.org/security/2016/dsa-3607",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3004-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3004-1"
"url": "http://www.ubuntu.com/usn/USN-2989-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2989-1"
},
{
"name": "90607",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90607"
"url": "http://www.ubuntu.com/usn/USN-2998-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2998-1"
},
{
"name": "USN-3001-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3001-1"
"url": "http://www.ubuntu.com/usn/USN-3000-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
"url": "http://www.ubuntu.com/usn/USN-3001-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"name": "USN-3005-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3005-1"
"url": "http://www.ubuntu.com/usn/USN-3002-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4"
"url": "http://www.ubuntu.com/usn/USN-3003-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "RHSA-2016:2584",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
"url": "http://www.ubuntu.com/usn/USN-3004-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "RHSA-2016:2574",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
"url": "http://www.ubuntu.com/usn/USN-3005-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"name": "openSUSE-SU-2016:1641",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
"url": "http://www.ubuntu.com/usn/USN-3006-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3000-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3000-1"
"url": "http://www.ubuntu.com/usn/USN-3007-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1333712",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333712"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"name": "https://github.com/torvalds/linux/commit/5ec0811d30378ae104f250bfc9b3640242d81e3f",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/5ec0811d30378ae104f250bfc9b3640242d81e3f"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "USN-3002-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3002-1"
"url": "https://access.redhat.com/errata/RHSA-2016:2574",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2574"
},
{
"name": "USN-2989-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2989-1"
"url": "https://access.redhat.com/errata/RHSA-2016:2584",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2584"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5ec0811d30378ae104f250bfc9b3640242d81e3f",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5ec0811d30378ae104f250bfc9b3640242d81e3f"
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name": "USN-3007-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3007-1"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5ec0811d30378ae104f250bfc9b3640242d81e3f",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5ec0811d30378ae104f250bfc9b3640242d81e3f"
},
{
"name": "[oss-security] 20160511 CVE request: Mishandling the first propagated copy being a slave",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/11/2"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4"
},
{
"name": "USN-3003-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3003-1"
"url": "http://www.openwall.com/lists/oss-security/2016/05/11/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/05/11/2"
},
{
"name": "USN-2998-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2998-1"
"url": "http://www.securityfocus.com/bid/90607",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/90607"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-4581",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-4581"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333712",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1333712"
},
{
"url": "https://github.com/torvalds/linux/commit/5ec0811d30378ae104f250bfc9b3640242d81e3f",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/5ec0811d30378ae104f250bfc9b3640242d81e3f"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Eric W. Biederman (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.7,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
]
}

168
2016/4xxx/CVE-2016-4985.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4985",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource."
"value": "An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew (or was able to guess) the MAC address of a network card belonging to a node, the flaw could be exploited by sending a crafted POST request to the node's /v1/drivers/$DRIVER_NAME/vendor_passthru resource. The response included the node's full details, including management passwords, even if the /etc/ironic/policy.json file was configured to hide passwords in API responses."
}
]
},
@ -44,48 +21,139 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Authentication Bypass by Spoofing",
"cweId": "CWE-290"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2015.1.2-4.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"version": {
"version_data": [
{
"version_value": "1:4.2.5-1.el7ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://review.openstack.org/332197",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/332197"
"url": "http://www.openwall.com/lists/oss-security/2016/06/21/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/06/21/6"
},
{
"name": "https://bugs.launchpad.net/ironic/+bug/1572796",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ironic/+bug/1572796"
"url": "https://access.redhat.com/errata/RHSA-2016:1377",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1377"
},
{
"name": "[oss-security] 20160621 Ironic node information including credentials exposed to unathenticated users",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/21/6"
"url": "https://access.redhat.com/errata/RHSA-2016:1378",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1378"
},
{
"name": "https://review.openstack.org/332195",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/332195"
"url": "https://access.redhat.com/security/cve/CVE-2016-4985",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-4985"
},
{
"name": "RHSA-2016:1378",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1378"
"url": "https://bugs.launchpad.net/ironic/+bug/1572796",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/ironic/+bug/1572796"
},
{
"name": "RHSA-2016:1377",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1377"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346193",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1346193"
},
{
"name": "https://review.openstack.org/332196",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/332196"
"url": "https://review.openstack.org/332195",
"refsource": "MISC",
"name": "https://review.openstack.org/332195"
},
{
"url": "https://review.openstack.org/332196",
"refsource": "MISC",
"name": "https://review.openstack.org/332196"
},
{
"url": "https://review.openstack.org/332197",
"refsource": "MISC",
"name": "https://review.openstack.org/332197"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank the OpenStack Ironic project for reporting this issue. Upstream acknowledges Devananda van der Veen (IBM) as the original reporter."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
}

286
2016/5xxx/CVE-2016-5003.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5003",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element."
"value": "A flaw was discovered in the Apache XML-RPC (ws-xmlrpc) library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a <ex:serializable> element."
}
]
},
@ -44,78 +21,225 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:3.0-4.17.el6_9",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "1:3.1.3-9.el7_5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "1:3.1.3-8.16.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS",
"version": {
"version_data": [
{
"version_value": "1:3.1.3-8.16.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "1:3.1.3-8.16.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS",
"version": {
"version_data": [
{
"version_value": "1:3.1.3-8.16.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS",
"version": {
"version_data": [
{
"version_value": "1:3.1.3-8.16.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS",
"version": {
"version_data": [
{
"version_value": "1:3.1.3-8.16.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "1:3.1.3-9.el7_5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160712 Vulnerabilities in Apache Archiva",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/12/5"
},
{
"name": "RHSA-2018:1779",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1779"
},
{
"name": "RHSA-2018:1784",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1784"
},
{
"name": "91738",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91738"
},
{
"name": "RHSA-2018:2317",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2317"
},
{
"name": "1036294",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036294"
},
{
"name": "RHSA-2018:1780",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1780"
},
{
"name": "https://0ang3el.blogspot.ru/2016/07/beware-of-ws-xmlrpc-library-in-your.html",
"url": "http://www.openwall.com/lists/oss-security/2016/07/12/5",
"refsource": "MISC",
"url": "https://0ang3el.blogspot.ru/2016/07/beware-of-ws-xmlrpc-library-in-your.html"
"name": "http://www.openwall.com/lists/oss-security/2016/07/12/5"
},
{
"name": "apache-archiva-cve20165003-code-exec(115043)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/115043"
"url": "http://www.securityfocus.com/bid/91736",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/91736"
},
{
"name": "91736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91736"
"url": "http://www.securitytracker.com/id/1036294",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1036294"
},
{
"name": "RHSA-2018:3768",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3768"
"url": "https://access.redhat.com/errata/RHSA-2018:3768",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3768"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200116 [CVE-2019-17570] xmlrpc-common untrusted deserialization",
"url": "http://www.openwall.com/lists/oss-security/2020/01/16/1"
"url": "http://www.openwall.com/lists/oss-security/2020/01/16/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/01/16/1"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200124 RE: [CVE-2019-17570] xmlrpc-common untrusted deserialization",
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/2"
"url": "http://www.openwall.com/lists/oss-security/2020/01/24/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/01/24/2"
},
{
"url": "http://www.securityfocus.com/bid/91738",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/91738"
},
{
"url": "https://0ang3el.blogspot.ru/2016/07/beware-of-ws-xmlrpc-library-in-your.html",
"refsource": "MISC",
"name": "https://0ang3el.blogspot.ru/2016/07/beware-of-ws-xmlrpc-library-in-your.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:1779",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1779"
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:1780",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1780"
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:1784",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1784"
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:2317",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2317"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-5003",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-5003"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508123",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1508123"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/115043",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/115043"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Setting enabledForExtensions is false by default, thus <ex:serializable> elements are not automatically deserialized. However, if you have it enabled and you don't need any of the provided functions (https://ws.apache.org/xmlrpc/extensions.html) we suggest you disable it."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}

139
2016/5xxx/CVE-2016-5432.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5432",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files."
"value": "It was found that the ovirt-engine-provisiondb utility did not correctly sanitize the authentication details used with the \u201c\u2014provision*db\u201d options from the output before storing them in log files. This could allow an attacker with read access to these log files to obtain sensitive information such as passwords."
}
]
},
@ -44,33 +21,113 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Cleartext Storage of Sensitive Information",
"cweId": "CWE-312"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "RHEV Engine version 4.0",
"version": {
"version_data": [
{
"version_value": "0:4.0.4.4-1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129",
"refsource": "CONFIRM",
"url": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129"
"url": "http://rhn.redhat.com/errata/RHSA-2016-1967.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1967.html"
},
{
"name": "RHSA-2016:1967",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1967.html"
"url": "http://www.securityfocus.com/bid/92694",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92694"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1371428",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371428"
"url": "https://access.redhat.com/errata/RHSA-2016:1967",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1967"
},
{
"name": "92694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92694"
"url": "https://access.redhat.com/security/cve/CVE-2016-5432",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-5432"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371428",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1371428"
},
{
"url": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129",
"refsource": "MISC",
"name": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Yedidyah Bar David (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
}

235
2016/7xxx/CVE-2016-7466.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7466",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device."
"value": "A memory-leak flaw was found in the Quick Emulator(QEMU) built with USB xHCI controller emulation support. The flaw could occur while doing a USB-device unplug operation. Unplugging the device repeatedly resulted in leaking host memory, which affected other services on the host. A privileged user inside the guest could exploit this flaw to cause a denial of service on the host or potentially crash the host's QEMU process instance."
}
]
},
@ -44,58 +21,204 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 11.0 (Ocata)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-14.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160920 CVE Request Qemu: usb: xhci memory leakage during device unplug",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/19/8"
"url": "https://access.redhat.com/errata/RHSA-2017:2392",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "[oss-security] 20160920 Re: CVE Request Qemu: usb: xhci memory leakage during device unplug",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/20/3"
"url": "https://access.redhat.com/errata/RHSA-2017:2408",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "GLSA-201611-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-11"
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "93029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93029"
"url": "https://security.gentoo.org/glsa/201611-11",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=b53dd4495ced2432a0b652ea895e651d07336f7e",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=b53dd4495ced2432a0b652ea895e651d07336f7e"
},
{
"name": "openSUSE-SU-2016:3237",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
"url": "http://www.openwall.com/lists/oss-security/2016/09/19/8",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/09/19/8"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=b53dd4495ced2432a0b652ea895e651d07336f7e",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=b53dd4495ced2432a0b652ea895e651d07336f7e"
"url": "http://www.openwall.com/lists/oss-security/2016/09/20/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/09/20/3"
},
{
"name": "[qemu-devel] 20160913 [PATCH v2] usb:xhci:fix memory leak in usb_xhci_exit",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg02773.html"
"url": "http://www.securityfocus.com/bid/93029",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/93029"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
"url": "https://access.redhat.com/security/cve/CVE-2016-7466",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-7466"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377837",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1377837"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg02773.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg02773.html"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Li Qiang (360.cn Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
]
}