diff --git a/2013/0xxx/CVE-2013-0162.json b/2013/0xxx/CVE-2013-0162.json
index f97125815db..b0baa84e749 100644
--- a/2013/0xxx/CVE-2013-0162.json
+++ b/2013/0xxx/CVE-2013-0162.json
@@ -1,40 +1,17 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0162",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp."
+ "value": "CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage"
}
]
},
@@ -44,28 +21,324 @@
"description": [
{
"lang": "eng",
- "value": "n/a"
+ "value": "Insecure Temporary File",
+ "cweId": "CWE-377"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "CloudForms for RHEL 6",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "1:3.0.10-10.el6cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:2.1.4-3.el6cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.5.0-0.9.beta4.el6cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "1:1.3.0-3.el6cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.5.5-2.el6cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:3.8-6.el6cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:2.6.1-7.el6cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:2.0.4-6.el6cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:2.11.3-5.el6cf",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Subscription Asset Manager 1.2",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:1.7-2.el6_3",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.6-4_redhat_1.ep6.el6.1",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.7.23-1.el6_3",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.19.9-5.el6_3",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.2.1-15h.el6_3",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.2.1-1h.el6_3",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.2.1-12h.el6_3",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.2.3-3h.el6_3",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.2.1-2h.el6_3",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:3.6.1-10h.el6_3",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:2.6.17-2.el6cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:2.1.5-4.el6_3",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "1:3.0.10-10.el6cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.0.12-2.el6cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.1.3-1.el6_3",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:2.3.0-3.el6cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "1:1.3.0-3.el6cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:2.0.4-6.el6cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.6.5-0.12.git58097d9h.el6_3",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.0.4-2.el6_3",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.0.28-1.el6_3",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "RHEL 6 Version of OpenShift Enterprise",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:2.26.0-10.el6",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.0.16-1.el6op",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.0.11-1.el6op",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.0.15-1.el6op",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.0.3-1.el6op",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.0.4-1.el6op",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.0.13-1.el6op",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.0.2-1.el6op",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.0.5-1.el6op",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.0.3-2.el6op",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.0.7-1.el6op",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.0.8-1.el6op",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:5.3.3-22.el6",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.9.3.327-25.el6",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "1:3.2.8-3.el6",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:3.2.8-2.el6",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:2.3.1-3.el6op",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "1:3.0.13-4.el6op",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:3.0.13-3.el6op",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "1:3.0.13-5.el6op",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.8.1-2.el6op",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.0.10-1.el6op",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.0.12-1.el6op",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:2.0.4-6.el6op",
+ "version_affected": "!"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=892806",
+ "url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html",
"refsource": "MISC",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892806"
+ "name": "http://rhn.redhat.com/errata/RHSA-2013-0544.html"
},
{
- "name": "RHSA-2013:0548",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html"
+ "url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2013-0548.html"
},
{
- "name": "RHSA-2013:0544",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html"
+ "url": "https://access.redhat.com/errata/RHSA-2013:0544",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2013:0544"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2013:0548",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2013:0548"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2013:0582",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2013:0582"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2013-0162",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2013-0162"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892806",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=892806"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "accessComplexity": "LOW",
+ "accessVector": "LOCAL",
+ "authentication": "NONE",
+ "availabilityImpact": "NONE",
+ "availabilityRequirement": "NOT_DEFINED",
+ "baseScore": 2.1,
+ "collateralDamagePotential": "NOT_DEFINED",
+ "confidentialityImpact": "NONE",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "environmentalScore": 0,
+ "exploitability": "NOT_DEFINED",
+ "integrityImpact": "PARTIAL",
+ "integrityRequirement": "NOT_DEFINED",
+ "remediationLevel": "NOT_DEFINED",
+ "reportConfidence": "NOT_DEFINED",
+ "targetDistribution": "NOT_DEFINED",
+ "temporalScore": 0,
+ "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
+ "version": "2.0"
}
]
}
diff --git a/2013/0xxx/CVE-2013-0170.json b/2013/0xxx/CVE-2013-0170.json
index 456b43b6440..7c9cb3520b4 100644
--- a/2013/0xxx/CVE-2013-0170.json
+++ b/2013/0xxx/CVE-2013-0170.json
@@ -1,40 +1,17 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0170",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue."
+ "value": "CVE-2013-0170 libvirt: use-after-free in virNetMessageFree()"
}
]
},
@@ -44,103 +21,163 @@
"description": [
{
"lang": "eng",
- "value": "n/a"
+ "value": "Use After Free",
+ "cweId": "CWE-416"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Red Hat Enterprise Linux 6",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:0.9.10-21.el6_3.8",
+ "version_affected": "!"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "FEDORA-2013-1626",
- "refsource": "FEDORA",
- "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098398.html"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html"
},
{
- "name": "openSUSE-SU-2013:0275",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00002.html"
+ "url": "http://www.ubuntu.com/usn/USN-1708-1",
+ "refsource": "MISC",
+ "name": "http://www.ubuntu.com/usn/USN-1708-1"
},
{
- "name": "89644",
- "refsource": "OSVDB",
- "url": "http://osvdb.org/89644"
+ "url": "http://libvirt.org/news.html",
+ "refsource": "MISC",
+ "name": "http://libvirt.org/news.html"
},
{
- "name": "http://libvirt.org/news.html",
- "refsource": "CONFIRM",
- "url": "http://libvirt.org/news.html"
+ "url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=46532e3e8ed5f5a736a02f67d6c805492f9ca720",
+ "refsource": "MISC",
+ "name": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=46532e3e8ed5f5a736a02f67d6c805492f9ca720"
},
{
- "name": "libvirt-virnetmessagefree-code-exec(81552)",
- "refsource": "XF",
- "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81552"
+ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098326.html",
+ "refsource": "MISC",
+ "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098326.html"
},
{
- "name": "openSUSE-SU-2013:0274",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html"
+ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098370.html",
+ "refsource": "MISC",
+ "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098370.html"
},
{
- "name": "SUSE-SU-2013:0320",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00016.html"
+ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098398.html",
+ "refsource": "MISC",
+ "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098398.html"
},
{
- "name": "FEDORA-2013-1644",
- "refsource": "FEDORA",
- "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098326.html"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00002.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00002.html"
},
{
- "name": "http://wiki.libvirt.org/page/Maintenance_Releases",
- "refsource": "CONFIRM",
- "url": "http://wiki.libvirt.org/page/Maintenance_Releases"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00016.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00016.html"
},
{
- "name": "1028047",
- "refsource": "SECTRACK",
- "url": "http://www.securitytracker.com/id/1028047"
+ "url": "http://osvdb.org/89644",
+ "refsource": "MISC",
+ "name": "http://osvdb.org/89644"
},
{
- "name": "USN-1708-1",
- "refsource": "UBUNTU",
- "url": "http://www.ubuntu.com/usn/USN-1708-1"
+ "url": "http://rhn.redhat.com/errata/RHSA-2013-0199.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2013-0199.html"
},
{
- "name": "FEDORA-2013-1642",
- "refsource": "FEDORA",
- "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098370.html"
+ "url": "http://secunia.com/advisories/52001",
+ "refsource": "MISC",
+ "name": "http://secunia.com/advisories/52001"
},
{
- "name": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720",
- "refsource": "CONFIRM",
- "url": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720"
+ "url": "http://secunia.com/advisories/52003",
+ "refsource": "MISC",
+ "name": "http://secunia.com/advisories/52003"
},
{
- "name": "52001",
- "refsource": "SECUNIA",
- "url": "http://secunia.com/advisories/52001"
+ "url": "http://wiki.libvirt.org/page/Maintenance_Releases",
+ "refsource": "MISC",
+ "name": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
- "name": "RHSA-2013:0199",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2013-0199.html"
+ "url": "http://www.securityfocus.com/bid/57578",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/57578"
},
{
- "name": "57578",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/57578"
+ "url": "http://www.securitytracker.com/id/1028047",
+ "refsource": "MISC",
+ "name": "http://www.securitytracker.com/id/1028047"
},
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=893450",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=893450"
+ "url": "https://access.redhat.com/errata/RHSA-2013:0199",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2013:0199"
},
{
- "name": "52003",
- "refsource": "SECUNIA",
- "url": "http://secunia.com/advisories/52003"
+ "url": "https://access.redhat.com/security/cve/CVE-2013-0170",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2013-0170"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=893450",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=893450"
+ },
+ {
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81552",
+ "refsource": "MISC",
+ "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81552"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "accessComplexity": "HIGH",
+ "accessVector": "ADJACENT_NETWORK",
+ "authentication": "NONE",
+ "availabilityImpact": "COMPLETE",
+ "availabilityRequirement": "NOT_DEFINED",
+ "baseScore": 6.8,
+ "collateralDamagePotential": "NOT_DEFINED",
+ "confidentialityImpact": "COMPLETE",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "environmentalScore": 0,
+ "exploitability": "NOT_DEFINED",
+ "integrityImpact": "COMPLETE",
+ "integrityRequirement": "NOT_DEFINED",
+ "remediationLevel": "NOT_DEFINED",
+ "reportConfidence": "NOT_DEFINED",
+ "targetDistribution": "NOT_DEFINED",
+ "temporalScore": 0,
+ "vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
+ "version": "2.0"
}
]
}
diff --git a/2013/0xxx/CVE-2013-0200.json b/2013/0xxx/CVE-2013-0200.json
index 7a952e8e6de..9c75de2bb0d 100644
--- a/2013/0xxx/CVE-2013-0200.json
+++ b/2013/0xxx/CVE-2013-0200.json
@@ -1,40 +1,17 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0200",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722."
+ "value": "CVE-2013-0200 hplip: insecure temporary file handling flaws"
}
]
},
@@ -44,53 +21,113 @@
"description": [
{
"lang": "eng",
- "value": "n/a"
+ "value": "Insecure Temporary File",
+ "cweId": "CWE-377"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Red Hat Enterprise Linux 6",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:3.12.4-4.el6",
+ "version_affected": "!"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "55083",
- "refsource": "SECUNIA",
- "url": "http://secunia.com/advisories/55083"
- },
- {
- "name": "USN-1981-1",
- "refsource": "UBUNTU",
- "url": "http://www.ubuntu.com/usn/USN-1981-1"
- },
- {
- "name": "ftp://ftp.scientificlinux.org/linux/scientific/6x/SRPMS/vendor/hplip-3.12.4-4.el6.src.rpm",
- "refsource": "CONFIRM",
- "url": "ftp://ftp.scientificlinux.org/linux/scientific/6x/SRPMS/vendor/hplip-3.12.4-4.el6.src.rpm"
- },
- {
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=902163",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=902163"
- },
- {
- "name": "DSA-2829",
- "refsource": "DEBIAN",
- "url": "http://www.debian.org/security/2013/dsa-2829"
- },
- {
- "name": "MDVSA-2013:088",
- "refsource": "MANDRIVA",
- "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:088"
- },
- {
- "name": "http://hplipopensource.com/hplip-web/release_notes.html",
+ "url": "http://www.debian.org/security/2013/dsa-2829",
"refsource": "MISC",
- "url": "http://hplipopensource.com/hplip-web/release_notes.html"
+ "name": "http://www.debian.org/security/2013/dsa-2829"
},
{
- "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0072",
- "refsource": "CONFIRM",
- "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0072"
+ "url": "ftp://ftp.scientificlinux.org/linux/scientific/6x/SRPMS/vendor/hplip-3.12.4-4.el6.src.rpm",
+ "refsource": "MISC",
+ "name": "ftp://ftp.scientificlinux.org/linux/scientific/6x/SRPMS/vendor/hplip-3.12.4-4.el6.src.rpm"
+ },
+ {
+ "url": "http://hplipopensource.com/hplip-web/release_notes.html",
+ "refsource": "MISC",
+ "name": "http://hplipopensource.com/hplip-web/release_notes.html"
+ },
+ {
+ "url": "http://secunia.com/advisories/55083",
+ "refsource": "MISC",
+ "name": "http://secunia.com/advisories/55083"
+ },
+ {
+ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:088",
+ "refsource": "MISC",
+ "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:088"
+ },
+ {
+ "url": "http://www.ubuntu.com/usn/USN-1981-1",
+ "refsource": "MISC",
+ "name": "http://www.ubuntu.com/usn/USN-1981-1"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2013:0500",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2013:0500"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2013-0200",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2013-0200"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=902163",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=902163"
+ },
+ {
+ "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0072",
+ "refsource": "MISC",
+ "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0072"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "accessComplexity": "MEDIUM",
+ "accessVector": "LOCAL",
+ "authentication": "NONE",
+ "availabilityImpact": "NONE",
+ "availabilityRequirement": "NOT_DEFINED",
+ "baseScore": 1.9,
+ "collateralDamagePotential": "NOT_DEFINED",
+ "confidentialityImpact": "NONE",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "environmentalScore": 0,
+ "exploitability": "NOT_DEFINED",
+ "integrityImpact": "PARTIAL",
+ "integrityRequirement": "NOT_DEFINED",
+ "remediationLevel": "NOT_DEFINED",
+ "reportConfidence": "NOT_DEFINED",
+ "targetDistribution": "NOT_DEFINED",
+ "temporalScore": 0,
+ "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
+ "version": "2.0"
}
]
}
diff --git a/2013/0xxx/CVE-2013-0212.json b/2013/0xxx/CVE-2013-0212.json
index 7f89b4e937c..2093c23c409 100644
--- a/2013/0xxx/CVE-2013-0212.json
+++ b/2013/0xxx/CVE-2013-0212.json
@@ -1,40 +1,17 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0212",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages."
+ "value": "CVE-2013-0212 openstack-glance: Backend password leak in Glance error message"
}
]
},
@@ -44,73 +21,133 @@
"description": [
{
"lang": "eng",
- "value": "n/a"
+ "value": "Generation of Error Message Containing Sensitive Information",
+ "cweId": "CWE-209"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "OpenStack Folsom for RHEL 6",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:2012.2.1-4.el6ost",
+ "version_affected": "!"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1",
- "refsource": "CONFIRM",
- "url": "https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1"
- },
- {
- "name": "[openstack] 20130129 [OSSA 2013-002] Backend password leak in Glance error message (CVE-2013-0212)",
- "refsource": "MLIST",
- "url": "https://lists.launchpad.net/openstack/msg20517.html"
- },
- {
- "name": "USN-1710-1",
- "refsource": "UBUNTU",
- "url": "http://ubuntu.com/usn/usn-1710-1"
- },
- {
- "name": "https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7",
- "refsource": "CONFIRM",
- "url": "https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7"
- },
- {
- "name": "https://bugs.launchpad.net/glance/+bug/1098962",
- "refsource": "CONFIRM",
- "url": "https://bugs.launchpad.net/glance/+bug/1098962"
- },
- {
- "name": "https://launchpad.net/glance/+milestone/2012.2.3",
- "refsource": "CONFIRM",
- "url": "https://launchpad.net/glance/+milestone/2012.2.3"
- },
- {
- "name": "[oss-security] 20130129 [OSSA 2013-002] Backend password leak in Glance error message (CVE-2013-0212)",
- "refsource": "MLIST",
- "url": "http://www.openwall.com/lists/oss-security/2013/01/29/10"
- },
- {
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=902964",
+ "url": "http://rhn.redhat.com/errata/RHSA-2013-0209.html",
"refsource": "MISC",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=902964"
+ "name": "http://rhn.redhat.com/errata/RHSA-2013-0209.html"
},
{
- "name": "RHSA-2013:0209",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2013-0209.html"
+ "url": "http://secunia.com/advisories/51957",
+ "refsource": "MISC",
+ "name": "http://secunia.com/advisories/51957"
},
{
- "name": "51990",
- "refsource": "SECUNIA",
- "url": "http://secunia.com/advisories/51990"
+ "url": "http://secunia.com/advisories/51990",
+ "refsource": "MISC",
+ "name": "http://secunia.com/advisories/51990"
},
{
- "name": "https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89",
- "refsource": "CONFIRM",
- "url": "https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89"
+ "url": "http://ubuntu.com/usn/usn-1710-1",
+ "refsource": "MISC",
+ "name": "http://ubuntu.com/usn/usn-1710-1"
},
{
- "name": "51957",
- "refsource": "SECUNIA",
- "url": "http://secunia.com/advisories/51957"
+ "url": "http://www.openwall.com/lists/oss-security/2013/01/29/10",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2013/01/29/10"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2013:0209",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2013:0209"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2013-0212",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2013-0212"
+ },
+ {
+ "url": "https://bugs.launchpad.net/glance/+bug/1098962",
+ "refsource": "MISC",
+ "name": "https://bugs.launchpad.net/glance/+bug/1098962"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=902964",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=902964"
+ },
+ {
+ "url": "https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7",
+ "refsource": "MISC",
+ "name": "https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7"
+ },
+ {
+ "url": "https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1",
+ "refsource": "MISC",
+ "name": "https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1"
+ },
+ {
+ "url": "https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89",
+ "refsource": "MISC",
+ "name": "https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89"
+ },
+ {
+ "url": "https://launchpad.net/glance/+milestone/2012.2.3",
+ "refsource": "MISC",
+ "name": "https://launchpad.net/glance/+milestone/2012.2.3"
+ },
+ {
+ "url": "https://lists.launchpad.net/openstack/msg20517.html",
+ "refsource": "MISC",
+ "name": "https://lists.launchpad.net/openstack/msg20517.html"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "accessComplexity": "LOW",
+ "accessVector": "NETWORK",
+ "authentication": "SINGLE",
+ "availabilityImpact": "NONE",
+ "availabilityRequirement": "NOT_DEFINED",
+ "baseScore": 4,
+ "collateralDamagePotential": "NOT_DEFINED",
+ "confidentialityImpact": "PARTIAL",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "environmentalScore": 0,
+ "exploitability": "NOT_DEFINED",
+ "integrityImpact": "NONE",
+ "integrityRequirement": "NOT_DEFINED",
+ "remediationLevel": "NOT_DEFINED",
+ "reportConfidence": "NOT_DEFINED",
+ "targetDistribution": "NOT_DEFINED",
+ "temporalScore": 0,
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
+ "version": "2.0"
}
]
}
diff --git a/2013/0xxx/CVE-2013-0219.json b/2013/0xxx/CVE-2013-0219.json
index e554e76df66..4a7427c7957 100644
--- a/2013/0xxx/CVE-2013-0219.json
+++ b/2013/0xxx/CVE-2013-0219.json
@@ -1,40 +1,17 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0219",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files."
+ "value": "CVE-2013-0219 sssd: TOCTOU race conditions by copying and removing directory trees"
}
]
},
@@ -44,83 +21,159 @@
"description": [
{
"lang": "eng",
- "value": "n/a"
+ "value": "Time-of-check Time-of-use (TOCTOU) Race Condition",
+ "cweId": "CWE-367"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Red Hat Enterprise Linux 5",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:1.5.1-70.el5",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Enterprise Linux 6",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:1.9.2-82.el6",
+ "version_affected": "!"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4",
- "refsource": "CONFIRM",
- "url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4"
- },
- {
- "name": "51928",
- "refsource": "SECUNIA",
- "url": "http://secunia.com/advisories/51928"
- },
- {
- "name": "FEDORA-2013-1795",
- "refsource": "FEDORA",
- "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html"
- },
- {
- "name": "RHSA-2013:0508",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2013-0508.html"
- },
- {
- "name": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a",
- "refsource": "CONFIRM",
- "url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a"
- },
- {
- "name": "RHSA-2013:1319",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2013-1319.html"
- },
- {
- "name": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047",
- "refsource": "CONFIRM",
- "url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047"
- },
- {
- "name": "52315",
- "refsource": "SECUNIA",
- "url": "http://secunia.com/advisories/52315"
- },
- {
- "name": "https://fedorahosted.org/sssd/ticket/1782",
- "refsource": "CONFIRM",
- "url": "https://fedorahosted.org/sssd/ticket/1782"
- },
- {
- "name": "57539",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/57539"
- },
- {
- "name": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=3843b284cd3e8f88327772ebebc7249990fd87b9",
- "refsource": "CONFIRM",
- "url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=3843b284cd3e8f88327772ebebc7249990fd87b9"
- },
- {
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=884254",
+ "url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047",
"refsource": "MISC",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=884254"
+ "name": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047"
},
{
- "name": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=e864d914a44a37016736554e9257c06b18c57d37",
- "refsource": "CONFIRM",
- "url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=e864d914a44a37016736554e9257c06b18c57d37"
+ "url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=3843b284cd3e8f88327772ebebc7249990fd87b9",
+ "refsource": "MISC",
+ "name": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=3843b284cd3e8f88327772ebebc7249990fd87b9"
},
{
- "name": "FEDORA-2013-1826",
- "refsource": "FEDORA",
- "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html"
+ "url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a",
+ "refsource": "MISC",
+ "name": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a"
+ },
+ {
+ "url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=e864d914a44a37016736554e9257c06b18c57d37",
+ "refsource": "MISC",
+ "name": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=e864d914a44a37016736554e9257c06b18c57d37"
+ },
+ {
+ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html",
+ "refsource": "MISC",
+ "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html"
+ },
+ {
+ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html",
+ "refsource": "MISC",
+ "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html"
+ },
+ {
+ "url": "http://rhn.redhat.com/errata/RHSA-2013-0508.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2013-0508.html"
+ },
+ {
+ "url": "http://rhn.redhat.com/errata/RHSA-2013-1319.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2013-1319.html"
+ },
+ {
+ "url": "http://secunia.com/advisories/51928",
+ "refsource": "MISC",
+ "name": "http://secunia.com/advisories/51928"
+ },
+ {
+ "url": "http://secunia.com/advisories/52315",
+ "refsource": "MISC",
+ "name": "http://secunia.com/advisories/52315"
+ },
+ {
+ "url": "http://www.securityfocus.com/bid/57539",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/57539"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2013:0508",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2013:0508"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2013:1319",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2013:1319"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2013-0219",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2013-0219"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=884254",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=884254"
+ },
+ {
+ "url": "https://fedorahosted.org/sssd/ticket/1782",
+ "refsource": "MISC",
+ "name": "https://fedorahosted.org/sssd/ticket/1782"
+ },
+ {
+ "url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4",
+ "refsource": "MISC",
+ "name": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "accessComplexity": "HIGH",
+ "accessVector": "LOCAL",
+ "authentication": "NONE",
+ "availabilityImpact": "PARTIAL",
+ "availabilityRequirement": "NOT_DEFINED",
+ "baseScore": 3.7,
+ "collateralDamagePotential": "NOT_DEFINED",
+ "confidentialityImpact": "PARTIAL",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "environmentalScore": 0,
+ "exploitability": "NOT_DEFINED",
+ "integrityImpact": "PARTIAL",
+ "integrityRequirement": "NOT_DEFINED",
+ "remediationLevel": "NOT_DEFINED",
+ "reportConfidence": "NOT_DEFINED",
+ "targetDistribution": "NOT_DEFINED",
+ "temporalScore": 0,
+ "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
+ "version": "2.0"
}
]
}
diff --git a/2013/0xxx/CVE-2013-0220.json b/2013/0xxx/CVE-2013-0220.json
index 94884a0fd53..05903d273e3 100644
--- a/2013/0xxx/CVE-2013-0220.json
+++ b/2013/0xxx/CVE-2013-0220.json
@@ -1,40 +1,17 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0220",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet."
+ "value": "CVE-2013-0220 sssd: Out-of-bounds read flaws in autofs and ssh services responders"
}
]
},
@@ -44,68 +21,128 @@
"description": [
{
"lang": "eng",
- "value": "n/a"
+ "value": "Out-of-bounds Read",
+ "cweId": "CWE-125"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Red Hat Enterprise Linux 6",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:1.9.2-82.el6",
+ "version_affected": "!"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "https://fedorahosted.org/sssd/ticket/1781",
- "refsource": "CONFIRM",
- "url": "https://fedorahosted.org/sssd/ticket/1781"
- },
- {
- "name": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4",
- "refsource": "CONFIRM",
- "url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4"
- },
- {
- "name": "51928",
- "refsource": "SECUNIA",
- "url": "http://secunia.com/advisories/51928"
- },
- {
- "name": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=30e2585dd46b62aa3a4abdf6de3f40a20e1743ab",
- "refsource": "CONFIRM",
- "url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=30e2585dd46b62aa3a4abdf6de3f40a20e1743ab"
- },
- {
- "name": "FEDORA-2013-1795",
- "refsource": "FEDORA",
- "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html"
- },
- {
- "name": "RHSA-2013:0508",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2013-0508.html"
- },
- {
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=884601",
+ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html",
"refsource": "MISC",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=884601"
+ "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html"
},
{
- "name": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325",
- "refsource": "CONFIRM",
- "url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325"
+ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html",
+ "refsource": "MISC",
+ "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html"
},
{
- "name": "52315",
- "refsource": "SECUNIA",
- "url": "http://secunia.com/advisories/52315"
+ "url": "http://rhn.redhat.com/errata/RHSA-2013-0508.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2013-0508.html"
},
{
- "name": "57539",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/57539"
+ "url": "http://secunia.com/advisories/51928",
+ "refsource": "MISC",
+ "name": "http://secunia.com/advisories/51928"
},
{
- "name": "FEDORA-2013-1826",
- "refsource": "FEDORA",
- "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html"
+ "url": "http://secunia.com/advisories/52315",
+ "refsource": "MISC",
+ "name": "http://secunia.com/advisories/52315"
+ },
+ {
+ "url": "http://www.securityfocus.com/bid/57539",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/57539"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2013:0508",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2013:0508"
+ },
+ {
+ "url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4",
+ "refsource": "MISC",
+ "name": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4"
+ },
+ {
+ "url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325",
+ "refsource": "MISC",
+ "name": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325"
+ },
+ {
+ "url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=30e2585dd46b62aa3a4abdf6de3f40a20e1743ab",
+ "refsource": "MISC",
+ "name": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=30e2585dd46b62aa3a4abdf6de3f40a20e1743ab"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2013-0220",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2013-0220"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=884601",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=884601"
+ },
+ {
+ "url": "https://fedorahosted.org/sssd/ticket/1781",
+ "refsource": "MISC",
+ "name": "https://fedorahosted.org/sssd/ticket/1781"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "accessComplexity": "LOW",
+ "accessVector": "NETWORK",
+ "authentication": "NONE",
+ "availabilityImpact": "PARTIAL",
+ "availabilityRequirement": "NOT_DEFINED",
+ "baseScore": 5,
+ "collateralDamagePotential": "NOT_DEFINED",
+ "confidentialityImpact": "NONE",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "environmentalScore": 0,
+ "exploitability": "NOT_DEFINED",
+ "integrityImpact": "NONE",
+ "integrityRequirement": "NOT_DEFINED",
+ "remediationLevel": "NOT_DEFINED",
+ "reportConfidence": "NOT_DEFINED",
+ "targetDistribution": "NOT_DEFINED",
+ "temporalScore": 0,
+ "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+ "version": "2.0"
}
]
}
diff --git a/2013/0xxx/CVE-2013-0310.json b/2013/0xxx/CVE-2013-0310.json
index 954e9807678..f7e1db69781 100644
--- a/2013/0xxx/CVE-2013-0310.json
+++ b/2013/0xxx/CVE-2013-0310.json
@@ -1,40 +1,17 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0310",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call."
+ "value": "CVE-2013-0310 kernel: net: CIPSO_V4_TAG_LOCAL tag NULL pointer dereference"
}
]
},
@@ -44,43 +21,103 @@
"description": [
{
"lang": "eng",
- "value": "n/a"
+ "value": "NULL Pointer Dereference",
+ "cweId": "CWE-476"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Red Hat Enterprise Linux 6",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:2.6.32-358.el6",
+ "version_affected": "!"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "RHSA-2013:0496",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2013-0496.html"
+ "url": "http://rhn.redhat.com/errata/RHSA-2013-0496.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2013-0496.html"
},
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=912900",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=912900"
+ "url": "https://access.redhat.com/errata/RHSA-2013:0496",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2013:0496"
},
{
- "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89d7ae34cdda4195809a5a987f697a517a2a3177",
- "refsource": "CONFIRM",
- "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89d7ae34cdda4195809a5a987f697a517a2a3177"
+ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=89d7ae34cdda4195809a5a987f697a517a2a3177",
+ "refsource": "MISC",
+ "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=89d7ae34cdda4195809a5a987f697a517a2a3177"
},
{
- "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.8",
- "refsource": "CONFIRM",
- "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.8"
+ "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.8",
+ "refsource": "MISC",
+ "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.8"
},
{
- "name": "https://github.com/torvalds/linux/commit/89d7ae34cdda4195809a5a987f697a517a2a3177",
- "refsource": "CONFIRM",
- "url": "https://github.com/torvalds/linux/commit/89d7ae34cdda4195809a5a987f697a517a2a3177"
+ "url": "http://www.openwall.com/lists/oss-security/2013/02/20/5",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2013/02/20/5"
},
{
- "name": "[oss-security] 20130219 Re: CVE request -- Linux kernel: net: CIPSO_V4_TAG_LOCAL tag NULL pointer dereference",
- "refsource": "MLIST",
- "url": "http://www.openwall.com/lists/oss-security/2013/02/20/5"
+ "url": "https://access.redhat.com/security/cve/CVE-2013-0310",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2013-0310"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=912900",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=912900"
+ },
+ {
+ "url": "https://github.com/torvalds/linux/commit/89d7ae34cdda4195809a5a987f697a517a2a3177",
+ "refsource": "MISC",
+ "name": "https://github.com/torvalds/linux/commit/89d7ae34cdda4195809a5a987f697a517a2a3177"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "accessComplexity": "MEDIUM",
+ "accessVector": "LOCAL",
+ "authentication": "SINGLE",
+ "availabilityImpact": "COMPLETE",
+ "availabilityRequirement": "NOT_DEFINED",
+ "baseScore": 4.4,
+ "collateralDamagePotential": "NOT_DEFINED",
+ "confidentialityImpact": "NONE",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "environmentalScore": 0,
+ "exploitability": "NOT_DEFINED",
+ "integrityImpact": "NONE",
+ "integrityRequirement": "NOT_DEFINED",
+ "remediationLevel": "NOT_DEFINED",
+ "reportConfidence": "NOT_DEFINED",
+ "targetDistribution": "NOT_DEFINED",
+ "temporalScore": 0,
+ "vectorString": "AV:L/AC:M/Au:S/C:N/I:N/A:C",
+ "version": "2.0"
}
]
}
diff --git a/2016/3xxx/CVE-2016-3714.json b/2016/3xxx/CVE-2016-3714.json
index e67d0e323f4..dd11a992f83 100644
--- a/2016/3xxx/CVE-2016-3714.json
+++ b/2016/3xxx/CVE-2016-3714.json
@@ -1,40 +1,17 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3714",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka \"ImageTragick.\""
+ "value": "It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application."
}
]
},
@@ -44,163 +21,254 @@
"description": [
{
"lang": "eng",
- "value": "n/a"
+ "value": "Improper Input Validation",
+ "cweId": "CWE-20"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Red Hat Enterprise Linux 6",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:6.7.2.7-4.el6_7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Enterprise Linux 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:6.7.8.9-13.el7_2",
+ "version_affected": "!"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "https://access.redhat.com/security/vulnerabilities/2296071",
- "refsource": "CONFIRM",
- "url": "https://access.redhat.com/security/vulnerabilities/2296071"
- },
- {
- "name": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog",
- "refsource": "CONFIRM",
- "url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
- },
- {
- "name": "openSUSE-SU-2016:1266",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
- },
- {
- "name": "1035742",
- "refsource": "SECTRACK",
- "url": "http://www.securitytracker.com/id/1035742"
- },
- {
- "name": "https://imagetragick.com/",
+ "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "MISC",
- "url": "https://imagetragick.com/"
+ "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
- "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
- "refsource": "CONFIRM",
- "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
- },
- {
- "name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588",
- "refsource": "CONFIRM",
- "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588"
- },
- {
- "name": "[oss-security] 20160503 ImageMagick Is On Fire -- CVE-2016-3714",
- "refsource": "MLIST",
- "url": "http://www.openwall.com/lists/oss-security/2016/05/03/13"
- },
- {
- "name": "SUSE-SU-2016:1301",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00041.html"
- },
- {
- "name": "openSUSE-SU-2016:1326",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
- },
- {
- "name": "USN-2990-1",
- "refsource": "UBUNTU",
- "url": "http://www.ubuntu.com/usn/USN-2990-1"
- },
- {
- "name": "openSUSE-SU-2016:1261",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
- },
- {
- "name": "20160513 May 2016 - HipChat Server - Critical Security Advisory",
- "refsource": "BUGTRAQ",
- "url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
- },
- {
- "name": "39767",
- "refsource": "EXPLOIT-DB",
- "url": "https://www.exploit-db.com/exploits/39767/"
- },
- {
- "name": "SUSE-SU-2016:1260",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
- },
- {
- "name": "http://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate",
+ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "MISC",
- "url": "http://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate"
- },
- {
- "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
- "refsource": "CONFIRM",
- "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
- },
- {
- "name": "[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714",
- "refsource": "MLIST",
- "url": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
- },
- {
- "name": "DSA-3746",
- "refsource": "DEBIAN",
- "url": "http://www.debian.org/security/2016/dsa-3746"
- },
- {
- "name": "GLSA-201611-21",
- "refsource": "GENTOO",
- "url": "https://security.gentoo.org/glsa/201611-21"
- },
- {
- "name": "SUSE-SU-2016:1275",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
- },
- {
- "name": "SSA:2016-132-01",
- "refsource": "SLACKWARE",
- "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568"
- },
- {
- "name": "https://www.imagemagick.org/script/changelog.php",
- "refsource": "CONFIRM",
- "url": "https://www.imagemagick.org/script/changelog.php"
- },
- {
- "name": "39791",
- "refsource": "EXPLOIT-DB",
- "url": "https://www.exploit-db.com/exploits/39791/"
- },
- {
- "name": "DSA-3580",
- "refsource": "DEBIAN",
- "url": "http://www.debian.org/security/2016/dsa-3580"
- },
- {
- "name": "89848",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/89848"
- },
- {
- "name": "RHSA-2016:0726",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
- },
- {
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332492",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332492"
- },
- {
- "name": "VU#250519",
- "refsource": "CERT-VN",
- "url": "https://www.kb.cert.org/vuls/id/250519"
+ "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
+ "url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog",
"refsource": "MISC",
- "name": "http://packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.html",
- "url": "http://packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.html"
+ "name": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
+ },
+ {
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
+ },
+ {
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
+ },
+ {
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
+ },
+ {
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
+ },
+ {
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00041.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00041.html"
+ },
+ {
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
+ },
+ {
+ "url": "http://packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.html",
+ "refsource": "MISC",
+ "name": "http://packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.html"
+ },
+ {
+ "url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
+ },
+ {
+ "url": "http://www.debian.org/security/2016/dsa-3580",
+ "refsource": "MISC",
+ "name": "http://www.debian.org/security/2016/dsa-3580"
+ },
+ {
+ "url": "http://www.debian.org/security/2016/dsa-3746",
+ "refsource": "MISC",
+ "name": "http://www.debian.org/security/2016/dsa-3746"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2016/05/03/13",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2016/05/03/13"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2016/05/03/18",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
+ },
+ {
+ "url": "http://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate",
+ "refsource": "MISC",
+ "name": "http://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate"
+ },
+ {
+ "url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
+ },
+ {
+ "url": "http://www.securityfocus.com/bid/89848",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/89848"
+ },
+ {
+ "url": "http://www.securitytracker.com/id/1035742",
+ "refsource": "MISC",
+ "name": "http://www.securitytracker.com/id/1035742"
+ },
+ {
+ "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568",
+ "refsource": "MISC",
+ "name": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568"
+ },
+ {
+ "url": "http://www.ubuntu.com/usn/USN-2990-1",
+ "refsource": "MISC",
+ "name": "http://www.ubuntu.com/usn/USN-2990-1"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2016:0726",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2016:0726"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2016-3714",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2016-3714"
+ },
+ {
+ "url": "https://access.redhat.com/security/vulnerabilities/2296071",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/vulnerabilities/2296071"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332492",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332492"
+ },
+ {
+ "url": "https://imagetragick.com/",
+ "refsource": "MISC",
+ "name": "https://imagetragick.com/"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/201611-21",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/201611-21"
+ },
+ {
+ "url": "https://www.exploit-db.com/exploits/39767/",
+ "refsource": "MISC",
+ "name": "https://www.exploit-db.com/exploits/39767/"
+ },
+ {
+ "url": "https://www.exploit-db.com/exploits/39791/",
+ "refsource": "MISC",
+ "name": "https://www.exploit-db.com/exploits/39791/"
+ },
+ {
+ "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588",
+ "refsource": "MISC",
+ "name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588"
+ },
+ {
+ "url": "https://www.imagemagick.org/script/changelog.php",
+ "refsource": "MISC",
+ "name": "https://www.imagemagick.org/script/changelog.php"
+ },
+ {
+ "url": "https://www.kb.cert.org/vuls/id/250519",
+ "refsource": "MISC",
+ "name": "https://www.kb.cert.org/vuls/id/250519"
+ }
+ ]
+ },
+ "work_around": [
+ {
+ "lang": "en",
+ "value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\n\nRed Hat Enterprise Linux 6 and 7\n================================\n\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT, SHOW, WIN and PLT commands within image files, simply add the following lines:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nwithin the policy map stanza:\n\n...\n\n\n\nRed Hat Enterprise Linux 5\n==========================\n\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\n\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "accessComplexity": "MEDIUM",
+ "accessVector": "NETWORK",
+ "authentication": "NONE",
+ "availabilityImpact": "PARTIAL",
+ "availabilityRequirement": "NOT_DEFINED",
+ "baseScore": 6.8,
+ "collateralDamagePotential": "NOT_DEFINED",
+ "confidentialityImpact": "PARTIAL",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "environmentalScore": 0,
+ "exploitability": "NOT_DEFINED",
+ "integrityImpact": "PARTIAL",
+ "integrityRequirement": "NOT_DEFINED",
+ "remediationLevel": "NOT_DEFINED",
+ "reportConfidence": "NOT_DEFINED",
+ "targetDistribution": "NOT_DEFINED",
+ "temporalScore": 0,
+ "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
+ "version": "2.0"
+ },
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.4,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.0"
}
]
}
diff --git a/2016/3xxx/CVE-2016-3716.json b/2016/3xxx/CVE-2016-3716.json
index 1e8ad4453f5..85cbf4e0738 100644
--- a/2016/3xxx/CVE-2016-3716.json
+++ b/2016/3xxx/CVE-2016-3716.json
@@ -1,40 +1,17 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3716",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image."
+ "value": "It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to move arbitrary files."
}
]
},
@@ -44,103 +21,185 @@
"description": [
{
"lang": "eng",
- "value": "n/a"
+ "value": "Improper Input Validation",
+ "cweId": "CWE-20"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Red Hat Enterprise Linux 6",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:6.7.2.7-4.el6_7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Enterprise Linux 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:6.7.8.9-13.el7_2",
+ "version_affected": "!"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog",
- "refsource": "CONFIRM",
- "url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
+ "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
+ "refsource": "MISC",
+ "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
- "name": "openSUSE-SU-2016:1266",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
+ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
+ "refsource": "MISC",
+ "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
- "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
- "refsource": "CONFIRM",
- "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
+ "url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog",
+ "refsource": "MISC",
+ "name": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
},
{
- "name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588",
- "refsource": "CONFIRM",
- "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
},
{
- "name": "USN-2990-1",
- "refsource": "UBUNTU",
- "url": "http://www.ubuntu.com/usn/USN-2990-1"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
},
{
- "name": "openSUSE-SU-2016:1261",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
},
{
- "name": "20160513 May 2016 - HipChat Server - Critical Security Advisory",
- "refsource": "BUGTRAQ",
- "url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
},
{
- "name": "39767",
- "refsource": "EXPLOIT-DB",
- "url": "https://www.exploit-db.com/exploits/39767/"
+ "url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
},
{
- "name": "SUSE-SU-2016:1260",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
+ "url": "http://www.debian.org/security/2016/dsa-3580",
+ "refsource": "MISC",
+ "name": "http://www.debian.org/security/2016/dsa-3580"
},
{
- "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
- "refsource": "MLIST",
- "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
+ "url": "http://www.openwall.com/lists/oss-security/2016/05/03/18",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
},
{
- "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
- "refsource": "CONFIRM",
- "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
+ "url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
},
{
- "name": "[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714",
- "refsource": "MLIST",
- "url": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
+ "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568",
+ "refsource": "MISC",
+ "name": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568"
},
{
- "name": "GLSA-201611-21",
- "refsource": "GENTOO",
- "url": "https://security.gentoo.org/glsa/201611-21"
+ "url": "http://www.ubuntu.com/usn/USN-2990-1",
+ "refsource": "MISC",
+ "name": "http://www.ubuntu.com/usn/USN-2990-1"
},
{
- "name": "SUSE-SU-2016:1275",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
+ "url": "https://access.redhat.com/errata/RHSA-2016:0726",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2016:0726"
},
{
- "name": "SSA:2016-132-01",
- "refsource": "SLACKWARE",
- "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568"
+ "url": "https://security.gentoo.org/glsa/201611-21",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/201611-21"
},
{
- "name": "https://www.imagemagick.org/script/changelog.php",
- "refsource": "CONFIRM",
- "url": "https://www.imagemagick.org/script/changelog.php"
+ "url": "https://www.exploit-db.com/exploits/39767/",
+ "refsource": "MISC",
+ "name": "https://www.exploit-db.com/exploits/39767/"
},
{
- "name": "DSA-3580",
- "refsource": "DEBIAN",
- "url": "http://www.debian.org/security/2016/dsa-3580"
+ "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588",
+ "refsource": "MISC",
+ "name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588"
},
{
- "name": "RHSA-2016:0726",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
+ "url": "https://www.imagemagick.org/script/changelog.php",
+ "refsource": "MISC",
+ "name": "https://www.imagemagick.org/script/changelog.php"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2016-3716",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2016-3716"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332504",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332504"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html",
+ "refsource": "MISC",
+ "name": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
+ }
+ ]
+ },
+ "work_around": [
+ {
+ "lang": "en",
+ "value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\n\nRed Hat Enterprise Linux 6 and 7\n================================\n\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT,\nSHOW, WIN and PLT commands within image files, simply add the following lines:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nwithin the policy map stanza:\n\n\n...\n\n\n\nRed Hat Enterprise Linux 5\n==========================\n\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\n\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "accessComplexity": "MEDIUM",
+ "accessVector": "NETWORK",
+ "authentication": "NONE",
+ "availabilityImpact": "NONE",
+ "availabilityRequirement": "NOT_DEFINED",
+ "baseScore": 4.3,
+ "collateralDamagePotential": "NOT_DEFINED",
+ "confidentialityImpact": "NONE",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "environmentalScore": 0,
+ "exploitability": "NOT_DEFINED",
+ "integrityImpact": "PARTIAL",
+ "integrityRequirement": "NOT_DEFINED",
+ "remediationLevel": "NOT_DEFINED",
+ "reportConfidence": "NOT_DEFINED",
+ "targetDistribution": "NOT_DEFINED",
+ "temporalScore": 0,
+ "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
+ "version": "2.0"
}
]
}
diff --git a/2016/3xxx/CVE-2016-3717.json b/2016/3xxx/CVE-2016-3717.json
index 279da32a665..1c9a1c7b05a 100644
--- a/2016/3xxx/CVE-2016-3717.json
+++ b/2016/3xxx/CVE-2016-3717.json
@@ -1,40 +1,17 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3717",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image."
+ "value": "It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to disclose the contents of arbitrary files."
}
]
},
@@ -44,108 +21,190 @@
"description": [
{
"lang": "eng",
- "value": "n/a"
+ "value": "Improper Input Validation",
+ "cweId": "CWE-20"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Red Hat Enterprise Linux 6",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:6.7.2.7-4.el6_7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Enterprise Linux 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:6.7.8.9-13.el7_2",
+ "version_affected": "!"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog",
- "refsource": "CONFIRM",
- "url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
+ "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
+ "refsource": "MISC",
+ "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
- "name": "openSUSE-SU-2016:1266",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
+ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
+ "refsource": "MISC",
+ "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
- "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
- "refsource": "CONFIRM",
- "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
+ "url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog",
+ "refsource": "MISC",
+ "name": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
},
{
- "name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588",
- "refsource": "CONFIRM",
- "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
},
{
- "name": "openSUSE-SU-2016:1326",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
},
{
- "name": "USN-2990-1",
- "refsource": "UBUNTU",
- "url": "http://www.ubuntu.com/usn/USN-2990-1"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
},
{
- "name": "openSUSE-SU-2016:1261",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
},
{
- "name": "20160513 May 2016 - HipChat Server - Critical Security Advisory",
- "refsource": "BUGTRAQ",
- "url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
},
{
- "name": "39767",
- "refsource": "EXPLOIT-DB",
- "url": "https://www.exploit-db.com/exploits/39767/"
+ "url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
},
{
- "name": "SUSE-SU-2016:1260",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
+ "url": "http://www.debian.org/security/2016/dsa-3580",
+ "refsource": "MISC",
+ "name": "http://www.debian.org/security/2016/dsa-3580"
},
{
- "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
- "refsource": "MLIST",
- "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
+ "url": "http://www.openwall.com/lists/oss-security/2016/05/03/18",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
},
{
- "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
- "refsource": "CONFIRM",
- "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
+ "url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
},
{
- "name": "[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714",
- "refsource": "MLIST",
- "url": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
+ "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568",
+ "refsource": "MISC",
+ "name": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568"
},
{
- "name": "GLSA-201611-21",
- "refsource": "GENTOO",
- "url": "https://security.gentoo.org/glsa/201611-21"
+ "url": "http://www.ubuntu.com/usn/USN-2990-1",
+ "refsource": "MISC",
+ "name": "http://www.ubuntu.com/usn/USN-2990-1"
},
{
- "name": "SUSE-SU-2016:1275",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
+ "url": "https://access.redhat.com/errata/RHSA-2016:0726",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2016:0726"
},
{
- "name": "SSA:2016-132-01",
- "refsource": "SLACKWARE",
- "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568"
+ "url": "https://security.gentoo.org/glsa/201611-21",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/201611-21"
},
{
- "name": "https://www.imagemagick.org/script/changelog.php",
- "refsource": "CONFIRM",
- "url": "https://www.imagemagick.org/script/changelog.php"
+ "url": "https://www.exploit-db.com/exploits/39767/",
+ "refsource": "MISC",
+ "name": "https://www.exploit-db.com/exploits/39767/"
},
{
- "name": "DSA-3580",
- "refsource": "DEBIAN",
- "url": "http://www.debian.org/security/2016/dsa-3580"
+ "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588",
+ "refsource": "MISC",
+ "name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588"
},
{
- "name": "RHSA-2016:0726",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
+ "url": "https://www.imagemagick.org/script/changelog.php",
+ "refsource": "MISC",
+ "name": "https://www.imagemagick.org/script/changelog.php"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html",
+ "refsource": "MISC",
+ "name": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2016-3717",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2016-3717"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332505",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332505"
+ }
+ ]
+ },
+ "work_around": [
+ {
+ "lang": "en",
+ "value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\n\nRed Hat Enterprise Linux 6 and 7\n================================\n\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT,\nSHOW, WIN and PLT commands within image files, simply add the following lines:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nwithin the policy map stanza:\n\n\n...\n\n\n\nRed Hat Enterprise Linux 5\n==========================\n\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\n\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "accessComplexity": "MEDIUM",
+ "accessVector": "NETWORK",
+ "authentication": "NONE",
+ "availabilityImpact": "NONE",
+ "availabilityRequirement": "NOT_DEFINED",
+ "baseScore": 7.1,
+ "collateralDamagePotential": "NOT_DEFINED",
+ "confidentialityImpact": "COMPLETE",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "environmentalScore": 0,
+ "exploitability": "NOT_DEFINED",
+ "integrityImpact": "NONE",
+ "integrityRequirement": "NOT_DEFINED",
+ "remediationLevel": "NOT_DEFINED",
+ "reportConfidence": "NOT_DEFINED",
+ "targetDistribution": "NOT_DEFINED",
+ "temporalScore": 0,
+ "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
+ "version": "2.0"
}
]
}
diff --git a/2016/3xxx/CVE-2016-3718.json b/2016/3xxx/CVE-2016-3718.json
index 957a59de573..6a8fd46b393 100644
--- a/2016/3xxx/CVE-2016-3718.json
+++ b/2016/3xxx/CVE-2016-3718.json
@@ -1,40 +1,17 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3718",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image."
+ "value": "A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images."
}
]
},
@@ -44,108 +21,190 @@
"description": [
{
"lang": "eng",
- "value": "n/a"
+ "value": "Cross-Site Request Forgery (CSRF)",
+ "cweId": "CWE-352"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Red Hat Enterprise Linux 6",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:6.7.2.7-4.el6_7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Enterprise Linux 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:6.7.8.9-13.el7_2",
+ "version_affected": "!"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog",
- "refsource": "CONFIRM",
- "url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
+ "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
+ "refsource": "MISC",
+ "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
- "name": "openSUSE-SU-2016:1266",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
+ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
+ "refsource": "MISC",
+ "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
- "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
- "refsource": "CONFIRM",
- "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
+ "url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog",
+ "refsource": "MISC",
+ "name": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
},
{
- "name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588",
- "refsource": "CONFIRM",
- "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
},
{
- "name": "openSUSE-SU-2016:1326",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
},
{
- "name": "USN-2990-1",
- "refsource": "UBUNTU",
- "url": "http://www.ubuntu.com/usn/USN-2990-1"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
},
{
- "name": "openSUSE-SU-2016:1261",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
},
{
- "name": "20160513 May 2016 - HipChat Server - Critical Security Advisory",
- "refsource": "BUGTRAQ",
- "url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
},
{
- "name": "39767",
- "refsource": "EXPLOIT-DB",
- "url": "https://www.exploit-db.com/exploits/39767/"
+ "url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
},
{
- "name": "SUSE-SU-2016:1260",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
+ "url": "http://www.debian.org/security/2016/dsa-3580",
+ "refsource": "MISC",
+ "name": "http://www.debian.org/security/2016/dsa-3580"
},
{
- "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
- "refsource": "MLIST",
- "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
+ "url": "http://www.openwall.com/lists/oss-security/2016/05/03/18",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
},
{
- "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
- "refsource": "CONFIRM",
- "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
+ "url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
},
{
- "name": "[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714",
- "refsource": "MLIST",
- "url": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
+ "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568",
+ "refsource": "MISC",
+ "name": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568"
},
{
- "name": "GLSA-201611-21",
- "refsource": "GENTOO",
- "url": "https://security.gentoo.org/glsa/201611-21"
+ "url": "http://www.ubuntu.com/usn/USN-2990-1",
+ "refsource": "MISC",
+ "name": "http://www.ubuntu.com/usn/USN-2990-1"
},
{
- "name": "SUSE-SU-2016:1275",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
+ "url": "https://access.redhat.com/errata/RHSA-2016:0726",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2016:0726"
},
{
- "name": "SSA:2016-132-01",
- "refsource": "SLACKWARE",
- "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568"
+ "url": "https://security.gentoo.org/glsa/201611-21",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/201611-21"
},
{
- "name": "https://www.imagemagick.org/script/changelog.php",
- "refsource": "CONFIRM",
- "url": "https://www.imagemagick.org/script/changelog.php"
+ "url": "https://www.exploit-db.com/exploits/39767/",
+ "refsource": "MISC",
+ "name": "https://www.exploit-db.com/exploits/39767/"
},
{
- "name": "DSA-3580",
- "refsource": "DEBIAN",
- "url": "http://www.debian.org/security/2016/dsa-3580"
+ "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588",
+ "refsource": "MISC",
+ "name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588"
},
{
- "name": "RHSA-2016:0726",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
+ "url": "https://www.imagemagick.org/script/changelog.php",
+ "refsource": "MISC",
+ "name": "https://www.imagemagick.org/script/changelog.php"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html",
+ "refsource": "MISC",
+ "name": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2016-3718",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2016-3718"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332802",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332802"
+ }
+ ]
+ },
+ "work_around": [
+ {
+ "lang": "en",
+ "value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\n\nRed Hat Enterprise Linux 6 and 7\n================================\n\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT,\nSHOW, WIN and PLT commands within image files, simply add the following lines:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nwithin the policy map stanza:\n\n\n...\n\n\n\nRed Hat Enterprise Linux 5\n==========================\n\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\n\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "accessComplexity": "MEDIUM",
+ "accessVector": "NETWORK",
+ "authentication": "NONE",
+ "availabilityImpact": "NONE",
+ "availabilityRequirement": "NOT_DEFINED",
+ "baseScore": 4.3,
+ "collateralDamagePotential": "NOT_DEFINED",
+ "confidentialityImpact": "NONE",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "environmentalScore": 0,
+ "exploitability": "NOT_DEFINED",
+ "integrityImpact": "PARTIAL",
+ "integrityRequirement": "NOT_DEFINED",
+ "remediationLevel": "NOT_DEFINED",
+ "reportConfidence": "NOT_DEFINED",
+ "targetDistribution": "NOT_DEFINED",
+ "temporalScore": 0,
+ "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
+ "version": "2.0"
}
]
}
diff --git a/2016/4xxx/CVE-2016-4020.json b/2016/4xxx/CVE-2016-4020.json
index 3867273a924..b6a06dbd27d 100644
--- a/2016/4xxx/CVE-2016-4020.json
+++ b/2016/4xxx/CVE-2016-4020.json
@@ -1,40 +1,17 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4020",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR)."
+ "value": "An information-exposure flaw was found in Quick Emulator (QEMU) in Task Priority Register (TPR) optimizations for 32-bit Windows guests. The flaw could occur while accessing TPR. A privileged user inside a guest could use this issue to read portions of the host memory."
}
]
},
@@ -44,68 +21,220 @@
"description": [
{
"lang": "eng",
- "value": "n/a"
+ "value": "Exposure of Sensitive Information to an Unauthorized Actor",
+ "cweId": "CWE-200"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Red Hat Enterprise Linux 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "10:1.5.3-141.el7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "10:2.9.0-10.el7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "10:2.9.0-10.el7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "10:2.9.0-10.el7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat OpenStack Platform 11.0 (Ocata)",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "10:2.9.0-10.el7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "10:2.9.0-10.el7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "10:2.9.0-10.el7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "10:2.9.0-14.el7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=691a02e2ce0c413236a78dee6f2651c937b09fb0",
- "refsource": "CONFIRM",
- "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=691a02e2ce0c413236a78dee6f2651c937b09fb0"
+ "url": "http://www.ubuntu.com/usn/USN-2974-1",
+ "refsource": "MISC",
+ "name": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1313686",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1313686"
+ "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html",
+ "refsource": "MISC",
+ "name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
- "name": "[qemu-devel] 20160407 [Qemu-devel] [PATCH] i386: kvmvapic: initialise imm32 variable",
- "refsource": "MLIST",
- "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.html"
+ "url": "https://security.gentoo.org/glsa/201609-01",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/201609-01"
},
{
- "name": "86067",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/86067"
+ "url": "https://access.redhat.com/errata/RHSA-2017:2392",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
- "name": "[qemu-devel] 20160407 Re: [Qemu-devel] [PATCH] i386: kvmvapic: initialise imm32 variable",
- "refsource": "MLIST",
- "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html"
+ "url": "https://access.redhat.com/errata/RHSA-2017:2408",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
- "name": "RHSA-2017:2392",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:2392"
+ "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=691a02e2ce0c413236a78dee6f2651c937b09fb0",
+ "refsource": "MISC",
+ "name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=691a02e2ce0c413236a78dee6f2651c937b09fb0"
},
{
- "name": "GLSA-201609-01",
- "refsource": "GENTOO",
- "url": "https://security.gentoo.org/glsa/201609-01"
+ "url": "http://www.securityfocus.com/bid/86067",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/86067"
},
{
- "name": "USN-2974-1",
- "refsource": "UBUNTU",
- "url": "http://www.ubuntu.com/usn/USN-2974-1"
+ "url": "https://access.redhat.com/errata/RHSA-2017:1856",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:1856"
},
{
- "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
- "refsource": "MLIST",
- "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
+ "url": "https://access.redhat.com/security/cve/CVE-2016-4020",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2016-4020"
},
{
- "name": "RHSA-2017:2408",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:2408"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1313686",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1313686"
},
{
- "name": "RHSA-2017:1856",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:1856"
+ "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.html",
+ "refsource": "MISC",
+ "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.html"
+ },
+ {
+ "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html",
+ "refsource": "MISC",
+ "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Red Hat would like to thank Donghai Zdh (Alibaba Inc.) for reporting this issue."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "accessComplexity": "MEDIUM",
+ "accessVector": "ADJACENT_NETWORK",
+ "authentication": "NONE",
+ "availabilityImpact": "NONE",
+ "availabilityRequirement": "NOT_DEFINED",
+ "baseScore": 2.9,
+ "collateralDamagePotential": "NOT_DEFINED",
+ "confidentialityImpact": "PARTIAL",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "environmentalScore": 0,
+ "exploitability": "NOT_DEFINED",
+ "integrityImpact": "NONE",
+ "integrityRequirement": "NOT_DEFINED",
+ "remediationLevel": "NOT_DEFINED",
+ "reportConfidence": "NOT_DEFINED",
+ "targetDistribution": "NOT_DEFINED",
+ "temporalScore": 0,
+ "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
+ "version": "2.0"
+ },
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "ADJACENT_NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.4,
+ "baseSeverity": "LOW",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
+ "version": "3.0"
}
]
}
diff --git a/2016/4xxx/CVE-2016-4451.json b/2016/4xxx/CVE-2016-4451.json
index 37b9f7c5424..0494f00e2af 100644
--- a/2016/4xxx/CVE-2016-4451.json
+++ b/2016/4xxx/CVE-2016-4451.json
@@ -1,40 +1,17 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4451",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization."
+ "value": "It was found that Satellite 6 did not properly enforce access controls on certain resources. An attacker, with access to the API and knowledge of the ID name, can potentially access other resources in other organizations."
}
]
},
@@ -44,33 +21,369 @@
"description": [
{
"lang": "eng",
- "value": "n/a"
+ "value": "Improper Access Control",
+ "cweId": "CWE-284"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Red Hat Satellite 6.3 for RHEL 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:2.1.14-1.el7",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.15.6.34-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:201801241201-2.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:3.4.4-1",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "1:1.15.6.8-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.15.6.4-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.15.6.2-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.3.1-2.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:3.4.5-15.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:2.4.0-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.5.1-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:3.4.5.26-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:3.0.2-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.5.1-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:2.13.4.6-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:2.4.1-2.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.0.2-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.2.1.1-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:2.13.4-3.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:2.13.4.8-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.3.16-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:4.0.5-4.el7",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.0.9-2.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.3.0-2.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:2.0.2-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.1.6-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.0.1-2.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.0.2.1-1.fm1_15.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.0.4-3.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.0.9-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.1.10-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.6.9-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.3.0-1.git.0.b5c2768.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.3.7-2.git.0.3b416c9.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:6.3.0-23.0.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:6.3.0.12-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:5.1.1.4-1.fm1_15.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:10.0.2.2-1.fm1_15.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:9.1.5.3-1.fm1_15.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:3.1.0.3-1.fm1_15.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.3.14-1.fm1_15.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.7.11-1.fm1_15.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:2.0.13-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.3.7.2-1.fm1_15.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.0.6-1.fm1_15.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.9.6.4-1.fm1_15.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.1.8-1.fm1_15.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:5.0.1-1.fm1_15.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.0.4.16-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.1.9-1.fm1_15.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.11.0.1-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:2.3.0-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.11.0.5-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.0.8-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.1.3.3-2.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.0.0-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.0.6-2.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.1.5-1.fm1_15.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.0.6-1.fm1_15.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.0.12-1.fm1_15.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.0.3-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.11.3.5-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:3.4.5.58-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.0.2-1.fm1_15.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.1.10-1.fm1_15.el7sat",
+ "version_affected": "!"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "RHSA-2018:0336",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2018:0336"
+ "url": "https://access.redhat.com/errata/RHSA-2018:0336",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2018:0336"
},
{
- "name": "https://theforeman.org/security.html#2016-4451",
- "refsource": "CONFIRM",
- "url": "https://theforeman.org/security.html#2016-4451"
+ "url": "http://projects.theforeman.org/issues/15182",
+ "refsource": "MISC",
+ "name": "http://projects.theforeman.org/issues/15182"
},
{
- "name": "http://projects.theforeman.org/projects/foreman/repository/revisions/1144040f444b4bf4aae81940a150b26b23b4623c",
- "refsource": "CONFIRM",
- "url": "http://projects.theforeman.org/projects/foreman/repository/revisions/1144040f444b4bf4aae81940a150b26b23b4623c"
+ "url": "http://projects.theforeman.org/projects/foreman/repository/revisions/1144040f444b4bf4aae81940a150b26b23b4623c",
+ "refsource": "MISC",
+ "name": "http://projects.theforeman.org/projects/foreman/repository/revisions/1144040f444b4bf4aae81940a150b26b23b4623c"
},
{
- "name": "http://projects.theforeman.org/issues/15182",
- "refsource": "CONFIRM",
- "url": "http://projects.theforeman.org/issues/15182"
+ "url": "https://access.redhat.com/security/cve/CVE-2016-4451",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2016-4451"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1339889",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1339889"
+ },
+ {
+ "url": "https://theforeman.org/security.html#2016-4451",
+ "refsource": "MISC",
+ "name": "https://theforeman.org/security.html#2016-4451"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "This issue was discovered by Marek Hul\u00e1n (Red Hat)."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "accessComplexity": "MEDIUM",
+ "accessVector": "NETWORK",
+ "authentication": "SINGLE",
+ "availabilityImpact": "NONE",
+ "availabilityRequirement": "NOT_DEFINED",
+ "baseScore": 4.9,
+ "collateralDamagePotential": "NOT_DEFINED",
+ "confidentialityImpact": "PARTIAL",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "environmentalScore": 0,
+ "exploitability": "NOT_DEFINED",
+ "integrityImpact": "PARTIAL",
+ "integrityRequirement": "NOT_DEFINED",
+ "remediationLevel": "NOT_DEFINED",
+ "reportConfidence": "NOT_DEFINED",
+ "targetDistribution": "NOT_DEFINED",
+ "temporalScore": 0,
+ "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
+ "version": "2.0"
+ },
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N",
+ "version": "3.0"
}
]
}
diff --git a/2016/4xxx/CVE-2016-4457.json b/2016/4xxx/CVE-2016-4457.json
index 9b113f36ab7..06dd2befd56 100644
--- a/2016/4xxx/CVE-2016-4457.json
+++ b/2016/4xxx/CVE-2016-4457.json
@@ -1,40 +1,17 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4457",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate."
+ "value": "CloudForms includes a default SSL/TLS certificate for the web server. This certificate is replaced at install time. However if an attacker were able to man-in-the-middle an administrator while installing the new certificate, the attacker could get a copy of the uploaded private key allowing for future attacks."
}
]
},
@@ -44,33 +21,307 @@
"description": [
{
"lang": "eng",
- "value": "n/a"
+ "value": "Use of Hard-coded Credentials",
+ "cweId": "CWE-798"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "CloudForms Management Engine 5.7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:5.7.3.2-1.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.7.2-1.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:4.1.5-1.el7cf",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "CloudForms Management Engine 5.8",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:2.2.1.0-2.el7",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:3.1.2-1.el7at",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.1.7-1.el7",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:5.8.0.17-1.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:19.0.4-1.el7at",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.5.1-2.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:2.0.0-1.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.17-23.el7",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.42.0-4.el7",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "1:1.10.2-1.el7at",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:9.4.11-2PGDG.el7at",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:9.0r2-10.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:2.6.1-7.el7",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.11-4.el7",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.9.1-2.1.el7",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.71c-2.el7",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.6.10-1.el7",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.15.2-3.el7",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.6.5-1.1.el7",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:3.6.5-1.el7at",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.2.1-1.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:3.1.3-2.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:3.1.10-3.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.0.7-6.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.9.8-4.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:2.7.2-1.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.6.0-1.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:2.0.2-1.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.2.1-1.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.1.0-2.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.1.0-3.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.6.8-1.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:4.1.5-1.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.18.2-5.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.1.7-1.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:3.3.0-1.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.1.0-1.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.1.0-1.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.25.0-b10.2.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.7.0-1.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.0.7.1-3.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.6.3-1.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.4-1.el7cf",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.06-1.el7",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:3.1.3-3.el7",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.3.14-7.el7cf",
+ "version_affected": "!"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "RHSA-2017:1601",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:1601"
+ "url": "http://www.securitytracker.com/id/1038599",
+ "refsource": "MISC",
+ "name": "http://www.securitytracker.com/id/1038599"
},
{
- "name": "RHSA-2017:1367",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:1367"
+ "url": "https://access.redhat.com/errata/RHSA-2017:1367",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:1367"
},
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1341308",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341308"
+ "url": "https://access.redhat.com/errata/RHSA-2017:1601",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:1601"
},
{
- "name": "1038599",
- "refsource": "SECTRACK",
- "url": "http://www.securitytracker.com/id/1038599"
+ "url": "https://access.redhat.com/security/cve/CVE-2016-4457",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2016-4457"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341308",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1341308"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "This issue was discovered by Simon Lukasik (Red Hat)."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "accessComplexity": "MEDIUM",
+ "accessVector": "NETWORK",
+ "authentication": "NONE",
+ "availabilityImpact": "NONE",
+ "availabilityRequirement": "NOT_DEFINED",
+ "baseScore": 5.8,
+ "collateralDamagePotential": "NOT_DEFINED",
+ "confidentialityImpact": "PARTIAL",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "environmentalScore": 0,
+ "exploitability": "NOT_DEFINED",
+ "integrityImpact": "PARTIAL",
+ "integrityRequirement": "NOT_DEFINED",
+ "remediationLevel": "NOT_DEFINED",
+ "reportConfidence": "NOT_DEFINED",
+ "targetDistribution": "NOT_DEFINED",
+ "temporalScore": 0,
+ "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
+ "version": "2.0"
+ },
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "version": "3.0"
}
]
}
diff --git a/2016/4xxx/CVE-2016-4463.json b/2016/4xxx/CVE-2016-4463.json
index 0282ab8526c..b4bee7e7a04 100644
--- a/2016/4xxx/CVE-2016-4463.json
+++ b/2016/4xxx/CVE-2016-4463.json
@@ -1,40 +1,17 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4463",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD."
+ "value": "A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an application using Xerces-C by tricking it into processing specially crafted data."
}
]
},
@@ -44,88 +21,184 @@
"description": [
{
"lang": "eng",
- "value": "n/a"
+ "value": "Stack-based Buffer Overflow",
+ "cweId": "CWE-121"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Red Hat Enterprise Linux 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:3.1.1-9.el7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:3.1.1-8.el7_4.1",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:3.1.1-8.el7_5.1",
+ "version_affected": "!"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
- {
- "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
- "refsource": "CONFIRM",
- "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
- },
- {
- "name": "https://issues.apache.org/jira/browse/XERCESC-2069",
- "refsource": "CONFIRM",
- "url": "https://issues.apache.org/jira/browse/XERCESC-2069"
- },
- {
- "name": "https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510&version=12336069",
- "refsource": "CONFIRM",
- "url": "https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510&version=12336069"
- },
- {
- "name": "RHSA-2018:3335",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2018:3335"
- },
- {
- "name": "DSA-3610",
- "refsource": "DEBIAN",
- "url": "https://www.debian.org/security/2016/dsa-3610"
- },
- {
- "name": "1036211",
- "refsource": "SECTRACK",
- "url": "http://www.securitytracker.com/id/1036211"
- },
- {
- "name": "openSUSE-SU-2016:2232",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00013.html"
- },
- {
- "name": "RHSA-2018:3506",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2018:3506"
- },
- {
- "name": "RHSA-2018:3514",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2018:3514"
- },
- {
- "name": "91501",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/91501"
- },
- {
- "name": "http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt",
- "refsource": "CONFIRM",
- "url": "http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt"
- },
- {
- "name": "20160629 CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD",
- "refsource": "BUGTRAQ",
- "url": "http://www.securityfocus.com/archive/1/538784/100/0/threaded"
- },
- {
- "name": "http://packetstormsecurity.com/files/137714/Apache-Xerces-C-XML-Parser-Crash.html",
- "refsource": "MISC",
- "url": "http://packetstormsecurity.com/files/137714/Apache-Xerces-C-XML-Parser-Crash.html"
- },
- {
- "name": "openSUSE-SU-2016:1808",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html"
- },
{
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html"
+ },
+ {
+ "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
+ "refsource": "MISC",
+ "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
+ },
+ {
+ "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html"
+ },
+ {
+ "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00013.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00013.html"
+ },
+ {
+ "url": "http://packetstormsecurity.com/files/137714/Apache-Xerces-C-XML-Parser-Crash.html",
+ "refsource": "MISC",
+ "name": "http://packetstormsecurity.com/files/137714/Apache-Xerces-C-XML-Parser-Crash.html"
+ },
+ {
+ "url": "http://www.securityfocus.com/archive/1/538784/100/0/threaded",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/archive/1/538784/100/0/threaded"
+ },
+ {
+ "url": "http://www.securityfocus.com/bid/91501",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/91501"
+ },
+ {
+ "url": "http://www.securitytracker.com/id/1036211",
+ "refsource": "MISC",
+ "name": "http://www.securitytracker.com/id/1036211"
+ },
+ {
+ "url": "http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt",
+ "refsource": "MISC",
+ "name": "http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2018:3335",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2018:3335"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2018:3506",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2018:3506"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2018:3514",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2018:3514"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2016-4463",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2016-4463"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348845",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1348845"
+ },
+ {
+ "url": "https://issues.apache.org/jira/browse/XERCESC-2069",
+ "refsource": "MISC",
+ "name": "https://issues.apache.org/jira/browse/XERCESC-2069"
+ },
+ {
+ "url": "https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510&version=12336069",
+ "refsource": "MISC",
+ "name": "https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510&version=12336069"
+ },
+ {
+ "url": "https://www.debian.org/security/2016/dsa-3610",
+ "refsource": "MISC",
+ "name": "https://www.debian.org/security/2016/dsa-3610"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "accessComplexity": "MEDIUM",
+ "accessVector": "NETWORK",
+ "authentication": "NONE",
+ "availabilityImpact": "PARTIAL",
+ "availabilityRequirement": "NOT_DEFINED",
+ "baseScore": 4.3,
+ "collateralDamagePotential": "NOT_DEFINED",
+ "confidentialityImpact": "NONE",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "environmentalScore": 0,
+ "exploitability": "NOT_DEFINED",
+ "integrityImpact": "NONE",
+ "integrityRequirement": "NOT_DEFINED",
+ "remediationLevel": "NOT_DEFINED",
+ "reportConfidence": "NOT_DEFINED",
+ "targetDistribution": "NOT_DEFINED",
+ "temporalScore": 0,
+ "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
+ "version": "2.0"
+ },
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.7,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "version": "3.0"
}
]
}
diff --git a/2016/4xxx/CVE-2016-4475.json b/2016/4xxx/CVE-2016-4475.json
index ffa31cb659b..bcd79617439 100644
--- a/2016/4xxx/CVE-2016-4475.json
+++ b/2016/4xxx/CVE-2016-4475.json
@@ -1,40 +1,17 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4475",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors."
+ "value": "It was found that the foreman API and UI actions and URLs are not properly limited to the organizations and locations they were assigned to. This could allow an attacker to view and update other organizations and locations in the system that they should not be allowed to."
}
]
},
@@ -44,38 +21,181 @@
"description": [
{
"lang": "eng",
- "value": "n/a"
+ "value": "Improper Access Control",
+ "cweId": "CWE-284"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Red Hat Satellite 6.2 for RHEL 6",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:1.11.0.51-1.el6sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "1:1.11.0.10-1.el6sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.11.0.5-1.el6sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:2.8.3.4-1.el6sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:6.2.1-1.2.el6sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:5.0.0.9-1.el6sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.0.5-1.el6sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.0.22.25-1.el6sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:3.0.0.70-1.el6sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.0.2-1.el6sat",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Satellite 6.2 for RHEL 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:1.11.0.51-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "1:1.11.0.10-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.11.0.5-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:2.8.3.4-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:6.2.1-1.2.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:5.0.0.9-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.0.5-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:0.0.22.25-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:3.0.0.70-1.el7sat",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:1.0.2-1.el7sat",
+ "version_affected": "!"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "https://theforeman.org/security.html#2016-4475",
- "refsource": "CONFIRM",
- "url": "https://theforeman.org/security.html#2016-4475"
+ "url": "http://projects.theforeman.org/issues/15268",
+ "refsource": "MISC",
+ "name": "http://projects.theforeman.org/issues/15268"
},
{
- "name": "http://projects.theforeman.org/issues/15268",
- "refsource": "CONFIRM",
- "url": "http://projects.theforeman.org/issues/15268"
+ "url": "http://projects.theforeman.org/projects/foreman/repository/revisions/a30ab44ed6f140f1791afc51a1e448afc2ff28f9",
+ "refsource": "MISC",
+ "name": "http://projects.theforeman.org/projects/foreman/repository/revisions/a30ab44ed6f140f1791afc51a1e448afc2ff28f9"
},
{
- "name": "RHBA-2016:1615",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHBA-2016:1615"
+ "url": "http://www.securityfocus.com/bid/92125",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/92125"
},
{
- "name": "http://projects.theforeman.org/projects/foreman/repository/revisions/a30ab44ed6f140f1791afc51a1e448afc2ff28f9",
- "refsource": "CONFIRM",
- "url": "http://projects.theforeman.org/projects/foreman/repository/revisions/a30ab44ed6f140f1791afc51a1e448afc2ff28f9"
+ "url": "https://access.redhat.com/errata/RHBA-2016:1615",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHBA-2016:1615"
},
{
- "name": "92125",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/92125"
+ "url": "https://access.redhat.com/security/cve/CVE-2016-4475",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2016-4475"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342439",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1342439"
+ },
+ {
+ "url": "https://theforeman.org/security.html#2016-4475",
+ "refsource": "MISC",
+ "name": "https://theforeman.org/security.html#2016-4475"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "accessComplexity": "MEDIUM",
+ "accessVector": "NETWORK",
+ "authentication": "SINGLE",
+ "availabilityImpact": "NONE",
+ "availabilityRequirement": "NOT_DEFINED",
+ "baseScore": 4.9,
+ "collateralDamagePotential": "NOT_DEFINED",
+ "confidentialityImpact": "PARTIAL",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "environmentalScore": 0,
+ "exploitability": "NOT_DEFINED",
+ "integrityImpact": "PARTIAL",
+ "integrityRequirement": "NOT_DEFINED",
+ "remediationLevel": "NOT_DEFINED",
+ "reportConfidence": "NOT_DEFINED",
+ "targetDistribution": "NOT_DEFINED",
+ "temporalScore": 0,
+ "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
+ "version": "2.0"
}
]
}
diff --git a/2016/4xxx/CVE-2016-4581.json b/2016/4xxx/CVE-2016-4581.json
index da947bd21d5..5741753c4fb 100644
--- a/2016/4xxx/CVE-2016-4581.json
+++ b/2016/4xxx/CVE-2016-4581.json
@@ -1,40 +1,17 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4581",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls."
+ "value": "CVE-2016-4581 kernel: Slave being first propagated copy causes oops in propagate_mnt"
}
]
},
@@ -44,123 +21,198 @@
"description": [
{
"lang": "eng",
- "value": "n/a"
+ "value": "NULL Pointer Dereference",
+ "cweId": "CWE-476"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Red Hat Enterprise Linux 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:3.10.0-514.rt56.420.el7",
+ "version_affected": "!"
+ },
+ {
+ "version_value": "0:3.10.0-514.el7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "USN-3006-1",
- "refsource": "UBUNTU",
- "url": "http://www.ubuntu.com/usn/USN-3006-1"
+ "url": "http://www.debian.org/security/2016/dsa-3607",
+ "refsource": "MISC",
+ "name": "http://www.debian.org/security/2016/dsa-3607"
},
{
- "name": "USN-3004-1",
- "refsource": "UBUNTU",
- "url": "http://www.ubuntu.com/usn/USN-3004-1"
+ "url": "http://www.ubuntu.com/usn/USN-2989-1",
+ "refsource": "MISC",
+ "name": "http://www.ubuntu.com/usn/USN-2989-1"
},
{
- "name": "90607",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/90607"
+ "url": "http://www.ubuntu.com/usn/USN-2998-1",
+ "refsource": "MISC",
+ "name": "http://www.ubuntu.com/usn/USN-2998-1"
},
{
- "name": "USN-3001-1",
- "refsource": "UBUNTU",
- "url": "http://www.ubuntu.com/usn/USN-3001-1"
+ "url": "http://www.ubuntu.com/usn/USN-3000-1",
+ "refsource": "MISC",
+ "name": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
- "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
- "refsource": "CONFIRM",
- "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
+ "url": "http://www.ubuntu.com/usn/USN-3001-1",
+ "refsource": "MISC",
+ "name": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
- "name": "USN-3005-1",
- "refsource": "UBUNTU",
- "url": "http://www.ubuntu.com/usn/USN-3005-1"
+ "url": "http://www.ubuntu.com/usn/USN-3002-1",
+ "refsource": "MISC",
+ "name": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
- "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4",
- "refsource": "CONFIRM",
- "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4"
+ "url": "http://www.ubuntu.com/usn/USN-3003-1",
+ "refsource": "MISC",
+ "name": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
- "name": "RHSA-2016:2584",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
+ "url": "http://www.ubuntu.com/usn/USN-3004-1",
+ "refsource": "MISC",
+ "name": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
- "name": "RHSA-2016:2574",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
+ "url": "http://www.ubuntu.com/usn/USN-3005-1",
+ "refsource": "MISC",
+ "name": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
- "name": "openSUSE-SU-2016:1641",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
+ "url": "http://www.ubuntu.com/usn/USN-3006-1",
+ "refsource": "MISC",
+ "name": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
- "name": "USN-3000-1",
- "refsource": "UBUNTU",
- "url": "http://www.ubuntu.com/usn/USN-3000-1"
+ "url": "http://www.ubuntu.com/usn/USN-3007-1",
+ "refsource": "MISC",
+ "name": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1333712",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333712"
+ "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
- "name": "DSA-3607",
- "refsource": "DEBIAN",
- "url": "http://www.debian.org/security/2016/dsa-3607"
+ "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
- "name": "https://github.com/torvalds/linux/commit/5ec0811d30378ae104f250bfc9b3640242d81e3f",
- "refsource": "CONFIRM",
- "url": "https://github.com/torvalds/linux/commit/5ec0811d30378ae104f250bfc9b3640242d81e3f"
+ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
+ "refsource": "MISC",
+ "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
- "name": "USN-3002-1",
- "refsource": "UBUNTU",
- "url": "http://www.ubuntu.com/usn/USN-3002-1"
+ "url": "https://access.redhat.com/errata/RHSA-2016:2574",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2016:2574"
},
{
- "name": "USN-2989-1",
- "refsource": "UBUNTU",
- "url": "http://www.ubuntu.com/usn/USN-2989-1"
+ "url": "https://access.redhat.com/errata/RHSA-2016:2584",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2016:2584"
},
{
- "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5ec0811d30378ae104f250bfc9b3640242d81e3f",
- "refsource": "CONFIRM",
- "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5ec0811d30378ae104f250bfc9b3640242d81e3f"
+ "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
+ "refsource": "MISC",
+ "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
- "name": "USN-3007-1",
- "refsource": "UBUNTU",
- "url": "http://www.ubuntu.com/usn/USN-3007-1"
+ "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5ec0811d30378ae104f250bfc9b3640242d81e3f",
+ "refsource": "MISC",
+ "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5ec0811d30378ae104f250bfc9b3640242d81e3f"
},
{
- "name": "[oss-security] 20160511 CVE request: Mishandling the first propagated copy being a slave",
- "refsource": "MLIST",
- "url": "http://www.openwall.com/lists/oss-security/2016/05/11/2"
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
- "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
- "refsource": "CONFIRM",
- "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
+ "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4",
+ "refsource": "MISC",
+ "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4"
},
{
- "name": "USN-3003-1",
- "refsource": "UBUNTU",
- "url": "http://www.ubuntu.com/usn/USN-3003-1"
+ "url": "http://www.openwall.com/lists/oss-security/2016/05/11/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2016/05/11/2"
},
{
- "name": "USN-2998-1",
- "refsource": "UBUNTU",
- "url": "http://www.ubuntu.com/usn/USN-2998-1"
+ "url": "http://www.securityfocus.com/bid/90607",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/90607"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2016-4581",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2016-4581"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333712",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1333712"
+ },
+ {
+ "url": "https://github.com/torvalds/linux/commit/5ec0811d30378ae104f250bfc9b3640242d81e3f",
+ "refsource": "MISC",
+ "name": "https://github.com/torvalds/linux/commit/5ec0811d30378ae104f250bfc9b3640242d81e3f"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "This issue was discovered by Eric W. Biederman (Red Hat)."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "accessComplexity": "MEDIUM",
+ "accessVector": "LOCAL",
+ "authentication": "NONE",
+ "availabilityImpact": "COMPLETE",
+ "availabilityRequirement": "NOT_DEFINED",
+ "baseScore": 4.7,
+ "collateralDamagePotential": "NOT_DEFINED",
+ "confidentialityImpact": "NONE",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "environmentalScore": 0,
+ "exploitability": "NOT_DEFINED",
+ "integrityImpact": "NONE",
+ "integrityRequirement": "NOT_DEFINED",
+ "remediationLevel": "NOT_DEFINED",
+ "reportConfidence": "NOT_DEFINED",
+ "targetDistribution": "NOT_DEFINED",
+ "temporalScore": 0,
+ "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
+ "version": "2.0"
}
]
}
diff --git a/2016/4xxx/CVE-2016-4985.json b/2016/4xxx/CVE-2016-4985.json
index 7c64159ec10..226cdbdc7ff 100644
--- a/2016/4xxx/CVE-2016-4985.json
+++ b/2016/4xxx/CVE-2016-4985.json
@@ -1,40 +1,17 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4985",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource."
+ "value": "An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew (or was able to guess) the MAC address of a network card belonging to a node, the flaw could be exploited by sending a crafted POST request to the node's /v1/drivers/$DRIVER_NAME/vendor_passthru resource. The response included the node's full details, including management passwords, even if the /etc/ironic/policy.json file was configured to hide passwords in API responses."
}
]
},
@@ -44,48 +21,139 @@
"description": [
{
"lang": "eng",
- "value": "n/a"
+ "value": "Authentication Bypass by Spoofing",
+ "cweId": "CWE-290"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:2015.1.2-4.el7ost",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "1:4.2.5-1.el7ost",
+ "version_affected": "!"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "https://review.openstack.org/332197",
- "refsource": "CONFIRM",
- "url": "https://review.openstack.org/332197"
+ "url": "http://www.openwall.com/lists/oss-security/2016/06/21/6",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2016/06/21/6"
},
{
- "name": "https://bugs.launchpad.net/ironic/+bug/1572796",
- "refsource": "CONFIRM",
- "url": "https://bugs.launchpad.net/ironic/+bug/1572796"
+ "url": "https://access.redhat.com/errata/RHSA-2016:1377",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2016:1377"
},
{
- "name": "[oss-security] 20160621 Ironic node information including credentials exposed to unathenticated users",
- "refsource": "MLIST",
- "url": "http://www.openwall.com/lists/oss-security/2016/06/21/6"
+ "url": "https://access.redhat.com/errata/RHSA-2016:1378",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2016:1378"
},
{
- "name": "https://review.openstack.org/332195",
- "refsource": "CONFIRM",
- "url": "https://review.openstack.org/332195"
+ "url": "https://access.redhat.com/security/cve/CVE-2016-4985",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2016-4985"
},
{
- "name": "RHSA-2016:1378",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2016:1378"
+ "url": "https://bugs.launchpad.net/ironic/+bug/1572796",
+ "refsource": "MISC",
+ "name": "https://bugs.launchpad.net/ironic/+bug/1572796"
},
{
- "name": "RHSA-2016:1377",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2016:1377"
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346193",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1346193"
},
{
- "name": "https://review.openstack.org/332196",
- "refsource": "CONFIRM",
- "url": "https://review.openstack.org/332196"
+ "url": "https://review.openstack.org/332195",
+ "refsource": "MISC",
+ "name": "https://review.openstack.org/332195"
+ },
+ {
+ "url": "https://review.openstack.org/332196",
+ "refsource": "MISC",
+ "name": "https://review.openstack.org/332196"
+ },
+ {
+ "url": "https://review.openstack.org/332197",
+ "refsource": "MISC",
+ "name": "https://review.openstack.org/332197"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Red Hat would like to thank the OpenStack Ironic project for reporting this issue. Upstream acknowledges Devananda van der Veen (IBM) as the original reporter."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "accessComplexity": "MEDIUM",
+ "accessVector": "NETWORK",
+ "authentication": "NONE",
+ "availabilityImpact": "NONE",
+ "availabilityRequirement": "NOT_DEFINED",
+ "baseScore": 4.3,
+ "collateralDamagePotential": "NOT_DEFINED",
+ "confidentialityImpact": "PARTIAL",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "environmentalScore": 0,
+ "exploitability": "NOT_DEFINED",
+ "integrityImpact": "NONE",
+ "integrityRequirement": "NOT_DEFINED",
+ "remediationLevel": "NOT_DEFINED",
+ "reportConfidence": "NOT_DEFINED",
+ "targetDistribution": "NOT_DEFINED",
+ "temporalScore": 0,
+ "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
+ "version": "2.0"
+ },
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "version": "3.0"
}
]
}
diff --git a/2016/5xxx/CVE-2016-5003.json b/2016/5xxx/CVE-2016-5003.json
index 1b7483686c1..23b00336626 100644
--- a/2016/5xxx/CVE-2016-5003.json
+++ b/2016/5xxx/CVE-2016-5003.json
@@ -1,40 +1,17 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5003",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an element."
+ "value": "A flaw was discovered in the Apache XML-RPC (ws-xmlrpc) library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a element."
}
]
},
@@ -44,78 +21,225 @@
"description": [
{
"lang": "eng",
- "value": "n/a"
+ "value": "Deserialization of Untrusted Data",
+ "cweId": "CWE-502"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Red Hat Enterprise Linux 6",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:3.0-4.17.el6_9",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Enterprise Linux 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "1:3.1.3-9.el7_5",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "1:3.1.3-8.16.el6",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "1:3.1.3-8.16.el6",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "1:3.1.3-8.16.el7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "1:3.1.3-8.16.el7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "1:3.1.3-8.16.el7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "1:3.1.3-8.16.el7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "1:3.1.3-9.el7_5",
+ "version_affected": "!"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "[oss-security] 20160712 Vulnerabilities in Apache Archiva",
- "refsource": "MLIST",
- "url": "http://www.openwall.com/lists/oss-security/2016/07/12/5"
- },
- {
- "name": "RHSA-2018:1779",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2018:1779"
- },
- {
- "name": "RHSA-2018:1784",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2018:1784"
- },
- {
- "name": "91738",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/91738"
- },
- {
- "name": "RHSA-2018:2317",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2018:2317"
- },
- {
- "name": "1036294",
- "refsource": "SECTRACK",
- "url": "http://www.securitytracker.com/id/1036294"
- },
- {
- "name": "RHSA-2018:1780",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2018:1780"
- },
- {
- "name": "https://0ang3el.blogspot.ru/2016/07/beware-of-ws-xmlrpc-library-in-your.html",
+ "url": "http://www.openwall.com/lists/oss-security/2016/07/12/5",
"refsource": "MISC",
- "url": "https://0ang3el.blogspot.ru/2016/07/beware-of-ws-xmlrpc-library-in-your.html"
+ "name": "http://www.openwall.com/lists/oss-security/2016/07/12/5"
},
{
- "name": "apache-archiva-cve20165003-code-exec(115043)",
- "refsource": "XF",
- "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/115043"
+ "url": "http://www.securityfocus.com/bid/91736",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/91736"
},
{
- "name": "91736",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/91736"
+ "url": "http://www.securitytracker.com/id/1036294",
+ "refsource": "MISC",
+ "name": "http://www.securitytracker.com/id/1036294"
},
{
- "name": "RHSA-2018:3768",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2018:3768"
+ "url": "https://access.redhat.com/errata/RHSA-2018:3768",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2018:3768"
},
{
- "refsource": "MLIST",
- "name": "[oss-security] 20200116 [CVE-2019-17570] xmlrpc-common untrusted deserialization",
- "url": "http://www.openwall.com/lists/oss-security/2020/01/16/1"
+ "url": "http://www.openwall.com/lists/oss-security/2020/01/16/1",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2020/01/16/1"
},
{
- "refsource": "MLIST",
- "name": "[oss-security] 20200124 RE: [CVE-2019-17570] xmlrpc-common untrusted deserialization",
- "url": "http://www.openwall.com/lists/oss-security/2020/01/24/2"
+ "url": "http://www.openwall.com/lists/oss-security/2020/01/24/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2020/01/24/2"
+ },
+ {
+ "url": "http://www.securityfocus.com/bid/91738",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/91738"
+ },
+ {
+ "url": "https://0ang3el.blogspot.ru/2016/07/beware-of-ws-xmlrpc-library-in-your.html",
+ "refsource": "MISC",
+ "name": "https://0ang3el.blogspot.ru/2016/07/beware-of-ws-xmlrpc-library-in-your.html"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2018:1779",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2018:1779"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2018:1780",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2018:1780"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2018:1784",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2018:1784"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2018:2317",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2018:2317"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2016-5003",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2016-5003"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508123",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1508123"
+ },
+ {
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/115043",
+ "refsource": "MISC",
+ "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/115043"
+ }
+ ]
+ },
+ "work_around": [
+ {
+ "lang": "en",
+ "value": "Setting enabledForExtensions is false by default, thus elements are not automatically deserialized. However, if you have it enabled and you don't need any of the provided functions (https://ws.apache.org/xmlrpc/extensions.html) we suggest you disable it."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.0"
}
]
}
diff --git a/2016/5xxx/CVE-2016-5432.json b/2016/5xxx/CVE-2016-5432.json
index 523703ce363..6c3b06f1563 100644
--- a/2016/5xxx/CVE-2016-5432.json
+++ b/2016/5xxx/CVE-2016-5432.json
@@ -1,40 +1,17 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5432",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files."
+ "value": "It was found that the ovirt-engine-provisiondb utility did not correctly sanitize the authentication details used with the \u201c\u2014provision*db\u201d options from the output before storing them in log files. This could allow an attacker with read access to these log files to obtain sensitive information such as passwords."
}
]
},
@@ -44,33 +21,113 @@
"description": [
{
"lang": "eng",
- "value": "n/a"
+ "value": "Cleartext Storage of Sensitive Information",
+ "cweId": "CWE-312"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "RHEV Engine version 4.0",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0:4.0.4.4-1",
+ "version_affected": "!"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129",
- "refsource": "CONFIRM",
- "url": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129"
+ "url": "http://rhn.redhat.com/errata/RHSA-2016-1967.html",
+ "refsource": "MISC",
+ "name": "http://rhn.redhat.com/errata/RHSA-2016-1967.html"
},
{
- "name": "RHSA-2016:1967",
- "refsource": "REDHAT",
- "url": "http://rhn.redhat.com/errata/RHSA-2016-1967.html"
+ "url": "http://www.securityfocus.com/bid/92694",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/92694"
},
{
- "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1371428",
- "refsource": "CONFIRM",
- "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371428"
+ "url": "https://access.redhat.com/errata/RHSA-2016:1967",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2016:1967"
},
{
- "name": "92694",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/92694"
+ "url": "https://access.redhat.com/security/cve/CVE-2016-5432",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2016-5432"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371428",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1371428"
+ },
+ {
+ "url": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129",
+ "refsource": "MISC",
+ "name": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "This issue was discovered by Yedidyah Bar David (Red Hat)."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "accessComplexity": "MEDIUM",
+ "accessVector": "NETWORK",
+ "authentication": "NONE",
+ "availabilityImpact": "NONE",
+ "availabilityRequirement": "NOT_DEFINED",
+ "baseScore": 4.3,
+ "collateralDamagePotential": "NOT_DEFINED",
+ "confidentialityImpact": "PARTIAL",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "environmentalScore": 0,
+ "exploitability": "NOT_DEFINED",
+ "integrityImpact": "NONE",
+ "integrityRequirement": "NOT_DEFINED",
+ "remediationLevel": "NOT_DEFINED",
+ "reportConfidence": "NOT_DEFINED",
+ "targetDistribution": "NOT_DEFINED",
+ "temporalScore": 0,
+ "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
+ "version": "2.0"
+ },
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "version": "3.0"
}
]
}
diff --git a/2016/7xxx/CVE-2016-7466.json b/2016/7xxx/CVE-2016-7466.json
index 6c4e4ee2012..39486412d81 100644
--- a/2016/7xxx/CVE-2016-7466.json
+++ b/2016/7xxx/CVE-2016-7466.json
@@ -1,40 +1,17 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7466",
+ "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device."
+ "value": "A memory-leak flaw was found in the Quick Emulator(QEMU) built with USB xHCI controller emulation support. The flaw could occur while doing a USB-device unplug operation. Unplugging the device repeatedly resulted in leaking host memory, which affected other services on the host. A privileged user inside the guest could exploit this flaw to cause a denial of service on the host or potentially crash the host's QEMU process instance."
}
]
},
@@ -44,58 +21,204 @@
"description": [
{
"lang": "eng",
- "value": "n/a"
+ "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
+ "cweId": "CWE-119"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "10:2.9.0-10.el7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "10:2.9.0-10.el7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "10:2.9.0-10.el7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat OpenStack Platform 11.0 (Ocata)",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "10:2.9.0-10.el7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "10:2.9.0-10.el7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "10:2.9.0-10.el7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "10:2.9.0-14.el7",
+ "version_affected": "!"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "[oss-security] 20160920 CVE Request Qemu: usb: xhci memory leakage during device unplug",
- "refsource": "MLIST",
- "url": "http://www.openwall.com/lists/oss-security/2016/09/19/8"
+ "url": "https://access.redhat.com/errata/RHSA-2017:2392",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
- "name": "[oss-security] 20160920 Re: CVE Request Qemu: usb: xhci memory leakage during device unplug",
- "refsource": "MLIST",
- "url": "http://www.openwall.com/lists/oss-security/2016/09/20/3"
+ "url": "https://access.redhat.com/errata/RHSA-2017:2408",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
- "name": "GLSA-201611-11",
- "refsource": "GENTOO",
- "url": "https://security.gentoo.org/glsa/201611-11"
+ "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html",
+ "refsource": "MISC",
+ "name": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
- "name": "93029",
- "refsource": "BID",
- "url": "http://www.securityfocus.com/bid/93029"
+ "url": "https://security.gentoo.org/glsa/201611-11",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/201611-11"
},
{
- "name": "RHSA-2017:2392",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:2392"
+ "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=b53dd4495ced2432a0b652ea895e651d07336f7e",
+ "refsource": "MISC",
+ "name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=b53dd4495ced2432a0b652ea895e651d07336f7e"
},
{
- "name": "openSUSE-SU-2016:3237",
- "refsource": "SUSE",
- "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
+ "url": "http://www.openwall.com/lists/oss-security/2016/09/19/8",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2016/09/19/8"
},
{
- "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=b53dd4495ced2432a0b652ea895e651d07336f7e",
- "refsource": "CONFIRM",
- "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=b53dd4495ced2432a0b652ea895e651d07336f7e"
+ "url": "http://www.openwall.com/lists/oss-security/2016/09/20/3",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2016/09/20/3"
},
{
- "name": "[qemu-devel] 20160913 [PATCH v2] usb:xhci:fix memory leak in usb_xhci_exit",
- "refsource": "MLIST",
- "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg02773.html"
+ "url": "http://www.securityfocus.com/bid/93029",
+ "refsource": "MISC",
+ "name": "http://www.securityfocus.com/bid/93029"
},
{
- "name": "RHSA-2017:2408",
- "refsource": "REDHAT",
- "url": "https://access.redhat.com/errata/RHSA-2017:2408"
+ "url": "https://access.redhat.com/security/cve/CVE-2016-7466",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2016-7466"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377837",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1377837"
+ },
+ {
+ "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg02773.html",
+ "refsource": "MISC",
+ "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg02773.html"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Red Hat would like to thank Li Qiang (360.cn Inc.) for reporting this issue."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "accessComplexity": "MEDIUM",
+ "accessVector": "ADJACENT_NETWORK",
+ "authentication": "SINGLE",
+ "availabilityImpact": "PARTIAL",
+ "availabilityRequirement": "NOT_DEFINED",
+ "baseScore": 2.3,
+ "collateralDamagePotential": "NOT_DEFINED",
+ "confidentialityImpact": "NONE",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "environmentalScore": 0,
+ "exploitability": "NOT_DEFINED",
+ "integrityImpact": "NONE",
+ "integrityRequirement": "NOT_DEFINED",
+ "remediationLevel": "NOT_DEFINED",
+ "reportConfidence": "NOT_DEFINED",
+ "targetDistribution": "NOT_DEFINED",
+ "temporalScore": 0,
+ "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
+ "version": "2.0"
+ },
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "ADJACENT_NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 3,
+ "baseSeverity": "LOW",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
+ "version": "3.0"
}
]
}