diff --git a/2015/10xxx/CVE-2015-10072.json b/2015/10xxx/CVE-2015-10072.json new file mode 100644 index 00000000000..5943b71ac15 --- /dev/null +++ b/2015/10xxx/CVE-2015-10072.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-10072", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10147.json b/2016/10xxx/CVE-2016-10147.json index 3430a8017ff..6bcb7b0c2c4 100644 --- a/2016/10xxx/CVE-2016-10147.json +++ b/2016/10xxx/CVE-2016-10147.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-10147", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5)." + "value": "Algorithms not compatible with mcryptd could be spawned by mcryptd with a direct crypto_alloc_tfm invocation using a \"mcryptd(alg)\" name construct. This causes mcryptd to crash the kernel if an arbitrary \"alg\" is incompatible and not intended to be used with mcryptd." } ] }, @@ -44,58 +21,131 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "NULL Pointer Dereference", + "cweId": "CWE-476" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "0:3.10.0-693.rt56.617.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.10.0-693.el7", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48a992727d82cb7db076fa15d372178743b1f4cd", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48a992727d82cb7db076fa15d372178743b1f4cd" + "url": "https://access.redhat.com/errata/RHSA-2017:1842", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:1842" }, { - "name": "https://github.com/torvalds/linux/commit/48a992727d82cb7db076fa15d372178743b1f4cd", - "refsource": "CONFIRM", - "url": "https://github.com/torvalds/linux/commit/48a992727d82cb7db076fa15d372178743b1f4cd" + "url": "https://access.redhat.com/errata/RHSA-2017:2077", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:2077" }, { - "name": "[linux-crypto] 20161202 Crash in crypto mcryptd", - "refsource": "MLIST", - "url": "http://marc.info/?l=linux-crypto-vger&m=148063683310477&w=2" + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48a992727d82cb7db076fa15d372178743b1f4cd", + "refsource": "MISC", + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48a992727d82cb7db076fa15d372178743b1f4cd" }, { - "name": "[oss-security] 20170117 CVE request -- linux kernel: crash by spawning mcrypt(alg) with incompatible algorithm", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2017/01/17/13" + "url": "http://marc.info/?l=linux-crypto-vger&m=148063683310477&w=2", + "refsource": "MISC", + "name": "http://marc.info/?l=linux-crypto-vger&m=148063683310477&w=2" }, { - "name": "95677", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/95677" + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.15", + "refsource": "MISC", + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.15" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1404200", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404200" + "url": "http://www.openwall.com/lists/oss-security/2017/01/17/13", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2017/01/17/13" }, { - "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.15", - "refsource": "CONFIRM", - "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.15" + "url": "http://www.securityfocus.com/bid/95677", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/95677" }, { - "name": "RHSA-2017:2077", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2077" + "url": "https://access.redhat.com/security/cve/CVE-2016-10147", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2016-10147" }, { - "name": "RHSA-2017:1842", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1842" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404200", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1404200" + }, + { + "url": "https://github.com/torvalds/linux/commit/48a992727d82cb7db076fa15d372178743b1f4cd", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/48a992727d82cb7db076fa15d372178743b1f4cd" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "LOW", + "accessVector": "LOCAL", + "authentication": "NONE", + "availabilityImpact": "COMPLETE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 4.9, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "NONE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "version": "2.0" + }, + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" } ] } diff --git a/2016/1xxx/CVE-2016-1714.json b/2016/1xxx/CVE-2016-1714.json index 7c5bd9427bf..ac3bba5ed9f 100644 --- a/2016/1xxx/CVE-2016-1714.json +++ b/2016/1xxx/CVE-2016-1714.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-1714", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration." + "value": "An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process." } ] }, @@ -44,108 +21,296 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Out-of-bounds Read", + "cweId": "CWE-125" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "2:0.12.1.2-2.479.el6_7.4", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "10:1.5.3-105.el7_2.3", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6", + "version": { + "version_data": [ + { + "version_value": "2:0.12.1.2-2.479.el6_7.4", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", + "version": { + "version_data": [ + { + "version_value": "10:2.3.0-31.el7_2.7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", + "version": { + "version_data": [ + { + "version_value": "10:2.3.0-31.el7_2.7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7", + "version": { + "version_data": [ + { + "version_value": "10:2.3.0-31.el7_2.7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "RHEV 3.6 For IBM Power Systems", + "version": { + "version_data": [ + { + "version_value": "10:2.3.0-31.el7_2.7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6", + "version": { + "version_data": [ + { + "version_value": "2:0.12.1.2-2.479.el6_7.4", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "RHEV 3.X Hypervisor and Agents for RHEL-7", + "version": { + "version_data": [ + { + "version_value": "10:2.3.0-31.el7_2.7", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20160112 Re: CVE request Qemu: nvram: OOB r/w access in processing firmware configurations", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/01/12/10" + "url": "http://www.debian.org/security/2016/dsa-3469", + "refsource": "MISC", + "name": "http://www.debian.org/security/2016/dsa-3469" }, { - "name": "RHSA-2016:0083", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-0083.html" + "url": "http://www.debian.org/security/2016/dsa-3470", + "refsource": "MISC", + "name": "http://www.debian.org/security/2016/dsa-3470" }, { - "name": "RHSA-2016:0085", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-0085.html" + "url": "http://www.debian.org/security/2016/dsa-3471", + "refsource": "MISC", + "name": "http://www.debian.org/security/2016/dsa-3471" }, { - "name": "RHSA-2016:0086", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-0086.html" + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "MISC", + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { - "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + "url": "https://security.gentoo.org/glsa/201604-01", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201604-01" }, { - "name": "[oss-security] 20160112 Re: Re: CVE request Qemu: nvram: OOB r/w access in processing firmware configurations", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/01/12/11" + "url": "http://rhn.redhat.com/errata/RHSA-2016-0084.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-0084.html" }, { - "name": "[oss-security] 20160111 CVE request Qemu: nvram: OOB r/w access in processing firmware configurations", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/01/11/7" + "url": "http://rhn.redhat.com/errata/RHSA-2016-0086.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-0086.html" }, { - "name": "1034858", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1034858" + "url": "http://rhn.redhat.com/errata/RHSA-2016-0087.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-0087.html" }, { - "name": "[Qemu-devel] 20160106 [PATCH v2 for v2.3.0] fw_cfg: add check to validate current entry value", - "refsource": "MLIST", - "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html" + "url": "http://rhn.redhat.com/errata/RHSA-2016-0088.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-0088.html" }, { - "name": "RHSA-2016:0081", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-0081.html" + "url": "https://access.redhat.com/errata/RHSA-2016:0084", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:0084" }, { - "name": "80250", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/80250" + "url": "https://access.redhat.com/errata/RHSA-2016:0086", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:0086" }, { - "name": "GLSA-201604-01", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201604-01" + "url": "https://access.redhat.com/errata/RHSA-2016:0087", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:0087" }, { - "name": "DSA-3469", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2016/dsa-3469" + "url": "https://access.redhat.com/errata/RHSA-2016:0088", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:0088" }, { - "name": "DSA-3470", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2016/dsa-3470" + "url": "http://rhn.redhat.com/errata/RHSA-2016-0081.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-0081.html" }, { - "name": "RHSA-2016:0082", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-0082.html" + "url": "http://rhn.redhat.com/errata/RHSA-2016-0082.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-0082.html" }, { - "name": "RHSA-2016:0087", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-0087.html" + "url": "http://rhn.redhat.com/errata/RHSA-2016-0083.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-0083.html" }, { - "name": "RHSA-2016:0084", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-0084.html" + "url": "http://rhn.redhat.com/errata/RHSA-2016-0085.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-0085.html" }, { - "name": "DSA-3471", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2016/dsa-3471" + "url": "http://www.openwall.com/lists/oss-security/2016/01/11/7", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/01/11/7" }, { - "name": "RHSA-2016:0088", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-0088.html" + "url": "http://www.openwall.com/lists/oss-security/2016/01/12/10", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/01/12/10" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2016/01/12/11", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/01/12/11" + }, + { + "url": "http://www.securityfocus.com/bid/80250", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/80250" + }, + { + "url": "http://www.securitytracker.com/id/1034858", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1034858" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2016:0081", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:0081" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2016:0082", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:0082" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2016:0083", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:0083" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2016:0085", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:0085" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2016-1714", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2016-1714" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296060", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1296060" + }, + { + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "MEDIUM", + "accessVector": "ADJACENT_NETWORK", + "authentication": "SINGLE", + "availabilityImpact": "PARTIAL", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 4.9, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "PARTIAL", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "PARTIAL", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P", + "version": "2.0" } ] } diff --git a/2016/1xxx/CVE-2016-1905.json b/2016/1xxx/CVE-2016-1905.json index 75a910c29b4..f75dd76886e 100644 --- a/2016/1xxx/CVE-2016-1905.json +++ b/2016/1xxx/CVE-2016-1905.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-1905", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object." + "value": "An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to gain additional access to resources such as RAM and disk space." } ] }, @@ -44,23 +21,399 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Improper Authorization", + "cweId": "CWE-285" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat OpenShift Enterprise 3.0", + "version": { + "version_data": [ + { + "version_value": "0:3.0.2.0-0.git.45.423f434.el7ose", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat OpenShift Enterprise 3.1", + "version": { + "version_data": [ + { + "version_value": "0:3.1.1.6-1.git.0.b57e8bd.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.18.2-3.gitaf4752e.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.625.3-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.1.3-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.1.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.1.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.3.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.2.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.0.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.0.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.0.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.3.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.8.2-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.0.0-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.4.1-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.4.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.0.1-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.3.2-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.1.1-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:3.4.2-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.1.0-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.2.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:3.0.2-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:3.3.2-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.1.4-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.8.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.3.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.2.3-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.1.3-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.3.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:5.2.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:4.1.2-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.1.0-6.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.0.2-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.0.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.1.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.0.1-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:3.0.2-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:3.2.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:3.0.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:3.1.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:3.1.2-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:3.9.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:3.0.4-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:3.0.9-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:3.6.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.1.0-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.3.5-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.5.0-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.8.1-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:4.0.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.4.0-5.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.3.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.2.0-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.0.11-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.2.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.1.5-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.1.2-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:3.0.1-3.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.0.0-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.4.2-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:3.0.3-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:5.1.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.1.5-3.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.3.3-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.2.1-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.0.2-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.3.4-4.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.0.0-3.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.0.3-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.6.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.1.2-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.0.3-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.0.35-1.git.0.6a386dd.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.4.0-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.5.0-1.el7aos", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://github.com/kubernetes/kubernetes/issues/19479", - "refsource": "CONFIRM", - "url": "https://github.com/kubernetes/kubernetes/issues/19479" + "url": "https://access.redhat.com/errata/RHSA-2016:0070", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:0070" }, { - "name": "RHSA-2016:0070", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2016:0070" + "url": "https://access.redhat.com/errata/RHSA-2016:0351", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:0351" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2016-1905", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2016-1905" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1297910", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1297910" + }, + { + "url": "https://github.com/kubernetes/kubernetes/issues/19479", + "refsource": "MISC", + "name": "https://github.com/kubernetes/kubernetes/issues/19479" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "LOW", + "accessVector": "NETWORK", + "authentication": "SINGLE", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 4, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "NONE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "PARTIAL", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "version": "2.0" } ] } diff --git a/2016/1xxx/CVE-2016-1981.json b/2016/1xxx/CVE-2016-1981.json index 4c332f6fc07..1dfb52d757b 100644 --- a/2016/1xxx/CVE-2016-1981.json +++ b/2016/1xxx/CVE-2016-1981.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-1981", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS." + "value": "An infinite loop flaw was found in the way QEMU's e1000 NIC emulation implementation processed data using transmit or receive descriptors under certain conditions. A privileged user inside a guest could use this flaw to crash the QEMU instance." } ] }, @@ -44,63 +21,123 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Loop with Unreachable Exit Condition ('Infinite Loop')", + "cweId": "CWE-835" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "10:1.5.3-126.el7", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[qemu-devel] 20160119 [PATCH] e1000: eliminate infinite loops on out-of-bounds transfer start", - "refsource": "MLIST", - "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html" + "url": "http://www.debian.org/security/2016/dsa-3469", + "refsource": "MISC", + "name": "http://www.debian.org/security/2016/dsa-3469" }, { - "name": "GLSA-201604-01", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201604-01" + "url": "http://www.debian.org/security/2016/dsa-3470", + "refsource": "MISC", + "name": "http://www.debian.org/security/2016/dsa-3470" }, { - "name": "DSA-3469", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2016/dsa-3469" + "url": "http://www.debian.org/security/2016/dsa-3471", + "refsource": "MISC", + "name": "http://www.debian.org/security/2016/dsa-3471" }, { - "name": "DSA-3470", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2016/dsa-3470" + "url": "https://security.gentoo.org/glsa/201604-01", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201604-01" }, { - "name": "[oss-security] 20160119 CVE request Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/01/19/10" + "url": "http://rhn.redhat.com/errata/RHSA-2016-2585.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-2585.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1298570", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298570" + "url": "http://www.openwall.com/lists/oss-security/2016/01/19/10", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/01/19/10" }, { - "name": "[oss-security] 20160122 Re: CVE request Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/01/22/1" + "url": "http://www.openwall.com/lists/oss-security/2016/01/22/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/01/22/1" }, { - "name": "RHSA-2016:2585", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-2585.html" + "url": "http://www.securityfocus.com/bid/81549", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/81549" }, { - "name": "DSA-3471", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2016/dsa-3471" + "url": "https://access.redhat.com/errata/RHSA-2016:2585", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:2585" }, { - "name": "81549", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/81549" + "url": "https://access.redhat.com/security/cve/CVE-2016-1981", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2016-1981" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298570", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1298570" + }, + { + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "MEDIUM", + "accessVector": "ADJACENT_NETWORK", + "authentication": "SINGLE", + "availabilityImpact": "PARTIAL", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 2.3, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "NONE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P", + "version": "2.0" } ] } diff --git a/2016/2xxx/CVE-2016-2104.json b/2016/2xxx/CVE-2016-2104.json index 1a28cb02e81..5aa1bb01e23 100644 --- a/2016/2xxx/CVE-2016-2104.json +++ b/2016/2xxx/CVE-2016-2104.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-2104", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) or (6) tags." + "value": "Multiple cross-site scripting (XSS) flaws were found in the way HTTP GET parameter data was handled in Red Hat Satellite. A user able to provide malicious links to a Satellite user could use these flaws to perform XSS attacks against other Satellite users." } ] }, @@ -44,28 +21,94 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Satellite 5.7", + "version": { + "version_data": [ + { + "version_value": "0:2.3.8-134.el6sat", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2016:0590", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-0590.html" + "url": "http://rhn.redhat.com/errata/RHSA-2016-0590.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-0590.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1305677", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1305677" + "url": "https://access.redhat.com/errata/RHSA-2016:0590", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:0590" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1313515", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1313515" + "url": "https://access.redhat.com/security/cve/CVE-2016-2104", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2016-2104" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1305677", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1305677" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1313515", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1313515" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Adam Willard (Raytheon Foreground Security) for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "accessComplexity": "MEDIUM", + "accessVector": "NETWORK", + "authentication": "NONE", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 4.3, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "NONE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "PARTIAL", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "version": "2.0" } ] } diff --git a/2016/2xxx/CVE-2016-2121.json b/2016/2xxx/CVE-2016-2121.json index 702e6d32ac4..2cf9289096b 100644 --- a/2016/2xxx/CVE-2016-2121.json +++ b/2016/2xxx/CVE-2016-2121.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-2121", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "redis", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "[UNKNOWN]" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,50 +15,114 @@ } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "4.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "version": "3.0" - } - ], - [ - { - "vectorString": "2.1/AV:L/AC:L/Au:N/C:P/I:N/A:N", - "version": "2.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-732" + "value": "Incorrect Permission Assignment for Critical Resource", + "cweId": "CWE-732" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", + "version": { + "version_data": [ + { + "version_value": "0:3.0.6-2.el7ost", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2017:3226", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3226" + "url": "http://www.securityfocus.com/bid/94111", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94111" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2121", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2121" + "url": "https://access.redhat.com/errata/RHSA-2017:3226", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:3226" }, { - "name": "94111", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/94111" + "url": "https://access.redhat.com/security/cve/CVE-2016-2121", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2016-2121" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390588", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1390588" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2121", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2121" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Honza Horak (Red Hat) and Remi Collet (Red Hat)." + } + ], + "impact": { + "cvss": [ + { + "accessComplexity": "LOW", + "accessVector": "LOCAL", + "authentication": "NONE", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 2.1, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "PARTIAL", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "version": "2.0" + }, + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" } ] } diff --git a/2016/2xxx/CVE-2016-2142.json b/2016/2xxx/CVE-2016-2142.json index 09d1f561932..58840a42545 100644 --- a/2016/2xxx/CVE-2016-2142.json +++ b/2016/2xxx/CVE-2016-2142.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-2142", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file." + "value": "An access flaw was discovered in OpenShift; the /etc/origin/master/master-config.yaml configuration file, which could contain Active Directory credentials, was world-readable. A local user could exploit this flaw to obtain authentication credentials from the master-config.yaml file." } ] }, @@ -44,18 +21,78 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Incorrect Permission Assignment for Critical Resource", + "cweId": "CWE-732" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat OpenShift Enterprise 3.1", + "version": { + "version_data": [ + { + "version_value": "0:3.1.1.6-6.git.43.f583589.el7aos", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2016:1038", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2016:1038" + "url": "https://access.redhat.com/errata/RHSA-2016:1038", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:1038" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2016-2142", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2016-2142" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311220", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311220" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "LOW", + "accessVector": "LOCAL", + "authentication": "NONE", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 2.1, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "PARTIAL", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "version": "2.0" } ] } diff --git a/2016/2xxx/CVE-2016-2149.json b/2016/2xxx/CVE-2016-2149.json index 492a59cbe58..d32eeb4ce45 100644 --- a/2016/2xxx/CVE-2016-2149.json +++ b/2016/2xxx/CVE-2016-2149.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-2149", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace." + "value": "It was found that OpenShift Enterprise would disclose log file contents from reclaimed namespaces. An attacker could create a new namespace to access log files present in a previously deleted namespace using the same name." } ] }, @@ -44,18 +21,84 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Improper Authorization", + "cweId": "CWE-285" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat OpenShift Container Platform 3.2", + "version": { + "version_data": [ + { + "version_value": "0:3.2.0.20-1.git.0.f44746c.el7", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2016:1064", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2016:1064" + "url": "https://access.redhat.com/errata/RHSA-2016:1064", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:1064" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2016-2149", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2016-2149" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316267", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1316267" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Wesley Hearn (Red Hat)." + } + ], + "impact": { + "cvss": [ + { + "accessComplexity": "MEDIUM", + "accessVector": "NETWORK", + "authentication": "SINGLE", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 3.5, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "PARTIAL", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", + "version": "2.0" } ] } diff --git a/2016/2xxx/CVE-2016-2183.json b/2016/2xxx/CVE-2016-2183.json index 6c6ebcac9e5..27dbd50a8e4 100644 --- a/2016/2xxx/CVE-2016-2183.json +++ b/2016/2xxx/CVE-2016-2183.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-2183", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack." + "value": "A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite." } ] }, @@ -44,549 +21,313 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Use of a Broken or Risky Cryptographic Algorithm", + "cweId": "CWE-327" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "JBoss Core Services on RHEL 6", + "version": { + "version_data": [ + { + "version_value": "0:2.4.23-122.jbcs.el6", + "version_affected": "!" + }, + { + "version_value": "1:1.0.2h-14.jbcs.el6", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "JBoss Core Services on RHEL 7", + "version": { + "version_data": [ + { + "version_value": "0:2.4.23-122.jbcs.el7", + "version_affected": "!" + }, + { + "version_value": "1:1.0.2h-14.jbcs.el7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 5 Supplementary", + "version": { + "version_data": [ + { + "version_value": "1:1.7.0.10.1-1jpp.1.el5_11", + "version_affected": "!" + }, + { + "version_value": "1:1.6.0.16.41-1jpp.1.el5_11", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 6 Supplementary", + "version": { + "version_data": [ + { + "version_value": "1:1.7.1.4.1-1jpp.1.el6_8", + "version_affected": "!" + }, + { + "version_value": "1:1.6.0.16.41-1jpp.1.el6_8", + "version_affected": "!" + }, + { + "version_value": "1:1.8.0.4.1-1jpp.1.el6_8", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "0:2.7.5-69.el7_5", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7 Supplementary", + "version": { + "version_data": [ + { + "version_value": "1:1.7.1.4.1-1jpp.2.el7", + "version_affected": "!" + }, + { + "version_value": "1:1.8.0.4.1-1jpp.2.el7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", + "version": { + "version_data": [ + { + "version_value": "0:2.2.26-57.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "1:1.0.2h-14.jbcs.el6", + "version_affected": "!" + }, + { + "version_value": "0:1.2.13-9.Final_redhat_2.ep6.el6", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", + "version": { + "version_data": [ + { + "version_value": "0:2.2.26-58.ep6.el7", + "version_affected": "!" + }, + { + "version_value": "1:1.0.2h-14.jbcs.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.2.13-9.Final_redhat_2.ep6.el7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6", + "version": { + "version_data": [ + { + "version_value": "0:2.2.26-57.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "1:1.0.2h-14.jbcs.el6", + "version_affected": "!" + }, + { + "version_value": "0:1.2.13-9.Final_redhat_2.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:6.0.41-19_patch_04.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:7.0.54-28_patch_05.ep6.el6", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7", + "version": { + "version_data": [ + { + "version_value": "0:2.2.26-58.ep6.el7", + "version_affected": "!" + }, + { + "version_value": "1:1.0.2h-14.jbcs.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.2.13-9.Final_redhat_2.ep6.el7", + "version_affected": "!" + }, + { + "version_value": "0:6.0.41-19_patch_04.ep6.el7", + "version_affected": "!" + }, + { + "version_value": "0:7.0.54-28_patch_05.ep6.el7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat OpenShift Container Platform 3.11", + "version": { + "version_data": [ + { + "version_value": "v3.11.141-2", + "version_affected": "!" + }, + { + "version_value": "v3.11.141-3", + "version_affected": "!" + }, + { + "version_value": "v3.11.141-1", + "version_affected": "!" + }, + { + "version_value": "v3.11.170-5", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat OpenShift Container Platform 4.1", + "version": { + "version_data": [ + { + "version_value": "v4.1.18-201909201915", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat OpenShift Container Platform 4.5", + "version": { + "version_data": [ + { + "version_value": "v4.5.0-202009201759.p0", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat OpenShift Container Platform 4.6", + "version": { + "version_data": [ + { + "version_value": "v4.6.0-202101300140.p0", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat OpenShift Container Platform 4.8", + "version": { + "version_data": [ + { + "version_value": "v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", + "version_affected": "!" + }, + { + "version_value": "v4.8.0-202107011817.p0.git.29813c8.assembly.stream", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Satellite 5.6", + "version": { + "version_data": [ + { + "version_value": "1:1.7.1.4.1-1jpp.1.el6_8", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Satellite 5.7", + "version": { + "version_data": [ + { + "version_value": "1:1.7.1.4.1-1jpp.1.el6_8", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ - { - "name": "RHSA-2017:3113", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3113" - }, - { - "name": "RHSA-2017:0338", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html" - }, - { - "name": "https://www.tenable.com/security/tns-2016-20", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2016-20" - }, - { - "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us" - }, - { - "name": "GLSA-201612-16", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201612-16" - }, - { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403" - }, - { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "refsource": "CONFIRM", - "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" - }, - { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415" - }, - { - "name": "RHSA-2017:3240", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3240" - }, - { - "name": "https://www.tenable.com/security/tns-2016-16", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2016-16" - }, - { - "name": "RHSA-2017:2709", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2709" - }, - { - "name": "92630", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/92630" - }, - { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499" - }, - { - "name": "https://www.tenable.com/security/tns-2016-21", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2016-21" - }, - { - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10171", - "refsource": "CONFIRM", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10171" - }, - { - "name": "RHSA-2017:3239", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3239" - }, - { - "refsource": "EXPLOIT-DB", - "name": "42091", - "url": "https://www.exploit-db.com/exploits/42091/" - }, - { - "name": "GLSA-201701-65", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201701-65" - }, - { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name": "1036696", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1036696" - }, - { - "name": "https://security.netapp.com/advisory/ntap-20160915-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20160915-0001/" - }, - { - "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us" - }, - { - "name": "GLSA-201707-01", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201707-01" - }, - { - "name": "95568", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/95568" - }, - { - "name": "RHSA-2017:3114", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3114" - }, - { - "name": "https://bto.bluecoat.com/security-advisory/sa133", - "refsource": "CONFIRM", - "url": "https://bto.bluecoat.com/security-advisory/sa133" - }, - { - "name": "https://www.tenable.com/security/tns-2017-09", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2017-09" - }, - { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849" - }, - { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116" - }, - { - "name": "RHSA-2017:1216", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1216" - }, - { - "refsource": "CONFIRM", - "name": "https://wiki.opendaylight.org/view/Security_Advisories", - "url": "https://wiki.opendaylight.org/view/Security_Advisories" - }, - { - "name": "RHSA-2017:2710", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2710" - }, - { - "name": "https://security.netapp.com/advisory/ntap-20170119-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20170119-0001/" - }, - { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984" - }, - { - "name": "[tls] 20091120 RC4+3DES rekeying - long-lived TLS connections", - "refsource": "MLIST", - "url": "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html" - }, - { - "name": "RHSA-2018:2123", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2123" - }, - { - "name": "RHSA-2017:0337", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html" - }, - { - "name": "RHSA-2017:2708", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2708" - }, - { - "name": "RHSA-2017:0336", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html" - }, - { - "name": "SUSE-SU-2016:2470", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" - }, - { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name": "RHSA-2017:0462", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0462.html" - }, - { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448" - }, - { - "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", - "refsource": "CONFIRM", - "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" - }, - { - "refsource": "CONFIRM", - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215" - }, - { - "refsource": "SUSE", - "name": "SUSE-SU-2017:2700", - "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html" - }, - { - "refsource": "BUGTRAQ", - "name": "20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities", - "url": "http://www.securityfocus.com/archive/1/540341/100/0/threaded" - }, - { - "refsource": "UBUNTU", - "name": "USN-3087-1", - "url": "http://www.ubuntu.com/usn/USN-3087-1" - }, - { - "refsource": "SUSE", - "name": "SUSE-SU-2016:2469", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html" - }, - { - "refsource": "CONFIRM", - "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05385680", - "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05385680" - }, - { - "refsource": "SUSE", - "name": "openSUSE-SU-2016:2537", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html" - }, - { - "refsource": "BUGTRAQ", - "name": "20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information", - "url": "http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded" - }, - { - "refsource": "UBUNTU", - "name": "USN-3087-2", - "url": "http://www.ubuntu.com/usn/USN-3087-2" - }, - { - "refsource": "BUGTRAQ", - "name": "20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information", - "url": "http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded" - }, - { - "refsource": "CONFIRM", - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10197", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10197" - }, - { - "refsource": "CONFIRM", - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10186", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10186" - }, - { - "refsource": "SUSE", - "name": "SUSE-SU-2017:2699", - "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html" - }, - { - "refsource": "BUGTRAQ", - "name": "20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information", - "url": "http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded" - }, - { - "refsource": "CONFIRM", - "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390849", - "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390849" - }, - { - "refsource": "SUSE", - "name": "openSUSE-SU-2016:2407", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html" - }, - { - "refsource": "CONFIRM", - "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613", - "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613" - }, - { - "refsource": "FULLDISC", - "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities", - "url": "http://seclists.org/fulldisclosure/2017/Jul/31" - }, - { - "refsource": "UBUNTU", - "name": "USN-3194-1", - "url": "http://www.ubuntu.com/usn/USN-3194-1" - }, - { - "refsource": "SUSE", - "name": "SUSE-SU-2016:2458", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html" - }, - { - "refsource": "BUGTRAQ", - "name": "20181113 [security bulletin] MFSBGN03831 rev. - Service Management Automation, remote disclosure of information", - "url": "https://seclists.org/bugtraq/2018/Nov/21" - }, - { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K13167034", - "url": "https://support.f5.com/csp/article/K13167034" - }, - { - "refsource": "CONFIRM", - "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390722", - "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390722" - }, - { - "refsource": "BUGTRAQ", - "name": "20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information", - "url": "http://www.securityfocus.com/archive/1/542005/100/0/threaded" - }, - { - "refsource": "DEBIAN", - "name": "DSA-3673", - "url": "http://www.debian.org/security/2016/dsa-3673" - }, - { - "refsource": "SUSE", - "name": "openSUSE-SU-2016:2391", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html" - }, - { - "refsource": "UBUNTU", - "name": "USN-3372-1", - "url": "http://www.ubuntu.com/usn/USN-3372-1" - }, - { - "refsource": "SUSE", - "name": "openSUSE-SU-2018:0458", - "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html" - }, - { - "refsource": "SUSE", - "name": "SUSE-SU-2017:0460", - "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html" - }, - { - "refsource": "SUSE", - "name": "SUSE-SU-2017:0490", - "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html" - }, - { - "refsource": "UBUNTU", - "name": "USN-3270-1", - "url": "http://www.ubuntu.com/usn/USN-3270-1" - }, - { - "refsource": "BUGTRAQ", - "name": "20170214 [security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information", - "url": "http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded" - }, - { - "refsource": "CONFIRM", - "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178", - "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178" - }, - { - "refsource": "SUSE", - "name": "SUSE-SU-2016:2387", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html" - }, - { - "refsource": "FULLDISC", - "name": "20170529 SSD Advisory - IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities", - "url": "http://seclists.org/fulldisclosure/2017/May/105" - }, - { - "refsource": "SUSE", - "name": "openSUSE-SU-2017:0513", - "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html" - }, - { - "refsource": "CONFIRM", - "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", - "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448" - }, - { - "refsource": "BUGTRAQ", - "name": "20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information", - "url": "http://www.securityfocus.com/archive/1/539885/100/0/threaded" - }, - { - "refsource": "SUSE", - "name": "openSUSE-SU-2017:0374", - "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html" - }, - { - "refsource": "CONFIRM", - "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369415", - "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369415" - }, - { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html", - "url": "http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html" - }, - { - "refsource": "SUSE", - "name": "SUSE-SU-2016:2468", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html" - }, - { - "refsource": "SUSE", - "name": "SUSE-SU-2017:0346", - "url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html" - }, - { - "refsource": "SUSE", - "name": "openSUSE-SU-2016:2496", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html" - }, - { - "refsource": "UBUNTU", - "name": "USN-3198-1", - "url": "http://www.ubuntu.com/usn/USN-3198-1" - }, - { - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2017/May/105", - "url": "http://seclists.org/fulldisclosure/2017/May/105" - }, - { - "refsource": "CONFIRM", - "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369403", - "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369403" - }, - { - "refsource": "BUGTRAQ", - "name": "20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information", - "url": "http://www.securityfocus.com/archive/1/541104/100/0/threaded" - }, - { - "refsource": "SUSE", - "name": "SUSE-SU-2017:1444", - "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html" - }, - { - "refsource": "SUSE", - "name": "SUSE-SU-2016:2394", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html" - }, - { - "refsource": "BUGTRAQ", - "name": "20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities", - "url": "http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded" - }, - { - "refsource": "UBUNTU", - "name": "USN-3179-1", - "url": "http://www.ubuntu.com/usn/USN-3179-1" - }, - { - "refsource": "CONFIRM", - "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", - "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en" - }, - { - "refsource": "REDHAT", - "name": "RHSA-2019:1245", - "url": "https://access.redhat.com/errata/RHSA-2019:1245" - }, - { - "refsource": "REDHAT", - "name": "RHSA-2019:2859", - "url": "https://access.redhat.com/errata/RHSA-2019:2859" - }, - { - "refsource": "REDHAT", - "name": "RHSA-2020:0451", - "url": "https://access.redhat.com/errata/RHSA-2020:0451" - }, - { - "refsource": "CONFIRM", - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10310", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10310" - }, { "url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, - { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, { "url": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2020.html" }, - { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, { "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", @@ -598,234 +339,44 @@ "name": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", - "refsource": "CONFIRM", - "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" - }, - { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name": "https://www.tenable.com/security/tns-2016-20", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2016-20" - }, - { - "name": "https://sweet32.info/", + "url": "https://sweet32.info/", "refsource": "MISC", - "url": "https://sweet32.info/" + "name": "https://sweet32.info/" }, { - "name": "http://www.splunk.com/view/SP-CAAAPUE", - "refsource": "CONFIRM", - "url": "http://www.splunk.com/view/SP-CAAAPUE" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" - }, - { - "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us" - }, - { - "name": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", + "url": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", "refsource": "MISC", - "url": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/" + "name": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/" }, { - "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" - }, - { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403" - }, - { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name": "https://access.redhat.com/articles/2548661", - "refsource": "CONFIRM", - "url": "https://access.redhat.com/articles/2548661" - }, - { - "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "refsource": "CONFIRM", - "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" - }, - { - "name": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue", + "url": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue", "refsource": "MISC", - "url": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" + "name": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" }, { - "name": "http://www.splunk.com/view/SP-CAAAPSV", - "refsource": "CONFIRM", - "url": "http://www.splunk.com/view/SP-CAAAPSV" - }, - { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415" - }, - { - "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "refsource": "CONFIRM", - "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" - }, - { - "name": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", + "url": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", "refsource": "MISC", - "url": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633" + "name": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633" }, { - "name": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "refsource": "CONFIRM", - "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" - }, - { - "name": "https://www.tenable.com/security/tns-2016-16", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2016-16" - }, - { - "name": "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", + "url": "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", "refsource": "MISC", - "url": "https://www.sigsac.org/ccs/CCS2016/accepted-papers/" + "name": "https://www.sigsac.org/ccs/CCS2016/accepted-papers/" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499" - }, - { - "name": "https://www.tenable.com/security/tns-2016-21", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2016-21" - }, - { - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10171", - "refsource": "CONFIRM", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10171" - }, - { - "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", - "refsource": "CONFIRM", - "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482" - }, - { - "name": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", - "refsource": "CONFIRM", - "url": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/" - }, - { - "name": "https://access.redhat.com/security/cve/cve-2016-2183", - "refsource": "CONFIRM", - "url": "https://access.redhat.com/security/cve/cve-2016-2183" - }, - { - "name": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", + "url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", "refsource": "MISC", - "url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/" + "name": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", "refsource": "MISC", - "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" }, { - "name": "https://security.netapp.com/advisory/ntap-20160915-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20160915-0001/" - }, - { - "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us" - }, - { - "name": "https://bto.bluecoat.com/security-advisory/sa133", - "refsource": "CONFIRM", - "url": "https://bto.bluecoat.com/security-advisory/sa133" - }, - { - "name": "https://www.tenable.com/security/tns-2017-09", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2017-09" - }, - { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849" - }, - { - "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" - }, - { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116" - }, - { - "name": "https://security.netapp.com/advisory/ntap-20170119-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20170119-0001/" - }, - { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984" - }, - { - "name": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", + "url": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", "refsource": "MISC", - "url": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/" - }, - { - "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "refsource": "CONFIRM", - "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008" - }, - { - "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", - "refsource": "CONFIRM", - "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697" - }, - { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448" - }, - { - "refsource": "CONFIRM", - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10310", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10310" + "name": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/" }, { "url": "https://www.oracle.com/security-alerts/cpuoct2020.html", @@ -838,14 +389,710 @@ "name": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "refsource": "MISC", - "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", - "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24" + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { - "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "MISC", + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "refsource": "MISC", + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" + }, + { + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "MISC", + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "MISC", + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "MISC", + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "MISC", + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" + }, + { + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", + "refsource": "MISC", + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + }, + { + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10310", + "refsource": "MISC", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10310" + }, + { + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "refsource": "MISC", + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" + }, + { + "url": "https://www.tenable.com/security/tns-2016-20", + "refsource": "MISC", + "name": "https://www.tenable.com/security/tns-2016-20" + }, + { + "url": "http://www.splunk.com/view/SP-CAAAPSV", + "refsource": "MISC", + "name": "http://www.splunk.com/view/SP-CAAAPSV" + }, + { + "url": "http://www.splunk.com/view/SP-CAAAPUE", + "refsource": "MISC", + "name": "http://www.splunk.com/view/SP-CAAAPUE" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html" + }, + { + "url": "http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html" + }, + { + "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2017-0336.html" + }, + { + "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2017-0337.html" + }, + { + "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2017-0338.html" + }, + { + "url": "http://rhn.redhat.com/errata/RHSA-2017-0462.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2017-0462.html" + }, + { + "url": "http://seclists.org/fulldisclosure/2017/Jul/31", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2017/Jul/31" + }, + { + "url": "http://seclists.org/fulldisclosure/2017/May/105", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2017/May/105" + }, + { + "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", + "refsource": "MISC", + "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697" + }, + { + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", + "refsource": "MISC", + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482" + }, + { + "url": "http://www.debian.org/security/2016/dsa-3673", + "refsource": "MISC", + "name": "http://www.debian.org/security/2016/dsa-3673" + }, + { + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", + "refsource": "MISC", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en" + }, + { + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "MISC", + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "refsource": "MISC", + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" + }, + { + "url": "http://www.securityfocus.com/archive/1/539885/100/0/threaded", + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/539885/100/0/threaded" + }, + { + "url": "http://www.securityfocus.com/archive/1/540341/100/0/threaded", + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/540341/100/0/threaded" + }, + { + "url": "http://www.securityfocus.com/archive/1/541104/100/0/threaded", + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/541104/100/0/threaded" + }, + { + "url": "http://www.securityfocus.com/archive/1/542005/100/0/threaded", + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/542005/100/0/threaded" + }, + { + "url": "http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded", + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded" + }, + { + "url": "http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded", + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded" + }, + { + "url": "http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded", + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded" + }, + { + "url": "http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded", + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded" + }, + { + "url": "http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded", + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded" + }, + { + "url": "http://www.securityfocus.com/bid/92630", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/92630" + }, + { + "url": "http://www.securityfocus.com/bid/95568", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/95568" + }, + { + "url": "http://www.securitytracker.com/id/1036696", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1036696" + }, + { + "url": "http://www.ubuntu.com/usn/USN-3087-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3087-1" + }, + { + "url": "http://www.ubuntu.com/usn/USN-3087-2", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3087-2" + }, + { + "url": "http://www.ubuntu.com/usn/USN-3179-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3179-1" + }, + { + "url": "http://www.ubuntu.com/usn/USN-3194-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3194-1" + }, + { + "url": "http://www.ubuntu.com/usn/USN-3198-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3198-1" + }, + { + "url": "http://www.ubuntu.com/usn/USN-3270-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3270-1" + }, + { + "url": "http://www.ubuntu.com/usn/USN-3372-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3372-1" + }, + { + "url": "https://access.redhat.com/articles/2548661", + "refsource": "MISC", + "name": "https://access.redhat.com/articles/2548661" + }, + { + "url": "https://access.redhat.com/errata/RHBA-2019:2581", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHBA-2019:2581" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2016:1940", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:1940" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2017:0336", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:0336" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2017:0337", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:0337" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2017:0338", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:0338" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2017:0462", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:0462" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2017:1216", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:1216" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2017:2708", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:2708" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2017:2709", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:2709" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2017:2710", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:2710" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2017:3113", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:3113" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2017:3114", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:3114" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2017:3239", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:3239" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2017:3240", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:3240" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2018:2123", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:2123" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:1245", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:1245" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:2859", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:2859" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2020:0451", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2020:0451" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2020:3842", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2020:3842" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2021:0308", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2021:0308" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2021:2438", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2021:2438" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2016-2183", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2016-2183" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2016-2183", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2016-2183" + }, + { + "url": "https://bto.bluecoat.com/security-advisory/sa133", + "refsource": "MISC", + "name": "https://bto.bluecoat.com/security-advisory/sa133" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" + }, + { + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", + "refsource": "MISC", + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448" + }, + { + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369403", + "refsource": "MISC", + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369403" + }, + { + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369415", + "refsource": "MISC", + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369415" + }, + { + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05385680", + "refsource": "MISC", + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05385680" + }, + { + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390722", + "refsource": "MISC", + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390722" + }, + { + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390849", + "refsource": "MISC", + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390849" + }, + { + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us", + "refsource": "MISC", + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us" + }, + { + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us", + "refsource": "MISC", + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us" + }, + { + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", + "refsource": "MISC", + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448" + }, + { + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", + "refsource": "MISC", + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984" + }, + { + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", + "refsource": "MISC", + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116" + }, + { + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", + "refsource": "MISC", + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499" + }, + { + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "MISC", + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + }, + { + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", + "refsource": "MISC", + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403" + }, + { + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", + "refsource": "MISC", + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415" + }, + { + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", + "refsource": "MISC", + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849" + }, + { + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", + "refsource": "MISC", + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" + }, + { + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10171", + "refsource": "MISC", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10171" + }, + { + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10186", + "refsource": "MISC", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10186" + }, + { + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10197", + "refsource": "MISC", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10197" + }, + { + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", + "refsource": "MISC", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215" + }, + { + "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", + "refsource": "MISC", + "name": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" + }, + { + "url": "https://seclists.org/bugtraq/2018/Nov/21", + "refsource": "MISC", + "name": "https://seclists.org/bugtraq/2018/Nov/21" + }, + { + "url": "https://security.gentoo.org/glsa/201612-16", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201612-16" + }, + { + "url": "https://security.gentoo.org/glsa/201701-65", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201701-65" + }, + { + "url": "https://security.gentoo.org/glsa/201707-01", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201707-01" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20160915-0001/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20160915-0001/" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20170119-0001/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20170119-0001/" + }, + { + "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613", + "refsource": "MISC", + "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613" + }, + { + "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178", + "refsource": "MISC", + "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178" + }, + { + "url": "https://support.f5.com/csp/article/K13167034", + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K13167034" + }, + { + "url": "https://wiki.opendaylight.org/view/Security_Advisories", + "refsource": "MISC", + "name": "https://wiki.opendaylight.org/view/Security_Advisories" + }, + { + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24" + }, + { + "url": "https://www.exploit-db.com/exploits/42091/", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/42091/" + }, + { + "url": "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", + "refsource": "MISC", + "name": "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html" + }, + { + "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", + "refsource": "MISC", + "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008" + }, + { + "url": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", + "refsource": "MISC", + "name": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/" + }, + { + "url": "https://www.tenable.com/security/tns-2016-16", + "refsource": "MISC", + "name": "https://www.tenable.com/security/tns-2016-16" + }, + { + "url": "https://www.tenable.com/security/tns-2016-21", + "refsource": "MISC", + "name": "https://www.tenable.com/security/tns-2016-21" + }, + { + "url": "https://www.tenable.com/security/tns-2017-09", + "refsource": "MISC", + "name": "https://www.tenable.com/security/tns-2017-09" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "1.SSL/TLS configurations should prefer AES over DES. Versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7 already do so. In the version of OpenSSL shipped with Red Hat Enterprise Linux 5, 3DES is listed below the AES-256 cipher and above the AES-128 cipher, therefore AES-256 based ciphersuite should not be disabled on the server.\n2. Servers using OpenSSL, should not disable AES-128 and AES-256 ciphersuites. Versions of Apache shipped with Red Hat Enterprise Linux use the default cipher string, in which AES is preferred over DES/3DES based ciphersuites.\n\nFor JBoss Middleware, and Java mitigations, please review this knowledge base article:\n\nhttps://access.redhat.com/articles/2598471\n\nThis can be mitigated on OpenShift Container Platform (OCP) by disabling the vulnerable TLS cipher suite in the applicable component. TLS configuration options for OCP are described here:\n\nhttps://access.redhat.com/articles/5348961" + } + ], + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank OpenVPN for reporting this issue. Upstream acknowledges Ga\u00ebtan Leurent (Inria) and Karthikeyan Bhargavan (Inria) as the original reporters." + } + ], + "impact": { + "cvss": [ + { + "accessComplexity": "MEDIUM", + "accessVector": "NETWORK", + "authentication": "NONE", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 4.3, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "PARTIAL", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "version": "2.0" + }, + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" } ] } diff --git a/2016/2xxx/CVE-2016-2857.json b/2016/2xxx/CVE-2016-2857.json index 5fdbe17874a..5d1a7278c9a 100644 --- a/2016/2xxx/CVE-2016-2857.json +++ b/2016/2xxx/CVE-2016-2857.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-2857", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet." + "value": "An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service)." } ] }, @@ -44,93 +21,333 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Out-of-bounds Read", + "cweId": "CWE-125" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "2:0.12.1.2-2.491.el6_8.6", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "10:1.5.3-126.el7_3.3", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6", + "version": { + "version_data": [ + { + "version_value": "2:0.12.1.2-2.491.el6_8.7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", + "version": { + "version_data": [ + { + "version_value": "10:2.6.0-27.el7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", + "version": { + "version_data": [ + { + "version_value": "10:2.6.0-27.el7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7", + "version": { + "version_data": [ + { + "version_value": "10:2.6.0-27.el7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat OpenStack Platform 8.0 (Liberty)", + "version": { + "version_data": [ + { + "version_value": "10:2.6.0-27.el7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)", + "version": { + "version_data": [ + { + "version_value": "10:2.6.0-27.el7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "10:2.6.0-28.el7_3.6", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6", + "version": { + "version_data": [ + { + "version_value": "2:0.12.1.2-2.491.el6_8.6", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "RHEV 3.X Hypervisor and Agents for RHEL-7", + "version": { + "version_data": [ + { + "version_value": "10:2.6.0-28.el7_3.6", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2017:0334", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html" + "url": "http://www.ubuntu.com/usn/USN-2974-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2974-1" }, { - "name": "RHSA-2016:2671", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-2671.html" + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" }, { - "name": "RHSA-2017:0083", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0083.html" + "url": "http://rhn.redhat.com/errata/RHSA-2017-0309.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2017-0309.html" }, { - "name": "[oss-security] 20160303 CVE request Qemu: net: out of bounds read in net_checksum_calculate", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/03/03/9" + "url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2017-0334.html" }, { - "name": "RHSA-2016:2706", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-2706.html" + "url": "http://rhn.redhat.com/errata/RHSA-2017-0344.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2017-0344.html" }, { - "name": "[oss-security] 20160306 Re: CVE request Qemu: net: out of bounds read in net_checksum_calculate", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/03/07/3" + "url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2017-0350.html" }, { - "name": "84130", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/84130" + "url": "https://access.redhat.com/errata/RHSA-2017:0309", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:0309" }, { - "name": "RHSA-2017:0350", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html" + "url": "https://access.redhat.com/errata/RHSA-2017:0334", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:0334" }, { - "name": "RHSA-2016:2705", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-2705.html" + "url": "https://access.redhat.com/errata/RHSA-2017:0344", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:0344" }, { - "name": "USN-2974-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2974-1" + "url": "https://access.redhat.com/errata/RHSA-2017:0350", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:0350" }, { - "name": "RHSA-2017:0309", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0309.html" + "url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-2670.html" }, { - "name": "RHSA-2016:2670", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html" + "url": "http://rhn.redhat.com/errata/RHSA-2016-2671.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-2671.html" }, { - "name": "RHSA-2017:0344", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0344.html" + "url": "http://rhn.redhat.com/errata/RHSA-2016-2704.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-2704.html" }, { - "name": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=362786f14a753d8a5256ef97d7c10ed576d6572b", - "refsource": "CONFIRM", - "url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=362786f14a753d8a5256ef97d7c10ed576d6572b" + "url": "http://rhn.redhat.com/errata/RHSA-2016-2705.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-2705.html" }, { - "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" + "url": "http://rhn.redhat.com/errata/RHSA-2016-2706.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-2706.html" }, { - "name": "RHSA-2016:2704", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-2704.html" + "url": "https://access.redhat.com/errata/RHSA-2016:2670", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:2670" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2016:2671", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:2671" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2016:2704", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:2704" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2016:2705", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:2705" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2016:2706", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:2706" + }, + { + "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b", + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b" + }, + { + "url": "http://rhn.redhat.com/errata/RHSA-2017-0083.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2017-0083.html" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2016/03/03/9", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/03/03/9" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2016/03/07/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/03/07/3" + }, + { + "url": "http://www.securityfocus.com/bid/84130", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/84130" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2017:0083", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:0083" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2016-2857", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2016-2857" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296567", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1296567" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Ling Liu (Qihoo 360 Inc.) for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "accessComplexity": "MEDIUM", + "accessVector": "ADJACENT_NETWORK", + "authentication": "NONE", + "availabilityImpact": "PARTIAL", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 4.3, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "PARTIAL", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:P", + "version": "2.0" + }, + { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L", + "version": "3.0" } ] } diff --git a/2016/3xxx/CVE-2016-3070.json b/2016/3xxx/CVE-2016-3070.json index 615df054f74..1f5aa3e9cc1 100644 --- a/2016/3xxx/CVE-2016-3070.json +++ b/2016/3xxx/CVE-2016-3070.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-3070", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move." + "value": "A security flaw was found in the Linux kernel that an attempt to move page mapped by AIO ring buffer to the other node triggers NULL pointer dereference at trace_writeback_dirty_page(), because aio_fs_backing_dev_info.dev is 0." } ] }, @@ -44,88 +21,163 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "NULL Pointer Dereference", + "cweId": "CWE-476" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "0:3.10.0-514.rt56.420.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.10.0-514.el7", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "USN-3035-3", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-3035-3" + "url": "http://www.debian.org/security/2016/dsa-3607", + "refsource": "MISC", + "name": "http://www.debian.org/security/2016/dsa-3607" }, { - "name": "USN-3035-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-3035-1" + "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1308846", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308846" + "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { - "name": "USN-3036-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-3036-1" + "url": "https://access.redhat.com/errata/RHSA-2016:2574", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:2574" }, { - "name": "RHSA-2016:2584", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" + "url": "https://access.redhat.com/errata/RHSA-2016:2584", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:2584" }, { - "name": "USN-3035-2", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-3035-2" + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=42cb14b110a5698ccf26ce59c4441722605a3743", + "refsource": "MISC", + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=42cb14b110a5698ccf26ce59c4441722605a3743" }, { - "name": "RHSA-2016:2574", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" + "url": "http://www.securityfocus.com/bid/90518", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/90518" }, { - "name": "https://github.com/torvalds/linux/commit/42cb14b110a5698ccf26ce59c4441722605a3743", - "refsource": "CONFIRM", - "url": "https://github.com/torvalds/linux/commit/42cb14b110a5698ccf26ce59c4441722605a3743" + "url": "http://www.ubuntu.com/usn/USN-3034-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3034-1" }, { - "name": "USN-3037-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-3037-1" + "url": "http://www.ubuntu.com/usn/USN-3034-2", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3034-2" }, { - "name": "DSA-3607", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2016/dsa-3607" + "url": "http://www.ubuntu.com/usn/USN-3035-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3035-1" }, { - "name": "https://security-tracker.debian.org/tracker/CVE-2016-3070", - "refsource": "CONFIRM", - "url": "https://security-tracker.debian.org/tracker/CVE-2016-3070" + "url": "http://www.ubuntu.com/usn/USN-3035-2", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3035-2" }, { - "name": "USN-3034-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-3034-1" + "url": "http://www.ubuntu.com/usn/USN-3035-3", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3035-3" }, { - "name": "90518", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/90518" + "url": "http://www.ubuntu.com/usn/USN-3036-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3036-1" }, { - "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=42cb14b110a5698ccf26ce59c4441722605a3743", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=42cb14b110a5698ccf26ce59c4441722605a3743" + "url": "http://www.ubuntu.com/usn/USN-3037-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3037-1" }, { - "name": "USN-3034-2", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-3034-2" + "url": "https://access.redhat.com/security/cve/CVE-2016-3070", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2016-3070" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308846", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1308846" + }, + { + "url": "https://github.com/torvalds/linux/commit/42cb14b110a5698ccf26ce59c4441722605a3743", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/42cb14b110a5698ccf26ce59c4441722605a3743" + }, + { + "url": "https://security-tracker.debian.org/tracker/CVE-2016-3070", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2016-3070" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Jan Stancek (Red Hat)." + } + ], + "impact": { + "cvss": [ + { + "accessComplexity": "MEDIUM", + "accessVector": "LOCAL", + "authentication": "NONE", + "availabilityImpact": "COMPLETE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 4.7, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "NONE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", + "version": "2.0" } ] } diff --git a/2016/3xxx/CVE-2016-3072.json b/2016/3xxx/CVE-2016-3072.json index 08616aa0829..1e7389860c0 100644 --- a/2016/3xxx/CVE-2016-3072.json +++ b/2016/3xxx/CVE-2016-3072.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-3072", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter." + "value": "An input sanitization flaw was found in the scoped search parameters sort_by and sort_order in the REST API. An authenticated user could use this flaw to perform an SQL injection attack on the Katello back end database." } ] }, @@ -44,28 +21,83 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Satellite 6.1", + "version": { + "version_data": [ + { + "version_value": "0:2.2.0.86-1.el7sat", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2016:1083", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2016:1083" + "url": "https://access.redhat.com/errata/RHSA-2016:1083", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2016:1083" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1322050", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1322050" + "url": "https://access.redhat.com/security/cve/CVE-2016-3072", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2016-3072" }, { - "name": "https://github.com/Katello/katello/pull/6051", - "refsource": "CONFIRM", - "url": "https://github.com/Katello/katello/pull/6051" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1322050", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1322050" + }, + { + "url": "https://github.com/Katello/katello/pull/6051", + "refsource": "MISC", + "name": "https://github.com/Katello/katello/pull/6051" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "LOW", + "accessVector": "NETWORK", + "authentication": "SINGLE", + "availabilityImpact": "PARTIAL", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 6.5, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "PARTIAL", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "PARTIAL", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "version": "2.0" } ] } diff --git a/2018/14xxx/CVE-2018-14623.json b/2018/14xxx/CVE-2018-14623.json index 19a7f8b589d..660c2cda38f 100644 --- a/2018/14xxx/CVE-2018-14623.json +++ b/2018/14xxx/CVE-2018-14623.json @@ -1,84 +1,363 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-14623", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "katello", - "version": { - "version_data": [ - { - "version_value": "3.10 and older" - } - ] - } - } - ] - }, - "vendor_name": "The Foreman Project" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulnerable." + "value": "A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs." } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "version": "3.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-89" - } - ] - }, - { - "description": [ - { - "lang": "eng", - "value": "CWE-209" + "value": "Generation of Error Message Containing Sensitive Information", + "cweId": "CWE-209" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Satellite 6.3 for RHEL 7", + "version": { + "version_data": [ + { + "version_value": "0:2.1.14-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.15.6.34-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:201801241201-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:3.4.4-1", + "version_affected": "!" + }, + { + "version_value": "1:1.15.6.8-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.15.6.4-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.15.6.2-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.3.1-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:3.4.5-15.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.4.0-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.5.1-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:3.4.5.26-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:3.0.2-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.5.1-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.13.4.6-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.4.1-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0.2-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.2.1.1-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.13.4-3.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.13.4.8-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.16-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:4.0.5-4.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.0.9-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.0-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.0.2-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.1.6-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.1-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.2.1-1.fm1_15.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0.4-3.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0.9-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.1.10-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.6.9-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.3.0-1.git.0.b5c2768.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.3.7-2.git.0.3b416c9.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:6.3.0-23.0.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:6.3.0.12-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:5.1.1.4-1.fm1_15.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:10.0.2.2-1.fm1_15.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:9.1.5.3-1.fm1_15.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:3.1.0.3-1.fm1_15.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.14-1.fm1_15.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.7.11-1.fm1_15.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.0.13-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.3.7.2-1.fm1_15.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0.6-1.fm1_15.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.9.6.4-1.fm1_15.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.1.8-1.fm1_15.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:5.0.1-1.fm1_15.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0.4.16-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.1.9-1.fm1_15.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.11.0.1-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.3.0-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.11.0.5-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.8-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.1.3.3-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0.0-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.6-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.1.5-1.fm1_15.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.6-1.fm1_15.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.12-1.fm1_15.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.3-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.11.3.5-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:3.4.5.58-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0.2-1.fm1_15.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.1.10-1.fm1_15.el7sat", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623" + "url": "https://access.redhat.com/errata/RHSA-2018:0336", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0336" }, { - "name": "106224", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/106224" + "url": "http://www.securityfocus.com/bid/106224", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/106224" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2018-14623", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2018-14623" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1623719", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1623719" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Mohamed Tehami for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" } ] } diff --git a/2018/14xxx/CVE-2018-14649.json b/2018/14xxx/CVE-2018-14649.json index a3929701ea0..f1f0d3ac610 100644 --- a/2018/14xxx/CVE-2018-14649.json +++ b/2018/14xxx/CVE-2018-14649.json @@ -1,101 +1,138 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-14649", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "ceph-iscsi-cli", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "[UNKNOWN]" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successfully connected to this debug shell they will be able to execute arbitrary commands remotely. These commands will run with the same privileges as of user executing the application which is using python-werkzeug with debug shell mode enabled. In - Red Hat Ceph Storage 2 and 3, ceph-isci-cli package runs python-werkzeug library with root level permissions." + "value": "It was found that rbd-target-api service provided by ceph-iscsi-cli was running in debug mode. An unauthenticated attacker could use this to remotely execute arbitrary code and escalate privileges." } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-77" + "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + "cweId": "CWE-77" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Ceph Storage 2.5 for Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "0:2.0-7.el7cp", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Ceph Storage 3.1", + "version": { + "version_data": [ + { + "version_value": "0:2.7-7.el7cp", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://access.redhat.com/articles/3623521", - "refsource": "CONFIRM", - "url": "https://access.redhat.com/articles/3623521" + "url": "http://www.securityfocus.com/bid/105434", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/105434" }, { - "name": "105434", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/105434" + "url": "https://access.redhat.com/articles/3623521", + "refsource": "MISC", + "name": "https://access.redhat.com/articles/3623521" }, { - "name": "https://github.com/ceph/ceph-iscsi-cli/pull/121/commits/c3812075e30c76a800a961e7291087d357403f6b", - "refsource": "CONFIRM", - "url": "https://github.com/ceph/ceph-iscsi-cli/pull/121/commits/c3812075e30c76a800a961e7291087d357403f6b" + "url": "https://access.redhat.com/errata/RHSA-2018:2837", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:2837" }, { - "name": "https://github.com/ceph/ceph-iscsi-cli/issues/120", - "refsource": "CONFIRM", - "url": "https://github.com/ceph/ceph-iscsi-cli/issues/120" + "url": "https://access.redhat.com/errata/RHSA-2018:2838", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:2838" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14649", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14649" + "url": "https://access.redhat.com/security/cve/CVE-2018-14649", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2018-14649" }, { - "name": "RHSA-2018:2838", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2838" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632078", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1632078" }, { - "name": "RHSA-2018:2837", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2837" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14649", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14649" + }, + { + "url": "https://github.com/ceph/ceph-iscsi-cli/issues/120", + "refsource": "MISC", + "name": "https://github.com/ceph/ceph-iscsi-cli/issues/120" + }, + { + "url": "https://github.com/ceph/ceph-iscsi-cli/pull/121/commits/c3812075e30c76a800a961e7291087d357403f6b", + "refsource": "MISC", + "name": "https://github.com/ceph/ceph-iscsi-cli/pull/121/commits/c3812075e30c76a800a961e7291087d357403f6b" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "To stop werkzeug debug mode started by rbd-target-api which is provided by ceph-iscsi-cli:\n\n1. ~]# systemctl stop rbd-target-api\n\n2. ~]# vi /usr/bin/rbd-target-api\n\n# Start the API server\n...\n737 app.run(host='0.0.0.0',\n738 port=settings.config.api_port,\n739 debug=True, <==== change this to debug=False\n use_evalex=False, <=== add this line to disable debugger code execution\n740 use_reloader=False,\n741 ssl_context=context)\n...\n\nafter changes it should be\n\n# Start the API server\n...\n737 app.run(host='0.0.0.0',\n738 port=settings.config.api_port,\n739 debug=False, \n use_evalex=False,\n740 use_reloader=False,\n741 ssl_context=context)\n...\n\n3. ~]# systemctl start rbd-target-api\n\n4. Limit exposure of port 5000/tcp: This port should be opened to trusted hosts which require to run 'gwcli'." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" } ] } diff --git a/2018/14xxx/CVE-2018-14650.json b/2018/14xxx/CVE-2018-14650.json index 3d1c7f573ee..845fd3cfaf7 100644 --- a/2018/14xxx/CVE-2018-14650.json +++ b/2018/14xxx/CVE-2018-14650.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-14650", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "sos-collector", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "[UNKNOWN]" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,44 +15,93 @@ } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "5.9/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", - "version": "3.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-732" + "value": "Incorrect Permission Assignment for Critical Resource", + "cweId": "CWE-732" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "0:1.5-3.el7_6", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://github.com/sosreport/sos-collector/commit/72058f9253e7ed8c7243e2ff76a16d97b03d65ed", - "refsource": "CONFIRM", - "url": "https://github.com/sosreport/sos-collector/commit/72058f9253e7ed8c7243e2ff76a16d97b03d65ed" + "url": "https://access.redhat.com/errata/RHSA-2018:3663", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:3663" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14650", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14650" + "url": "https://access.redhat.com/security/cve/CVE-2018-14650", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2018-14650" }, { - "name": "RHSA-2018:3663", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3663" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633243", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1633243" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14650", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14650" + }, + { + "url": "https://github.com/sosreport/sos-collector/commit/72058f9253e7ed8c7243e2ff76a16d97b03d65ed", + "refsource": "MISC", + "name": "https://github.com/sosreport/sos-collector/commit/72058f9253e7ed8c7243e2ff76a16d97b03d65ed" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Riccardo Schirone (Red Hat Product Security)." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", + "version": "3.0" } ] } diff --git a/2018/14xxx/CVE-2018-14654.json b/2018/14xxx/CVE-2018-14654.json index 0a7aafaa9bf..25500d8fdcf 100644 --- a/2018/14xxx/CVE-2018-14654.json +++ b/2018/14xxx/CVE-2018-14654.json @@ -1,96 +1,186 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-14654", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "glusterfs", - "version": { - "version_data": [ - { - "version_value": "through 4.1.4" - } - ] - } - } - ] - }, - "vendor_name": "The Gluster Project" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server." + "value": "A flaw was found in the way glusterfs server handles client requests. A remote, authenticated attacker could set arbitrary values for the GF_XATTROP_ENTRY_IN_KEY and GF_XATTROP_ENTRY_OUT_KEY during xattrop file operation resulting in creation and deletion of arbitrary files on glusterfs server node." } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", - "version": "3.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-22" + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Native Client for RHEL 6 for Red Hat Storage", + "version": { + "version_data": [ + { + "version_value": "0:3.12.2-25.el6", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Native Client for RHEL 7 for Red Hat Storage", + "version": { + "version_data": [ + { + "version_value": "0:3.12.2-25.el7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Gluster Storage 3.4 for RHEL 6", + "version": { + "version_data": [ + { + "version_value": "0:3.12.2-25.el6rhs", + "version_affected": "!" + }, + { + "version_value": "0:3.4.1.0-1.el6rhs", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Gluster Storage 3.4 for RHEL 7", + "version": { + "version_data": [ + { + "version_value": "0:3.12.2-25.el7rhgs", + "version_affected": "!" + }, + { + "version_value": "0:3.4.1.0-1.el7rhgs", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "0:3.12.2-25.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.29-1.el7ev", + "version_affected": "!" + }, + { + "version_value": "0:4.2-7.3.el7", + "version_affected": "!" + }, + { + "version_value": "0:4.2-20181026.0.el7_6", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14654", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14654" + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" }, { - "name": "RHSA-2018:3431", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3431" + "url": "https://security.gentoo.org/glsa/201904-06", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201904-06" }, { - "name": "RHSA-2018:3432", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3432" + "url": "https://access.redhat.com/errata/RHSA-2018:3431", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:3431" }, { - "name": "RHSA-2018:3470", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3470" + "url": "https://access.redhat.com/errata/RHSA-2018:3432", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:3432" }, { - "refsource": "GENTOO", - "name": "GLSA-201904-06", - "url": "https://security.gentoo.org/glsa/201904-06" + "url": "https://access.redhat.com/errata/RHSA-2018:3470", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:3470" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", - "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" + "url": "https://access.redhat.com/security/cve/CVE-2018-14654", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2018-14654" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1631576", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1631576" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14654", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14654" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "version": "3.0" } ] } diff --git a/2018/14xxx/CVE-2018-14660.json b/2018/14xxx/CVE-2018-14660.json index fe63b3959da..e3b1ae2220d 100644 --- a/2018/14xxx/CVE-2018-14660.json +++ b/2018/14xxx/CVE-2018-14660.json @@ -1,99 +1,186 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-14660", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "glusterfs", - "version": { - "version_data": [ - { - "version_value": "affected versions through 4.1.4" - }, - { - "version_value": "affected versions through 3.1.2" - } - ] - } - } - ] - }, - "vendor_name": "[UNKNOWN]" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node." + "value": "A flaw was found in glusterfs server which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node." } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-400" + "value": "Uncontrolled Resource Consumption", + "cweId": "CWE-400" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Native Client for RHEL 6 for Red Hat Storage", + "version": { + "version_data": [ + { + "version_value": "0:3.12.2-25.el6", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Native Client for RHEL 7 for Red Hat Storage", + "version": { + "version_data": [ + { + "version_value": "0:3.12.2-25.el7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Gluster Storage 3.4 for RHEL 6", + "version": { + "version_data": [ + { + "version_value": "0:3.12.2-25.el6rhs", + "version_affected": "!" + }, + { + "version_value": "0:3.4.1.0-1.el6rhs", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Gluster Storage 3.4 for RHEL 7", + "version": { + "version_data": [ + { + "version_value": "0:3.12.2-25.el7rhgs", + "version_affected": "!" + }, + { + "version_value": "0:3.4.1.0-1.el7rhgs", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "0:3.12.2-25.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.29-1.el7ev", + "version_affected": "!" + }, + { + "version_value": "0:4.2-7.3.el7", + "version_affected": "!" + }, + { + "version_value": "0:4.2-20181026.0.el7_6", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2018:3431", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3431" + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14660", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14660" + "url": "https://security.gentoo.org/glsa/201904-06", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201904-06" }, { - "name": "RHSA-2018:3432", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3432" + "url": "https://access.redhat.com/errata/RHSA-2018:3431", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:3431" }, { - "name": "RHSA-2018:3470", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3470" + "url": "https://access.redhat.com/errata/RHSA-2018:3432", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:3432" }, { - "refsource": "GENTOO", - "name": "GLSA-201904-06", - "url": "https://security.gentoo.org/glsa/201904-06" + "url": "https://access.redhat.com/errata/RHSA-2018:3470", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:3470" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", - "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" + "url": "https://access.redhat.com/security/cve/CVE-2018-14660", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2018-14660" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1635926", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1635926" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14660", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14660" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" } ] } diff --git a/2018/14xxx/CVE-2018-14661.json b/2018/14xxx/CVE-2018-14661.json index 07591b99194..b205a6adf4f 100644 --- a/2018/14xxx/CVE-2018-14661.json +++ b/2018/14xxx/CVE-2018-14661.json @@ -1,101 +1,191 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-14661", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "glusterfs-server", - "version": { - "version_data": [ - { - "version_value": "3.8.4" - } - ] - } - } - ] - }, - "vendor_name": "The Gluster Project" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service." + "value": "It was found that usage of snprintf function in feature/locks translator of glusterfs server was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service." } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-20" + "value": "Improper Input Validation", + "cweId": "CWE-20" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Native Client for RHEL 6 for Red Hat Storage", + "version": { + "version_data": [ + { + "version_value": "0:3.12.2-25.el6", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Native Client for RHEL 7 for Red Hat Storage", + "version": { + "version_data": [ + { + "version_value": "0:3.12.2-25.el7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Gluster Storage 3.4 for RHEL 6", + "version": { + "version_data": [ + { + "version_value": "0:3.12.2-25.el6rhs", + "version_affected": "!" + }, + { + "version_value": "0:3.4.1.0-1.el6rhs", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Gluster Storage 3.4 for RHEL 7", + "version": { + "version_data": [ + { + "version_value": "0:3.12.2-25.el7rhgs", + "version_affected": "!" + }, + { + "version_value": "0:3.4.1.0-1.el7rhgs", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "0:3.12.2-25.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.29-1.el7ev", + "version_affected": "!" + }, + { + "version_value": "0:4.2-7.3.el7", + "version_affected": "!" + }, + { + "version_value": "0:4.2-20181026.0.el7_6", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2018:3431", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3431" + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14661", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14661" + "url": "https://security.gentoo.org/glsa/201904-06", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201904-06" }, { - "name": "[debian-lts-announce] 20181105 [SECURITY] [DLA 1565-1] glusterfs security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html" + "url": "https://access.redhat.com/errata/RHSA-2018:3431", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:3431" }, { - "name": "RHSA-2018:3432", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3432" + "url": "https://access.redhat.com/errata/RHSA-2018:3432", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:3432" }, { - "name": "RHSA-2018:3470", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3470" + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html" }, { - "refsource": "GENTOO", - "name": "GLSA-201904-06", - "url": "https://security.gentoo.org/glsa/201904-06" + "url": "https://access.redhat.com/errata/RHSA-2018:3470", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:3470" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", - "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" + "url": "https://access.redhat.com/security/cve/CVE-2018-14661", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2018-14661" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1636880", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1636880" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14661", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14661" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" } ] } diff --git a/2018/16xxx/CVE-2018-16838.json b/2018/16xxx/CVE-2018-16838.json index 8e09b29ec6b..26e449dfd72 100644 --- a/2018/16xxx/CVE-2018-16838.json +++ b/2018/16xxx/CVE-2018-16838.json @@ -1,25 +1,81 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2018-16838", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CVE-2018-16838 sssd: improper implementation of GPOs due to too restrictive permissions" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { - "vendor_name": "[UNKNOWN]", + "vendor_name": "Red Hat", "product": { "product_data": [ { - "product_name": "sssd", + "product_name": "Red Hat Enterprise Linux 7", "version": { "version_data": [ { - "version_value": "n/a" + "version_value": "0:1.16.4-21.el7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "0:2.2.0-19.el8", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "0:1.1.9-0.1.el7ev", + "version_affected": "!" + }, + { + "version_value": "0:4.3.5-0.20190717.0.el7ev", + "version_affected": "!" + }, + { + "version_value": "0:4.3.5-2.el7ev", + "version_affected": "!" + }, + { + "version_value": "0:4.3.5-20190722.0.el7_7", + "version_affected": "!" } ] } @@ -30,68 +86,66 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-284" - } - ] - } - ] - }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2019:2177", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:2177" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00042.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00042.html" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00051.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00051.html" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:2437", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:2437" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:3651", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:3651" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2018-16838", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2018-16838" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1640820", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1640820" + }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16838", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16838", - "refsource": "CONFIRM" - }, - { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1576", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00042.html" - }, - { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1589", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00051.html" - }, - { - "refsource": "REDHAT", - "name": "RHSA-2019:2177", - "url": "https://access.redhat.com/errata/RHSA-2019:2177" - }, - { - "refsource": "REDHAT", - "name": "RHSA-2019:2437", - "url": "https://access.redhat.com/errata/RHSA-2019:2437" - }, - { - "refsource": "REDHAT", - "name": "RHSA-2019:3651", - "url": "https://access.redhat.com/errata/RHSA-2019:3651" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access." + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16838" } ] }, "impact": { "cvss": [ - [ - { - "vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", - "version": "3.0" - } - ] + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } ] } } \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16864.json b/2018/16xxx/CVE-2018-16864.json index 492ce00d06a..3ff8f29ea04 100644 --- a/2018/16xxx/CVE-2018-16864.json +++ b/2018/16xxx/CVE-2018-16864.json @@ -1,151 +1,257 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-16864", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "systemd", - "version": { - "version_data": [ - { - "version_value": "through v240" - } - ] - } - } - ] - }, - "vendor_name": "The systemd Project" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable." + "value": "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges." } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "7.4/CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-770" + "value": "Allocation of Resources Without Limits or Throttling", + "cweId": "CWE-770" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "0:219-62.el7_6.2", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", + "version": { + "version_data": [ + { + "version_value": "0:219-30.el7_3.13", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "0:219-30.el7_3.13", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", + "version": { + "version_data": [ + { + "version_value": "0:219-30.el7_3.13", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "0:219-42.el7_4.13", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "0:219-57.el7_5.5", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "0:4.2-8.1.el7", + "version_affected": "!" + }, + { + "version_value": "0:4.2-20190129.0.el7_6", + "version_affected": "!" + }, + { + "version_value": "0:4.2-20190129.0.el7", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ - { - "name": "106523", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/106523" - }, - { - "name": "RHSA-2019:0342", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2019:0342" - }, - { - "name": "[debian-lts-announce] 20190123 [SECURITY] [DLA 1639-1] systemd security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html" - }, - { - "name": "DSA-4367", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2019/dsa-4367" - }, - { - "name": "RHSA-2019:0204", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2019:0204" - }, - { - "name": "https://security.netapp.com/advisory/ntap-20190117-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20190117-0001/" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864" - }, - { - "name": "https://www.qualys.com/2019/01/09/system-down/system-down.txt", - "refsource": "MISC", - "url": "https://www.qualys.com/2019/01/09/system-down/system-down.txt" - }, - { - "name": "USN-3855-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3855-1/" - }, - { - "name": "RHSA-2019:0049", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2019:0049" - }, - { - "name": "RHSA-2019:0271", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2019:0271" - }, - { - "name": "RHSA-2019:0361", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2019:0361" - }, - { - "name": "GLSA-201903-07", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201903-07" - }, { "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource": "REDHAT", - "name": "RHBA-2019:0327", - "url": "https://access.redhat.com/errata/RHBA-2019:0327" + "url": "http://www.openwall.com/lists/oss-security/2021/07/20/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2021/07/20/2" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2402", - "url": "https://access.redhat.com/errata/RHSA-2019:2402" + "url": "https://security.gentoo.org/glsa/201903-07", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201903-07" }, { - "refsource": "MLIST", - "name": "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)", - "url": "http://www.openwall.com/lists/oss-security/2021/07/20/2" + "url": "https://security.netapp.com/advisory/ntap-20190117-0001/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20190117-0001/" + }, + { + "url": "https://usn.ubuntu.com/3855-1/", + "refsource": "MISC", + "name": "https://usn.ubuntu.com/3855-1/" + }, + { + "url": "https://www.debian.org/security/2019/dsa-4367", + "refsource": "MISC", + "name": "https://www.debian.org/security/2019/dsa-4367" + }, + { + "url": "https://www.qualys.com/2019/01/09/system-down/system-down.txt", + "refsource": "MISC", + "name": "https://www.qualys.com/2019/01/09/system-down/system-down.txt" + }, + { + "url": "http://www.securityfocus.com/bid/106523", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/106523" + }, + { + "url": "https://access.redhat.com/errata/RHBA-2019:0327", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHBA-2019:0327" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:0049", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:0049" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:0204", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:0204" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:0271", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:0271" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:0342", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:0342" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:0361", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:0361" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:2402", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:2402" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2018-16864", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2018-16864" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1653855", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1653855" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "To increase the time an attacker needs to exploit this flaw you could override the `StartLimitInterval=` (called StartLimitIntervalSec in newer systemd versions) and `StartLimitBurst=` settings. In this way the attack may require much longer to be successful.\n\nTo edit the journald service use `sudo systemctl edit systemd-journald.service` and add:\n```\n[Service]\nStartLimitInterval=120\nStartLimitBurst=3\n```" + } + ], + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Qualys Research Labs for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" } ] } diff --git a/2018/16xxx/CVE-2018-16865.json b/2018/16xxx/CVE-2018-16865.json index cfa290d6579..a282fc22fac 100644 --- a/2018/16xxx/CVE-2018-16865.json +++ b/2018/16xxx/CVE-2018-16865.json @@ -1,171 +1,271 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-16865", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "systemd", - "version": { - "version_data": [ - { - "version_value": "through v240" - } - ] - } - } - ] - }, - "vendor_name": "The systemd Project" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable." + "value": "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges." } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-770" + "value": "Allocation of Resources Without Limits or Throttling", + "cweId": "CWE-770" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "0:219-62.el7_6.2", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", + "version": { + "version_data": [ + { + "version_value": "0:219-30.el7_3.13", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "0:219-30.el7_3.13", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", + "version": { + "version_data": [ + { + "version_value": "0:219-30.el7_3.13", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "0:219-42.el7_4.13", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "0:219-57.el7_5.5", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "0:4.2-8.1.el7", + "version_affected": "!" + }, + { + "version_value": "0:4.2-20190129.0.el7_6", + "version_affected": "!" + }, + { + "version_value": "0:4.2-20190129.0.el7", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ - { - "name": "RHSA-2019:0342", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2019:0342" - }, - { - "name": "[debian-lts-announce] 20190123 [SECURITY] [DLA 1639-1] systemd security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html" - }, - { - "name": "106525", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/106525" - }, - { - "name": "DSA-4367", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2019/dsa-4367" - }, - { - "name": "RHSA-2019:0204", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2019:0204" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16865", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16865" - }, - { - "name": "https://security.netapp.com/advisory/ntap-20190117-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20190117-0001/" - }, - { - "name": "https://www.qualys.com/2019/01/09/system-down/system-down.txt", - "refsource": "MISC", - "url": "https://www.qualys.com/2019/01/09/system-down/system-down.txt" - }, - { - "name": "USN-3855-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3855-1/" - }, - { - "name": "RHSA-2019:0049", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2019:0049" - }, - { - "name": "RHSA-2019:0271", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2019:0271" - }, - { - "name": "RHSA-2019:0361", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2019:0361" - }, - { - "name": "GLSA-201903-07", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201903-07" - }, { "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource": "REDHAT", - "name": "RHBA-2019:0327", - "url": "https://access.redhat.com/errata/RHBA-2019:0327" - }, - { - "refsource": "MLIST", - "name": "[oss-security] 20190510 Re: System Down: A systemd-journald exploit", - "url": "http://www.openwall.com/lists/oss-security/2019/05/10/4" - }, - { - "refsource": "BUGTRAQ", - "name": "20190513 Re: System Down: A systemd-journald exploit", - "url": "https://seclists.org/bugtraq/2019/May/25" - }, - { + "url": "http://www.openwall.com/lists/oss-security/2021/07/20/2", "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", - "url": "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html" + "name": "http://www.openwall.com/lists/oss-security/2021/07/20/2" }, { - "refsource": "FULLDISC", - "name": "20190513 Re: System Down: A systemd-journald exploit", - "url": "http://seclists.org/fulldisclosure/2019/May/21" + "url": "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2402", - "url": "https://access.redhat.com/errata/RHSA-2019:2402" + "url": "http://seclists.org/fulldisclosure/2019/May/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/May/21" }, { - "refsource": "MLIST", - "name": "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)", - "url": "http://www.openwall.com/lists/oss-security/2021/07/20/2" + "url": "http://www.openwall.com/lists/oss-security/2019/05/10/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/05/10/4" + }, + { + "url": "https://seclists.org/bugtraq/2019/May/25", + "refsource": "MISC", + "name": "https://seclists.org/bugtraq/2019/May/25" + }, + { + "url": "https://security.gentoo.org/glsa/201903-07", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201903-07" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20190117-0001/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20190117-0001/" + }, + { + "url": "https://usn.ubuntu.com/3855-1/", + "refsource": "MISC", + "name": "https://usn.ubuntu.com/3855-1/" + }, + { + "url": "https://www.debian.org/security/2019/dsa-4367", + "refsource": "MISC", + "name": "https://www.debian.org/security/2019/dsa-4367" + }, + { + "url": "https://www.qualys.com/2019/01/09/system-down/system-down.txt", + "refsource": "MISC", + "name": "https://www.qualys.com/2019/01/09/system-down/system-down.txt" + }, + { + "url": "https://access.redhat.com/errata/RHBA-2019:0327", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHBA-2019:0327" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:0049", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:0049" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:0204", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:0204" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:0271", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:0271" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:0342", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:0342" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:0361", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:0361" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:2402", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:2402" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html" + }, + { + "url": "http://www.securityfocus.com/bid/106525", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/106525" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2018-16865", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2018-16865" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1653861", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1653861" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16865", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16865" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Qualys Research Labs for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" } ] } diff --git a/2018/16xxx/CVE-2018-16871.json b/2018/16xxx/CVE-2018-16871.json index 0daacf2c863..d67a935e87d 100644 --- a/2018/16xxx/CVE-2018-16871.json +++ b/2018/16xxx/CVE-2018-16871.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2018-16871", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in the Linux kernel's NFS implementation. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -15,11 +36,57 @@ "product": { "product_data": [ { - "product_name": "kernel:", + "product_name": "Red Hat Enterprise Linux 7", "version": { "version_data": [ { - "version_value": "all 3.x, all 4.x up to 4.20" + "version_value": "0:3.10.0-957.27.2.rt56.940.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.10.0-957.27.2.el7", + "version_affected": "!" + }, + { + "version_value": "0:4.14.0-115.18.1.el7a", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "0:3.10.0-693.58.1.el7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "0:4.18.0-193.rt13.51.el8", + "version_affected": "!" + }, + { + "version_value": "0:4.18.0-193.el8", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise MRG 2", + "version": { + "version_data": [ + { + "version_value": "1:3.10.0-693.58.1.rt56.652.el6rt", + "version_affected": "!" } ] } @@ -30,73 +97,97 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-476" - } - ] - } - ] - }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2019:1873", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:1873" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:1891", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:1891" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:2696", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:2696" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:2730", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:2730" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2020:0740", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2020:0740" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2020:1567", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2020:1567" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2020:1769", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2020:1769" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2018-16871", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2018-16871" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1655162", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1655162" + }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16871", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16871", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16871" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2696", - "url": "https://access.redhat.com/errata/RHSA-2019:2696" + "url": "https://security.netapp.com/advisory/ntap-20211004-0002/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20211004-0002/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2730", - "url": "https://access.redhat.com/errata/RHSA-2019:2730" + "url": "https://support.f5.com/csp/article/K18657134", + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K18657134" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K18657134", - "url": "https://support.f5.com/csp/article/K18657134" - }, - { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K18657134?utm_source=f5support&utm_medium=RSS", - "url": "https://support.f5.com/csp/article/K18657134?utm_source=f5support&utm_medium=RSS" - }, - { - "refsource": "REDHAT", - "name": "RHSA-2020:0740", - "url": "https://access.redhat.com/errata/RHSA-2020:0740" - }, - { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20211004-0002/", - "url": "https://security.netapp.com/advisory/ntap-20211004-0002/" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost." + "url": "https://support.f5.com/csp/article/K18657134?utm_source=f5support&%3Butm_medium=RSS", + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K18657134?utm_source=f5support&%3Butm_medium=RSS" } ] }, + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Hangbin Liu (Red Hat) and Jasu Liedes (Synopsys SIG)." + } + ], "impact": { "cvss": [ - [ - { - "vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" - } - ] + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } ] } } \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16885.json b/2018/16xxx/CVE-2018-16885.json index 77c4f82af04..f68a9815f19 100644 --- a/2018/16xxx/CVE-2018-16885.json +++ b/2018/16xxx/CVE-2018-16885.json @@ -1,86 +1,116 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-16885", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "kernel", - "version": { - "version_data": [ - { - "version_value": "3.10.x as shipped with Red Hat Enterprise Linux 7" - } - ] - } - } - ] - }, - "vendor_name": "The Linux Foundation" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7." + "value": "A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length. This can cause a read beyond the buffer boundaries flaw and, in certain cases, cause a memory access fault and a system halt by accessing invalid memory address." } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "4.7/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-125" + "value": "Out-of-bounds Read", + "cweId": "CWE-125" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "0:3.10.0-1062.rt56.1022.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.10.0-1062.el7", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16885", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16885" + "url": "https://access.redhat.com/errata/RHSA-2019:2029", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:2029" }, { - "name": "106296", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/106296" + "url": "https://access.redhat.com/errata/RHSA-2019:2043", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:2043" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2043", - "url": "https://access.redhat.com/errata/RHSA-2019:2043" + "url": "http://www.securityfocus.com/bid/106296", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/106296" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2029", - "url": "https://access.redhat.com/errata/RHSA-2019:2029" + "url": "https://access.redhat.com/security/cve/CVE-2018-16885", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2018-16885" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661503", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1661503" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16885", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16885" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Paolo Abeni (Red Hat)." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" } ] } diff --git a/2023/23xxx/CVE-2023-23110.json b/2023/23xxx/CVE-2023-23110.json index 6c8baae98b0..9d31d80c0be 100644 --- a/2023/23xxx/CVE-2023-23110.json +++ b/2023/23xxx/CVE-2023-23110.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2023-23110", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier." + "value": "An exploitable firmware modification vulnerability was discovered in WNR612v2 Wireless Routers firmware version 1.0.0.3 and earlier. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification." } ] }, @@ -50,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -58,49 +59,9 @@ "name": "https://www.netgear.com/about/security/" }, { - "url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/SJCGkb-9o", + "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/SJCGkb-9o", "refsource": "MISC", - "name": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/SJCGkb-9o" - }, - { - "refsource": "MISC", - "name": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/r1Z4BX-5i", - "url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/r1Z4BX-5i" - }, - { - "refsource": "MISC", - "name": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/H1lIcXbco", - "url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/H1lIcXbco" - }, - { - "refsource": "MISC", - "name": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/ryjVZz-5s", - "url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/ryjVZz-5s" - }, - { - "refsource": "MISC", - "name": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/S1t47Ebqj", - "url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/S1t47Ebqj" - }, - { - "refsource": "MISC", - "name": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/S1BNhbWqi", - "url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/S1BNhbWqi" - }, - { - "refsource": "MISC", - "name": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/HyZRxmb9s", - "url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/HyZRxmb9s" - }, - { - "refsource": "MISC", - "name": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/BkBPIeGco", - "url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/BkBPIeGco" - }, - { - "refsource": "MISC", - "name": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/S1qWglM5o", - "url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/S1qWglM5o" + "name": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/SJCGkb-9o" } ] } diff --git a/2023/24xxx/CVE-2023-24574.json b/2023/24xxx/CVE-2023-24574.json index f684c176e6e..83af5471060 100644 --- a/2023/24xxx/CVE-2023-24574.json +++ b/2023/24xxx/CVE-2023-24574.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-24574", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an \"Uncontrolled Resource Consumption vulnerability\" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "Enterprise SONiC OS", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000208165/dsa-2023-039-dell-emc-enterprise-sonic-security-update-for-an-uncontrolled-resource-consumption-vulnerability", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-us/000208165/dsa-2023-039-dell-emc-enterprise-sonic-security-update-for-an-uncontrolled-resource-consumption-vulnerability" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] }