admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-02 16:00:48 +00:00
parent f6aed1d65f
commit 96e2ab4470
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
22 changed files with 3110 additions and 1430 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

259
2012/3xxx/CVE-2012-3480.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3480",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified \"related functions\" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow."
"value": "CVE-2012-3480 glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines"
}
]
},
@ -44,93 +21,195 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.5-81.el5_8.7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.12-1.80.el6_3.5",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
"version": {
"version_data": [
{
"version_value": "0:6.3-20120926.0.el6_3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120813 CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/13/4"
},
{
"name": "FEDORA-2012-11927",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085190.html"
},
{
"name": "84710",
"refsource": "OSVDB",
"url": "http://osvdb.org/84710"
},
{
"name": "54982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54982"
},
{
"name": "[oss-security] 20120813 Re: CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/13/6"
},
{
"name": "RHSA-2012:1325",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1325.html"
},
{
"name": "[libc-alpha] 20120812 Fix strtod integer/buffer overflow (bug 14459)",
"refsource": "MLIST",
"url": "http://sourceware.org/ml/libc-alpha/2012-08/msg00202.html"
},
{
"name": "http://sourceware.org/bugzilla/show_bug.cgi?id=14459",
"url": "http://www.ubuntu.com/usn/USN-1589-1",
"refsource": "MISC",
"url": "http://sourceware.org/bugzilla/show_bug.cgi?id=14459"
"name": "http://www.ubuntu.com/usn/USN-1589-1"
},
{
"name": "RHSA-2012:1262",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1262.html"
"url": "https://security.gentoo.org/glsa/201503-04",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201503-04"
},
{
"name": "GLSA-201503-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-04"
"url": "http://rhn.redhat.com/errata/RHSA-2012-1262.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1262.html"
},
{
"name": "RHSA-2012:1207",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1207.html"
"url": "http://rhn.redhat.com/errata/RHSA-2012-1325.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1325.html"
},
{
"name": "1027374",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027374"
"url": "https://access.redhat.com/errata/RHSA-2012:1262",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1262"
},
{
"name": "USN-1589-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1589-1"
"url": "https://access.redhat.com/errata/RHSA-2012:1325",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1325"
},
{
"name": "50201",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50201"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085190.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085190.html"
},
{
"name": "50422",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50422"
"url": "http://osvdb.org/84710",
"refsource": "MISC",
"name": "http://osvdb.org/84710"
},
{
"name": "RHSA-2012:1208",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1208.html"
"url": "http://rhn.redhat.com/errata/RHSA-2012-1207.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1207.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2012-1208.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1208.html"
},
{
"url": "http://secunia.com/advisories/50201",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50201"
},
{
"url": "http://secunia.com/advisories/50422",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50422"
},
{
"url": "http://sourceware.org/bugzilla/show_bug.cgi?id=14459",
"refsource": "MISC",
"name": "http://sourceware.org/bugzilla/show_bug.cgi?id=14459"
},
{
"url": "http://sourceware.org/ml/libc-alpha/2012-08/msg00202.html",
"refsource": "MISC",
"name": "http://sourceware.org/ml/libc-alpha/2012-08/msg00202.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/08/13/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/08/13/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/08/13/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/08/13/6"
},
{
"url": "http://www.securityfocus.com/bid/54982",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/54982"
},
{
"url": "http://www.securitytracker.com/id?1027374",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1027374"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1207",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1207"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1208",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1208"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-3480",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-3480"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=847715",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=847715"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

205
2012/3xxx/CVE-2012-3511.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3511",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call."
"value": "CVE-2012-3511 kernel: mm: use-after-free in madvise_remove()"
}
]
},
@ -44,78 +21,170 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.6.18-348.18.1.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-279.14.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "0:3.2.33-rt50.66.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-1572-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1572-1"
"url": "http://ubuntu.com/usn/usn-1529-1",
"refsource": "MISC",
"name": "http://ubuntu.com/usn/usn-1529-1"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5"
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5"
},
{
"name": "50732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50732"
"url": "http://secunia.com/advisories/50633",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50633"
},
{
"name": "USN-1567-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1567-1"
"url": "http://www.ubuntu.com/usn/USN-1567-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1567-1"
},
{
"name": "USN-1577-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1577-1"
"url": "http://secunia.com/advisories/50732",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50732"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb"
"url": "http://www.ubuntu.com/usn/USN-1572-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1572-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=849734",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=849734"
"url": "http://www.ubuntu.com/usn/USN-1577-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1577-1"
},
{
"name": "https://github.com/torvalds/linux/commit/9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb"
"url": "https://access.redhat.com/errata/RHSA-2012:1491",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1491"
},
{
"name": "USN-1529-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1529-1"
"url": "https://access.redhat.com/errata/RHSA-2012:1426",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1426"
},
{
"name": "[oss-security] 20120820 Re: CVE Request -- kernel: mm: use-after-free in madvise_remove()",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/20/13"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb"
},
{
"name": "55151",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55151"
"url": "http://secunia.com/advisories/55055",
"refsource": "MISC",
"name": "http://secunia.com/advisories/55055"
},
{
"name": "50633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50633"
"url": "http://www.openwall.com/lists/oss-security/2012/08/20/13",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/08/20/13"
},
{
"name": "55055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55055"
"url": "http://www.securityfocus.com/bid/55151",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55151"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1292",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1292"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-3511",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-3511"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=849734",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=849734"
},
{
"url": "https://github.com/torvalds/linux/commit/9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.2,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

204
2012/4xxx/CVE-2012-4447.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4447",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format."
"value": "CVE-2012-4447 libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression"
}
]
},
@ -44,68 +21,139 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:3.8.2-18.el5_8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:3.9.4-9.el6_3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "51049",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51049"
},
{
"name": "DSA-2561",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2561"
},
{
"name": "[oss-security] 20120925 CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/25/9"
},
{
"name": "USN-1631-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1631-1"
},
{
"name": "http://www.remotesensing.org/libtiff/v4.0.3.html",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1590.html",
"refsource": "MISC",
"url": "http://www.remotesensing.org/libtiff/v4.0.3.html"
"name": "http://rhn.redhat.com/errata/RHSA-2012-1590.html"
},
{
"name": "49938",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49938"
},
{
"name": "openSUSE-SU-2013:0187",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html"
},
{
"name": "[oss-security] 20120925 Re: CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/25/14"
},
{
"name": "55673",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55673"
},
{
"name": "RHSA-2012:1590",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1590.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=860198",
"url": "http://secunia.com/advisories/49938",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860198"
"name": "http://secunia.com/advisories/49938"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1590",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1590"
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html"
},
{
"url": "http://www.ubuntu.com/usn/USN-1631-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1631-1"
},
{
"url": "http://secunia.com/advisories/51049",
"refsource": "MISC",
"name": "http://secunia.com/advisories/51049"
},
{
"url": "http://www.debian.org/security/2012/dsa-2561",
"refsource": "MISC",
"name": "http://www.debian.org/security/2012/dsa-2561"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/09/25/14",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/09/25/14"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/09/25/9",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/09/25/9"
},
{
"url": "http://www.remotesensing.org/libtiff/v4.0.3.html",
"refsource": "MISC",
"name": "http://www.remotesensing.org/libtiff/v4.0.3.html"
},
{
"url": "http://www.securityfocus.com/bid/55673",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55673"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-4447",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-4447"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860198",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=860198"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

209
2012/4xxx/CVE-2012-4456.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4456",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services."
"value": "CVE-2012-4456 Openstack Keystone 2012.1.1: fails to validate tokens in Admin API"
}
]
},
@ -44,73 +21,133 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Missing Critical Step in Authentication",
"cweId": "CWE-304"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "OpenStack Essex for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2012.1.2-4.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120928 [OSSA 2012-015] Some actions in Keystone admin API do not validate token (CVE-2012-4456)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/28/5"
},
{
"name": "50665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50665"
},
{
"name": "[openstack] 20120928 [OSSA 2012-015] Some actions in Keystone admin API do not validate token (CVE-2012-4456)",
"refsource": "MLIST",
"url": "https://lists.launchpad.net/openstack/msg17034.html"
},
{
"name": "https://github.com/openstack/keystone/commit/24df3adb3f50cbb5ada411bc67aba8a781e6a431",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/keystone/commit/24df3adb3f50cbb5ada411bc67aba8a781e6a431"
},
{
"name": "https://github.com/openstack/keystone/commit/14b136aed9d988f5a8f3e699bd4577c9b874d6c1",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/keystone/commit/14b136aed9d988f5a8f3e699bd4577c9b874d6c1"
},
{
"name": "https://bugs.launchpad.net/keystone/+bug/1006822",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/keystone/+bug/1006822"
},
{
"name": "55716",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55716"
},
{
"name": "https://bugs.launchpad.net/keystone/+bug/1006815",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/keystone/+bug/1006815"
},
{
"name": "https://github.com/openstack/keystone/commit/868054992faa45d6f42d822bf1588cb88d7c9ccb",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/keystone/commit/868054992faa45d6f42d822bf1588cb88d7c9ccb"
},
{
"name": "keystone-xauth-sec-bypass(78944)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78944"
},
{
"name": "https://github.com/openstack/keystone/commit/1d146f5c32e58a73a677d308370f147a3271c2cb",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/keystone/commit/1d146f5c32e58a73a677d308370f147a3271c2cb"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=861179",
"url": "http://secunia.com/advisories/50665",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=861179"
"name": "http://secunia.com/advisories/50665"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/09/28/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/09/28/5"
},
{
"url": "http://www.securityfocus.com/bid/55716",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55716"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1378",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1378"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-4456",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-4456"
},
{
"url": "https://bugs.launchpad.net/keystone/+bug/1006815",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/keystone/+bug/1006815"
},
{
"url": "https://bugs.launchpad.net/keystone/+bug/1006822",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/keystone/+bug/1006822"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=861179",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=861179"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78944",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78944"
},
{
"url": "https://github.com/openstack/keystone/commit/14b136aed9d988f5a8f3e699bd4577c9b874d6c1",
"refsource": "MISC",
"name": "https://github.com/openstack/keystone/commit/14b136aed9d988f5a8f3e699bd4577c9b874d6c1"
},
{
"url": "https://github.com/openstack/keystone/commit/1d146f5c32e58a73a677d308370f147a3271c2cb",
"refsource": "MISC",
"name": "https://github.com/openstack/keystone/commit/1d146f5c32e58a73a677d308370f147a3271c2cb"
},
{
"url": "https://github.com/openstack/keystone/commit/24df3adb3f50cbb5ada411bc67aba8a781e6a431",
"refsource": "MISC",
"name": "https://github.com/openstack/keystone/commit/24df3adb3f50cbb5ada411bc67aba8a781e6a431"
},
{
"url": "https://github.com/openstack/keystone/commit/868054992faa45d6f42d822bf1588cb88d7c9ccb",
"refsource": "MISC",
"name": "https://github.com/openstack/keystone/commit/868054992faa45d6f42d822bf1588cb88d7c9ccb"
},
{
"url": "https://lists.launchpad.net/openstack/msg17034.html",
"refsource": "MISC",
"name": "https://lists.launchpad.net/openstack/msg17034.html"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

109
2012/4xxx/CVE-2012-4512.json
View File

@ -1,17 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4512",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to \"type confusion.\""
"value": "A heap-based buffer overflow flaw was found in the way the CSS parser of the Document Object Model's (DOM) implementation of KDE libraries performed processing of a location of a particular font face source. A remote attacker with privileges could provide a specially-crafted web page that, when opened in an application linked against KDE libraries, would lead to the application crashing or potential execution of arbitrary code."
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Other"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
@ -31,15 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "KDE",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Konqueror",
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "4.7.3"
"version_value": "6:4.3.4-14.el6_3.2",
"version_affected": "!"
}
]
}
@ -53,59 +55,104 @@
"references": {
"reference_data": [
{
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html",
"refsource": "MISC",
"name": "http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc",
"url": "http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc"
"name": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html"
},
{
"url": "http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html",
"refsource": "MISC",
"name": "http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html",
"url": "http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html"
"name": "http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html"
},
{
"url": "http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=a872c8a969a8bd3706253d6ba24088e4f07f3352",
"refsource": "MISC",
"name": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html"
"name": "http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=a872c8a969a8bd3706253d6ba24088e4f07f3352"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2012-1416.html",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/10/11/11",
"url": "http://www.openwall.com/lists/oss-security/2012/10/11/11"
"name": "http://rhn.redhat.com/errata/RHSA-2012-1416.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2012-1418.html",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/10/30/6",
"url": "http://www.openwall.com/lists/oss-security/2012/10/30/6"
"name": "http://rhn.redhat.com/errata/RHSA-2012-1418.html"
},
{
"url": "http://secunia.com/advisories/51097",
"refsource": "MISC",
"name": "http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=a872c8a969a8bd3706253d6ba24088e4f07f3352",
"url": "http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=a872c8a969a8bd3706253d6ba24088e4f07f3352"
"name": "http://secunia.com/advisories/51097"
},
{
"url": "http://secunia.com/advisories/51145",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1416.html",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1416.html"
"name": "http://secunia.com/advisories/51145"
},
{
"url": "http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1418.html",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1418.html"
"name": "http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/10/11/11",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1027709",
"url": "http://www.securitytracker.com/id?1027709"
"name": "http://www.openwall.com/lists/oss-security/2012/10/11/11"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/10/30/6",
"refsource": "MISC",
"name": "http://secunia.com/advisories/51097",
"url": "http://secunia.com/advisories/51097"
"name": "http://www.openwall.com/lists/oss-security/2012/10/30/6"
},
{
"url": "http://www.securitytracker.com/id?1027709",
"refsource": "MISC",
"name": "http://secunia.com/advisories/51145",
"url": "http://secunia.com/advisories/51145"
"name": "http://www.securitytracker.com/id?1027709"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1416",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1416"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1418",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1418"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-4512",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-4512"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=865779",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=865779"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

101
2015/5xxx/CVE-2015-5222.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5222",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors."
"value": "An improper permission check issue was discovered in the server admission control component in OpenShift. A user with build permissions could use this flaw to execute arbitrary shell commands on a build pod with the privileges of the root user."
}
]
},
@ -44,18 +21,78 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Enterprise 3.0",
"version": {
"version_data": [
{
"version_value": "0:3.0.1.0-1.git.527.f8d5fed.el7ose",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1650",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2015:1650"
"url": "https://access.redhat.com/errata/RHSA-2015:1650",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1650"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5222",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5222"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255120",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1255120"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
}

185
2015/5xxx/CVE-2015-5233.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5233",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs."
"value": "A flaw was discovered where Satellite failed to properly enforce permissions on the show and delete actions for reports. An authenticated user with show or delete report permissions could use this flaw to view or delete any reports held in Foreman."
}
]
},
@ -44,28 +21,160 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 6.1",
"version": {
"version_data": [
{
"version_value": "0:1.7.2.49-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.5-3",
"version_affected": "!"
},
{
"version_value": "0:1.7.2.7-1.el6",
"version_affected": "!"
},
{
"version_value": "0:2.6.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.2.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.3.22-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.4-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.30-7.el7",
"version_affected": "!"
},
{
"version_value": "0:0.4-11.el7",
"version_affected": "!"
},
{
"version_value": "0:0.9-11.el6",
"version_affected": "!"
},
{
"version_value": "0:4.0.2.14-1.el6_6sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.0.23-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.2.4-1.el6_6sat",
"version_affected": "!"
},
{
"version_value": "0:2.2.0.77-1.el6_6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-1.el6_6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.3.10-1.el6",
"version_affected": "!"
},
{
"version_value": "0:0.9.6-1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.3-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.5-3.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://projects.theforeman.org/issues/11579",
"refsource": "CONFIRM",
"url": "http://projects.theforeman.org/issues/11579"
"url": "http://projects.theforeman.org/issues/11579",
"refsource": "MISC",
"name": "http://projects.theforeman.org/issues/11579"
},
{
"name": "RHSA-2015:2622",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2015:2622"
"url": "http://theforeman.org/security.html#CVE-2015-5233:reportsshow/destroynotrestrictedbyhostauthorization",
"refsource": "MISC",
"name": "http://theforeman.org/security.html#CVE-2015-5233:reportsshow/destroynotrestrictedbyhostauthorization"
},
{
"name": "http://theforeman.org/security.html#CVE-2015-5233:reportsshow/destroynotrestrictedbyhostauthorization",
"refsource": "CONFIRM",
"url": "http://theforeman.org/security.html#CVE-2015-5233:reportsshow/destroynotrestrictedbyhostauthorization"
"url": "https://access.redhat.com/errata/RHSA-2015:2622",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2622"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5233",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5233"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1262443",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1262443"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
"version": "2.0"
}
]
}

158
2015/5xxx/CVE-2015-5240.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5240",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied."
"value": "A race-condition flaw leading to ACL bypass was discovered in OpenStack Networking (neutron). An authenticated user could change the owner of a port after it was created but before firewall rules were applied, thus preventing firewall control checks from occurring. All OpenStack Networking deployments that used either the ML2 plug-in or a plug-in that relied on the security groups AMQP API were affected."
}
]
},
@ -44,38 +21,131 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
"cweId": "CWE-362"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2014.1.5-4.el6ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2014.1.5-4.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2014.2.3-19.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2015.1.1-7.el7ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1909",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1909.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1909.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1909.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1258458",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1258458"
"url": "http://www.openwall.com/lists/oss-security/2015/09/08/9",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/09/08/9"
},
{
"name": "https://security.openstack.org/ossa/OSSA-2015-018.html",
"refsource": "CONFIRM",
"url": "https://security.openstack.org/ossa/OSSA-2015-018.html"
"url": "https://access.redhat.com/errata/RHSA-2015:1909",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1909"
},
{
"name": "https://bugs.launchpad.net/neutron/+bug/1489111",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/neutron/+bug/1489111"
"url": "https://access.redhat.com/security/cve/CVE-2015-5240",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5240"
},
{
"name": "[oss-security] 20151008 [OSSA 2015-018] Neutron firewall rules bypass through port update (CVE-2015-5240)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/08/9"
"url": "https://bugs.launchpad.net/neutron/+bug/1489111",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/neutron/+bug/1489111"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1258458",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1258458"
},
{
"url": "https://security.openstack.org/ossa/OSSA-2015-018.html",
"refsource": "MISC",
"name": "https://security.openstack.org/ossa/OSSA-2015-018.html"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:P",
"version": "2.0"
}
]
}

422
2015/5xxx/CVE-2015-5245.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5245",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name."
"value": "A feature in Ceph Object Gateway (RGW) allows to return a specific HTTP header that contains the name of a bucket that was accessed. It was found that the returned HTTP headers were not sanitized. An unauthenticated attacker could use this flaw to craft HTTP headers in responses that would confuse the load balancer residing in front of RGW, potentially resulting in a denial of service."
}
]
},
@ -44,28 +21,397 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Ceph Storage 1.3 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.2.4-3.el7cp",
"version_affected": "!"
},
{
"version_value": "0:1.3-11.el7cp",
"version_affected": "!"
},
{
"version_value": "1:0.94.3-3.el7cp",
"version_affected": "!"
},
{
"version_value": "0:1.5.27.3-1.el7cp",
"version_affected": "!"
},
{
"version_value": "0:0.1.1-1.el7cp",
"version_affected": "!"
},
{
"version_value": "1:1.7.6-2.1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.7.2.33-1.el7sat",
"version_affected": "!"
},
{
"version_value": "1:1.7.5-2.el7cp",
"version_affected": "!"
},
{
"version_value": "0:1.7.2.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.7.2.13-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.1-2.el7",
"version_affected": "!"
},
{
"version_value": "0:20130517-7.1fm.gitc4bce43.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.1-1.el7cp",
"version_affected": "!"
},
{
"version_value": "0:3.6.2-4.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.2.3-1.el7cp",
"version_affected": "!"
},
{
"version_value": "0:0.1.0-1.el7cp",
"version_affected": "!"
},
{
"version_value": "0:1.6.18-5.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.2.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0-5.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0-8.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.0-6.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.0-4.el7",
"version_affected": "!"
},
{
"version_value": "0:0.8.0-13.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.4.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:4.0.2.13-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:4.0.10.1-1.el7",
"version_affected": "!"
},
{
"version_value": "0:0.10.0-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.8-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.2.7-5.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.2-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.8.2-4.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.1-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.4.7-8.el7sat",
"version_affected": "!"
},
{
"version_value": "0:4.0.18-19.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.12.2-10.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.7-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.9.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.6.7-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.1-9.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.1.1-15.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.2.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.7.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.3-1.el7",
"version_affected": "!"
},
{
"version_value": "0:4.1.3-7.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.10.1-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.1.3-6.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.2.0-1.3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.2-10.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.2-6.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.0-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.4.3-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.11-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-12.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.0-7.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.6.2-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.4.0-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.1.2-4.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.5-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.6.21-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.6.5.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.4.4-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.1.3-17.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.8.1-26.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.19-7.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.11-8.el7sat",
"version_affected": "!"
},
{
"version_value": "1:1.4.1-13.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.5.0-7.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.9.2.2-41.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.2-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.10.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "1:1.3.6-27.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.3-18.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.6.5-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.4.1-21.el7",
"version_affected": "!"
},
{
"version_value": "0:0.7.9-2.el7rhgs",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://tracker.ceph.com/issues/12537",
"refsource": "CONFIRM",
"url": "http://tracker.ceph.com/issues/12537"
"url": "http://lists.ceph.com/pipermail/ceph-announce-ceph.com/2015-October/000034.html",
"refsource": "MISC",
"name": "http://lists.ceph.com/pipermail/ceph-announce-ceph.com/2015-October/000034.html"
},
{
"name": "RHSA-2015:2512",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2015:2512"
"url": "http://tracker.ceph.com/issues/12537",
"refsource": "MISC",
"name": "http://tracker.ceph.com/issues/12537"
},
{
"name": "[Ceph-announce] 20151019 v0.94.4 Hammer released",
"refsource": "MLIST",
"url": "http://lists.ceph.com/pipermail/ceph-announce-ceph.com/2015-October/000034.html"
"url": "https://access.redhat.com/errata/RHSA-2015:2066",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2066"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2512",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2512"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5245",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5245"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1261606",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1261606"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
}
]
}

108
2015/5xxx/CVE-2015-5250.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5250",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data."
"value": "It was found that improper error handling in the API server could cause the master process to crash. A user with network access to the master could use this flaw to crash the master process."
}
]
},
@ -44,28 +21,83 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Enterprise 3.0",
"version": {
"version_data": [
{
"version_value": "0:3.0.1.0-1.git.529.dcab62c.el7ose",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/openshift/origin/issues/4374",
"refsource": "CONFIRM",
"url": "https://github.com/openshift/origin/issues/4374"
"url": "https://access.redhat.com/errata/RHSA-2015:1736",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1736"
},
{
"name": "RHSA-2015:1736",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2015:1736"
"url": "https://access.redhat.com/security/cve/CVE-2015-5250",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5250"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1259867",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1259867"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1259867",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1259867"
},
{
"url": "https://github.com/openshift/origin/issues/4374",
"refsource": "MISC",
"name": "https://github.com/openshift/origin/issues/4374"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
]
}

151
2015/5xxx/CVE-2015-5251.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5251",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*."
"value": "A flaw was discovered in the OpenStack Image service (glance) where a tenant could manipulate the status of their images by submitting an HTTP PUT request together with an 'x-image-meta-status' header. A malicious tenant could exploit this flaw to reactivate disabled images, bypass storage quotas, and in some cases replace image contents (where they have owner access). Setups using the Image service's v1 API could allow the illegal modification of image status. Additionally, setups which also use the v2 API could allow a subsequent re-upload of image contents."
}
]
},
@ -44,28 +21,126 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2014.1.5-3.el6ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2014.1.5-3.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2014.2.3-3.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2015.1.1-3.el7ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://security.openstack.org/ossa/OSSA-2015-019.html",
"refsource": "CONFIRM",
"url": "https://security.openstack.org/ossa/OSSA-2015-019.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1897.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1897.html"
},
{
"name": "https://bugs.launchpad.net/bugs/1482371",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/bugs/1482371"
"url": "https://access.redhat.com/errata/RHSA-2015:1897",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1897"
},
{
"name": "RHSA-2015:1897",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1897.html"
"url": "https://access.redhat.com/security/cve/CVE-2015-5251",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5251"
},
{
"url": "https://bugs.launchpad.net/bugs/1482371",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/bugs/1482371"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1263511",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1263511"
},
{
"url": "https://security.openstack.org/ossa/OSSA-2015-019.html",
"refsource": "MISC",
"name": "https://security.openstack.org/ossa/OSSA-2015-019.html"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
}

171
2015/5xxx/CVE-2015-5260.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5260",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter."
"value": "A heap-based buffer overflow flaw was found in the way spice handled certain QXL commands related to the \"surface_id\" parameter. A user in a guest could use this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process."
}
]
},
@ -44,63 +21,139 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:0.12.4-12.el6_7.3",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:0.12.4-9.el7_1.3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1890",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1890.html"
"url": "http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html",
"refsource": "MISC",
"name": "http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html"
},
{
"name": "GLSA-201606-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-05"
"url": "http://www.securitytracker.com/id/1033753",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1033753"
},
{
"name": "USN-2766-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2766-1"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "[Spice-devel] 20151006 Announcing spice 0.12.6",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1889.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1889.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1890.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1890.html"
},
{
"name": "RHSA-2015:1889",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1889.html"
"url": "http://www.debian.org/security/2015/dsa-3371",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3371"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1260822",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260822"
"url": "http://www.securityfocus.com/bid/77019",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/77019"
},
{
"name": "DSA-3371",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3371"
"url": "http://www.ubuntu.com/usn/USN-2766-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2766-1"
},
{
"name": "1033753",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033753"
"url": "https://access.redhat.com/errata/RHSA-2015:1889",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1889"
},
{
"name": "77019",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77019"
"url": "https://access.redhat.com/errata/RHSA-2015:1890",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1890"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5260",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5260"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260822",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1260822"
},
{
"url": "https://security.gentoo.org/glsa/201606-05",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201606-05"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
]
}

166
2015/5xxx/CVE-2015-5271.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5271",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors."
"value": "A flaw was discovered in the pipeline ordering of OpenStack Object Storage's staticweb middleware in the swiftproxy configuration generated from the openstack-tripleo-heat-templates package (OpenStack director). The staticweb middleware was incorrectly configured before the Identity Service, and under some conditions an attacker could use this flaw to gain unauthenticated access to private data."
}
]
},
@ -44,33 +21,140 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform director 7.0 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:0.1.1-6.el7ost",
"version_affected": "!"
},
{
"version_value": "0:2.1.2-29.el7ost",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-6.el7ost",
"version_affected": "!"
},
{
"version_value": "0:0.0.1.dev6-3.git49b57eb.el7ost",
"version_affected": "!"
},
{
"version_value": "0:0.8.6-71.el7ost",
"version_affected": "!"
},
{
"version_value": "0:0.9.6-10.el7ost",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-5.el7ost",
"version_affected": "!"
},
{
"version_value": "0:0.4.18-4.el7ost",
"version_affected": "!"
},
{
"version_value": "0:0.4.0-3.el7ost",
"version_affected": "!"
},
{
"version_value": "0:0.2.8-7.el7ost",
"version_affected": "!"
},
{
"version_value": "0:0.1.4-4.el7ost",
"version_affected": "!"
},
{
"version_value": "0:0.14-7.el7ost",
"version_affected": "!"
},
{
"version_value": "0:2.1.0-4.el7ost",
"version_affected": "!"
},
{
"version_value": "0:0.0.10-8.el7ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1862",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2015:1862"
"url": "https://access.redhat.com/errata/RHSA-2015:1862",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1862"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1261697",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1261697"
"url": "https://access.redhat.com/security/cve/CVE-2015-5271",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5271"
},
{
"name": "https://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch",
"refsource": "CONFIRM",
"url": "https://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch"
"url": "https://bugs.launchpad.net/tripleo/+bug/1494896",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/tripleo/+bug/1494896"
},
{
"name": "https://bugs.launchpad.net/tripleo/+bug/1494896",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/tripleo/+bug/1494896"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1261697",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1261697"
},
{
"url": "https://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch",
"refsource": "MISC",
"name": "https://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
]
}

141
2015/5xxx/CVE-2015-5273.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5273",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp."
"value": "It was found that the ABRT debug information installer (abrt-action-install-debuginfo-to-abrt-cache) did not use temporary directories in a secure way. A local attacker could use the flaw to create symbolic links and files at arbitrary locations as the abrt user."
}
]
},
@ -44,48 +21,112 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Insecure Temporary File",
"cweId": "CWE-377"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.1.11-35.el7",
"version_affected": "!"
},
{
"version_value": "0:2.1.11-31.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:2505",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2505.html"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "[oss-security] 20151201 CVE-2015-5273 + CVE-2015-5287, abrt local root in Centos/Fedora/RHEL",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/01/1"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172809.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172809.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2505.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2505.html"
},
{
"name": "78113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78113"
"url": "http://www.openwall.com/lists/oss-security/2015/12/01/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/12/01/1"
},
{
"name": "https://github.com/abrt/abrt/commit/50ee8130fb4cd4ef1af7682a2c85dd99cb99424e",
"refsource": "CONFIRM",
"url": "https://github.com/abrt/abrt/commit/50ee8130fb4cd4ef1af7682a2c85dd99cb99424e"
"url": "http://www.securityfocus.com/bid/78113",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/78113"
},
{
"name": "FEDORA-2015-79c1758468",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172809.html"
"url": "https://access.redhat.com/errata/RHSA-2015:2505",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2505"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1262252",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1262252"
"url": "https://access.redhat.com/security/cve/CVE-2015-5273",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5273"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1262252",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1262252"
},
{
"url": "https://github.com/abrt/abrt/commit/50ee8130fb4cd4ef1af7682a2c85dd99cb99424e",
"refsource": "MISC",
"name": "https://github.com/abrt/abrt/commit/50ee8130fb4cd4ef1af7682a2c85dd99cb99424e"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

106
2015/5xxx/CVE-2015-5274.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5274",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker."
"value": "A command injection flaw was found in the OpenShift Origin Management Console. A remote, authenticated user permitted to send requests to the Broker could use this flaw to execute arbitrary commands with elevated privileges on the Red Hat OpenShift server."
}
]
},
@ -44,18 +21,83 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Enterprise 2.2",
"version": {
"version_data": [
{
"version_value": "0:1.34.1.3-1.el6op",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1808",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1808.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1808.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1808.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1808",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1808"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5274",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5274"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1262518",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1262518"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
}

235
2015/5xxx/CVE-2015-5277.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5277",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database."
"value": "It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents). A local attacker could potentially use this flaw to execute arbitrary code on the system."
}
]
},
@ -44,78 +21,154 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.17-106.el7_2.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.1 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.17-79.ael7b_1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-2985-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2985-2"
},
{
"name": "RHSA-2015:2172",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2172.html"
},
{
"name": "GLSA-201702-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-11"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "1034196",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034196"
},
{
"name": "[libc-alpha] 20140909 The GNU C Library version 2.20 is now available",
"refsource": "MLIST",
"url": "https://sourceware.org/ml/libc-alpha/2014-09/msg00088.html"
},
{
"name": "78092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78092"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=17079",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17079"
},
{
"name": "USN-2985-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2985-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1262914",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1262914"
},
{
"refsource": "FULLDISC",
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"url": "http://seclists.org/fulldisclosure/2019/Sep/7"
},
{
"refsource": "BUGTRAQ",
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"url": "https://seclists.org/bugtraq/2019/Sep/7"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html",
"url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-2172.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2172.html"
},
{
"url": "http://seclists.org/fulldisclosure/2019/Sep/7",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2019/Sep/7"
},
{
"url": "http://www.securityfocus.com/bid/78092",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/78092"
},
{
"url": "http://www.securitytracker.com/id/1034196",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1034196"
},
{
"url": "http://www.ubuntu.com/usn/USN-2985-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2985-1"
},
{
"url": "http://www.ubuntu.com/usn/USN-2985-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2985-2"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2172",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2172"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2589",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2589"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5277",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5277"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1262914",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1262914"
},
{
"url": "https://seclists.org/bugtraq/2019/Sep/7",
"refsource": "MISC",
"name": "https://seclists.org/bugtraq/2019/Sep/7"
},
{
"url": "https://security.gentoo.org/glsa/201702-11",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201702-11"
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17079",
"refsource": "MISC",
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=17079"
},
{
"url": "https://sourceware.org/ml/libc-alpha/2014-09/msg00088.html",
"refsource": "MISC",
"name": "https://sourceware.org/ml/libc-alpha/2014-09/msg00088.html"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.7,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

331
2015/5xxx/CVE-2015-5279.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5279",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets."
"value": "A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host."
}
]
},
@ -44,103 +21,225 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:83-274.el5_11",
"version_affected": "!"
},
{
"version_value": "0:3.0.3-147.el5_11",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.479.el6_7.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.479.el6_7.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.479.el6_7.2",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "DSA-3361",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3361"
},
{
"name": "FEDORA-2015-16369",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html"
},
{
"name": "FEDORA-2015-16370",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html"
},
{
"name": "[oss-security] 20150915 CVE-2015-5279 Qemu: net: add checks to validate ring buffer pointers",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/15/3"
},
{
"name": "[Qemu-devel] 20150915 [PULL 2/3] net: add checks to validate ring buffer pointers",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03984.html"
},
{
"name": "RHSA-2015:1896",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1896.html"
},
{
"name": "SUSE-SU-2015:1782",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=7aa2bcad0ca837dd6d4bf4fa38a80314b4a6b755",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=7aa2bcad0ca837dd6d4bf4fa38a80314b4a6b755"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "FEDORA-2015-16368",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html"
},
{
"name": "RHSA-2015:1924",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1924.html"
},
{
"name": "76746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76746"
},
{
"name": "DSA-3362",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3362"
},
{
"name": "1033569",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033569"
},
{
"name": "RHSA-2015:1923",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1923.html"
},
{
"name": "RHSA-2015:1925",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1925.html"
},
{
"name": "GLSA-201602-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"url": "https://security.gentoo.org/glsa/201602-01",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201602-01"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html"
},
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14",
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
},
{
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7aa2bcad0ca837dd6d4bf4fa38a80314b4a6b755",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7aa2bcad0ca837dd6d4bf4fa38a80314b4a6b755"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1896.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1896.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1923.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1923.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1924.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1924.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1925.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1925.html"
},
{
"url": "http://www.debian.org/security/2015/dsa-3361",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3361"
},
{
"url": "http://www.debian.org/security/2015/dsa-3362",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3362"
},
{
"url": "http://www.openwall.com/lists/oss-security/2015/09/15/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/09/15/3"
},
{
"url": "http://www.securityfocus.com/bid/76746",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/76746"
},
{
"url": "http://www.securitytracker.com/id/1033569",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1033569"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1896",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1896"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1923",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1923"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1924",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1924"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1925",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1925"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2065",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2065"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5279",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5279"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1256672",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1256672"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03984.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03984.html"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
]
}

163
2015/5xxx/CVE-2015-5302.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5302",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1) backtrace, (2) cmdline, (3) environ, (4) open_fds, (5) maps, (6) smaps, (7) hostname, (8) remote, (9) ks.cfg, or (10) anaconda-tb file attachment included in a Red Hat Bugzilla bug report."
"value": "It was found that ABRT may have exposed non-public information to Red Hat Bugzilla during crash reporting. A bug in the libreport library caused changes made by a user in files included in a crash report to be discarded. As a result, Red Hat Bugzilla attachments may contain data that was not intended to be made public, including host names, IP addresses, or command line options."
}
]
},
@ -44,48 +21,134 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Insertion of Sensitive Information Into Sent Data",
"cweId": "CWE-201"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.0.9-25.el6_7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.1.11-35.el7",
"version_affected": "!"
},
{
"version_value": "0:2.1.11-31.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:2505",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2505.html"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "77685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77685"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2505.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2505.html"
},
{
"name": "FEDORA-2015-6542ab6d3a",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172695.html"
"url": "https://access.redhat.com/errata/RHSA-2015:2505",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2505"
},
{
"name": "RHSA-2015:2504",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2504.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172695.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172695.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2504.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2504.html"
},
{
"name": "https://github.com/abrt/libreport/commit/257578a23d1537a2d235aaa2b1488ee4f818e360",
"refsource": "CONFIRM",
"url": "https://github.com/abrt/libreport/commit/257578a23d1537a2d235aaa2b1488ee4f818e360"
"url": "http://www.securityfocus.com/bid/77685",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/77685"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1270903",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1270903"
"url": "https://access.redhat.com/errata/RHSA-2015:2504",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2504"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5302",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5302"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1270903",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1270903"
},
{
"url": "https://github.com/abrt/libreport/commit/257578a23d1537a2d235aaa2b1488ee4f818e360",
"refsource": "MISC",
"name": "https://github.com/abrt/libreport/commit/257578a23d1537a2d235aaa2b1488ee4f818e360"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Bastien Nocera (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
]
}

130
2015/5xxx/CVE-2015-5306.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5306",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error."
"value": "It was discovered that enabling debug mode in openstack-ironic-discoverd also enabled debug mode in the underlying Flask framework. If errors were encountered while Flask was in debug mode, a user experiencing an error might be able to access the debug console (effectively, a command shell)."
}
]
},
@ -44,33 +21,104 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Exposed Dangerous Method or Function",
"cweId": "CWE-749"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:0.2.5-2.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform director 7.0 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:1.1.0-8.el7ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1929",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2015:1929"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2685.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2685.html"
},
{
"name": "RHSA-2015:2685",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2685.html"
"url": "https://access.redhat.com/errata/RHSA-2015:1929",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1929"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1273698",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273698"
"url": "https://access.redhat.com/errata/RHSA-2015:2685",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2685"
},
{
"name": "https://bugs.launchpad.net/ironic-inspector/+bug/1506419",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ironic-inspector/+bug/1506419"
"url": "https://access.redhat.com/security/cve/CVE-2015-5306",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5306"
},
{
"url": "https://bugs.launchpad.net/ironic-inspector/+bug/1506419",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/ironic-inspector/+bug/1506419"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273698",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1273698"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
}

419
2015/5xxx/CVE-2015-5307.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5307",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c."
"value": "It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #AC (alignment check exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel."
}
]
},
@ -44,203 +21,359 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Loop with Unreachable Exit Condition ('Infinite Loop')",
"cweId": "CWE-835"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-573.12.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-220.65.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.4 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-358.69.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-431.68.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.6 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-504.40.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-327.3.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.1 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-229.24.2.ael7b",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:2636",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2636.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "FEDORA-2015-f150b2a8c8",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "SUSE-SU-2015:2350",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html"
"url": "https://kb.juniper.net/JSA10783",
"refsource": "MISC",
"name": "https://kb.juniper.net/JSA10783"
},
{
"name": "https://kb.juniper.net/JSA10783",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10783"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "DSA-3454",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3454"
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "[oss-security] 20151110 Re: CVE-2015-5307 kernel: kvm: guest to host DoS by triggering an infinite loop in microcode via #AC exception",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/11/10/6"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html"
},
{
"name": "RHSA-2015:2645",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2645.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html"
},
{
"name": "USN-2802-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2802-1"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html"
},
{
"name": "openSUSE-SU-2015:2250",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a20552e1eae07aa240fa370a0293e006b5faed",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a20552e1eae07aa240fa370a0293e006b5faed"
},
{
"name": "USN-2806-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2806-1"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html"
},
{
"name": "SUSE-SU-2015:2194",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a20552e1eae07aa240fa370a0293e006b5faed",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a20552e1eae07aa240fa370a0293e006b5faed"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html"
},
{
"name": "openSUSE-SU-2015:2232",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html"
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html"
},
{
"name": "USN-2805-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2805-1"
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-156.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-156.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2636.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2636.html"
},
{
"name": "SUSE-SU-2016:0354",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2645.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2645.html"
},
{
"name": "FEDORA-2015-668d213dc3",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-0046.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0046.html"
},
{
"name": "USN-2807-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2807-1"
"url": "http://support.citrix.com/article/CTX202583",
"refsource": "MISC",
"name": "http://support.citrix.com/article/CTX202583"
},
{
"name": "SUSE-SU-2015:2339",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html"
"url": "http://www.debian.org/security/2015/dsa-3396",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3396"
},
{
"name": "SUSE-SU-2015:2108",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html"
"url": "http://www.debian.org/security/2015/dsa-3414",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3414"
},
{
"name": "USN-2801-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2801-1"
"url": "http://www.debian.org/security/2016/dsa-3454",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3454"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"url": "http://www.openwall.com/lists/oss-security/2015/11/10/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/11/10/6"
},
{
"name": "FEDORA-2015-394835a3f6",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html"
"url": "http://www.securityfocus.com/bid/77528",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/77528"
},
{
"name": "DSA-3414",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3414"
"url": "http://www.securitytracker.com/id/1034105",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1034105"
},
{
"name": "http://support.citrix.com/article/CTX202583",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX202583"
"url": "http://www.ubuntu.com/usn/USN-2800-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2800-1"
},
{
"name": "USN-2800-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2800-1"
"url": "http://www.ubuntu.com/usn/USN-2801-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2801-1"
},
{
"name": "1034105",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034105"
"url": "http://www.ubuntu.com/usn/USN-2802-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2802-1"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
"url": "http://www.ubuntu.com/usn/USN-2803-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2803-1"
},
{
"name": "USN-2804-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2804-1"
"url": "http://www.ubuntu.com/usn/USN-2804-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2804-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1277172",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277172"
"url": "http://www.ubuntu.com/usn/USN-2805-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2805-1"
},
{
"name": "RHSA-2016:0046",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0046.html"
"url": "http://www.ubuntu.com/usn/USN-2806-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2806-1"
},
{
"name": "DSA-3396",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3396"
"url": "http://www.ubuntu.com/usn/USN-2807-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2807-1"
},
{
"name": "77528",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77528"
"url": "http://xenbits.xen.org/xsa/advisory-156.html",
"refsource": "MISC",
"name": "http://xenbits.xen.org/xsa/advisory-156.html"
},
{
"name": "USN-2803-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2803-1"
"url": "https://access.redhat.com/errata/RHSA-2015:2552",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2552"
},
{
"name": "https://github.com/torvalds/linux/commit/54a20552e1eae07aa240fa370a0293e006b5faed",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/54a20552e1eae07aa240fa370a0293e006b5faed"
"url": "https://access.redhat.com/errata/RHSA-2015:2587",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2587"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2636",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2636"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2645",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2645"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0004",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0004"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0024",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0024"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0046",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0046"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5307",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5307"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277172",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1277172"
},
{
"url": "https://github.com/torvalds/linux/commit/54a20552e1eae07aa240fa370a0293e006b5faed",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/54a20552e1eae07aa240fa370a0293e006b5faed"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.2,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
]
}

155
2015/7xxx/CVE-2015-7509.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7509",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015."
"value": "A flaw was found in the way the Linux kernel's ext4 file system driver handled non-journal file systems with an orphan list. An attacker with physical access to the system could use this flaw to crash the system or, although unlikely, escalate their privileges on the system."
}
]
},
@ -44,63 +21,123 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Execution with Unnecessary Privileges",
"cweId": "CWE-250"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-642.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:0855",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0855.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "SUSE-SU-2015:2350",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-0855.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0855.html"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2015-7509",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2015-7509"
"url": "https://access.redhat.com/errata/RHSA-2016:0855",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0855"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1259222",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1259222"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html"
},
{
"name": "SUSE-SU-2015:2339",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html"
},
{
"name": "1034559",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034559"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c9b92530a723ac5ef8e352885a1862b18f31b2f5",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c9b92530a723ac5ef8e352885a1862b18f31b2f5"
},
{
"name": "https://github.com/torvalds/linux/commit/c9b92530a723ac5ef8e352885a1862b18f31b2f5",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/c9b92530a723ac5ef8e352885a1862b18f31b2f5"
"url": "http://www.securitytracker.com/id/1034559",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1034559"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
"url": "https://access.redhat.com/security/cve/CVE-2015-7509",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-7509"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c9b92530a723ac5ef8e352885a1862b18f31b2f5",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c9b92530a723ac5ef8e352885a1862b18f31b2f5"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1259222",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1259222"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=956709",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=956709"
"url": "https://bugzilla.suse.com/show_bug.cgi?id=956709",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=956709"
},
{
"url": "https://github.com/torvalds/linux/commit/c9b92530a723ac5ef8e352885a1862b18f31b2f5",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/c9b92530a723ac5ef8e352885a1862b18f31b2f5"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2015-7509",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2015-7509"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
]
}

412
2015/7xxx/CVE-2015-7872.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7872",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands."
"value": "It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system."
}
]
},
@ -44,243 +21,344 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Missing Initialization of a Variable",
"cweId": "CWE-456"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-573.12.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-327.10.1.rt56.211.el7_2",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-327.10.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-327.rt56.171.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2015:2292",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "RHSA-2015:2636",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2636.html"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "RHSA-2016:0212",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0212.html"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html"
},
{
"name": "SUSE-SU-2016:0337",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html"
},
{
"name": "SUSE-SU-2015:2350",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1272172",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1272172"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html"
},
{
"name": "SUSE-SU-2016:0434",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html"
},
{
"name": "USN-2826-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2826-1"
"url": "http://rhn.redhat.com/errata/RHSA-2016-0185.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0185.html"
},
{
"name": "https://source.android.com/security/bulletin/2016-12-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-12-01.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-0212.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0212.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1272371",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1272371"
"url": "http://rhn.redhat.com/errata/RHSA-2016-0224.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0224.html"
},
{
"name": "USN-2840-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2840-1"
"url": "https://access.redhat.com/errata/RHSA-2016:0185",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0185"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068676",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068676"
"url": "https://access.redhat.com/errata/RHSA-2016:0212",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0212"
},
{
"name": "HPSBGN03565",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=145975164525836&w=2"
"url": "https://access.redhat.com/errata/RHSA-2016:0224",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0224"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html"
},
{
"name": "USN-2843-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2843-1"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2636.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2636.html"
},
{
"name": "SUSE-SU-2015:2194",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html"
"url": "http://www.debian.org/security/2015/dsa-3396",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3396"
},
{
"name": "[oss-security] 20151020 Re: CVE request: crash when attempt to garbage collect an uninstantiated keyring - Linux kernel",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/20/6"
"url": "https://access.redhat.com/errata/RHSA-2015:2636",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2636"
},
{
"name": "SUSE-SU-2016:0380",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce1fad2740c648a4340f6f6c391a8a83769d2e8c",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce1fad2740c648a4340f6f6c391a8a83769d2e8c"
},
{
"name": "USN-2829-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2829-2"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61"
},
{
"name": "SUSE-SU-2016:0354",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html"
},
{
"name": "USN-2843-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2843-2"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html"
},
{
"name": "SUSE-SU-2016:0335",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html"
},
{
"name": "SUSE-SU-2015:2339",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html"
},
{
"name": "SUSE-SU-2015:2108",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html"
},
{
"name": "RHSA-2016:0185",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0185.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce1fad2740c648a4340f6f6c391a8a83769d2e8c",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce1fad2740c648a4340f6f6c391a8a83769d2e8c"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html"
},
{
"name": "USN-2840-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2840-2"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html"
},
{
"name": "https://github.com/torvalds/linux/commit/f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"
},
{
"name": "SUSE-SU-2016:0383",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html"
"url": "http://marc.info/?l=bugtraq&m=145975164525836&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=145975164525836&w=2"
},
{
"name": "USN-2829-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2829-1"
"url": "http://www.openwall.com/lists/oss-security/2015/10/20/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/10/20/6"
},
{
"name": "USN-2823-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2823-1"
"url": "http://www.securityfocus.com/bid/77544",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/77544"
},
{
"name": "SUSE-SU-2016:0386",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html"
"url": "http://www.securitytracker.com/id/1034472",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1034472"
},
{
"name": "RHSA-2016:0224",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0224.html"
"url": "http://www.ubuntu.com/usn/USN-2823-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2823-1"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
"url": "http://www.ubuntu.com/usn/USN-2824-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2824-1"
},
{
"name": "1034472",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034472"
"url": "http://www.ubuntu.com/usn/USN-2826-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2826-1"
},
{
"name": "SUSE-SU-2016:0384",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html"
"url": "http://www.ubuntu.com/usn/USN-2829-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2829-1"
},
{
"name": "USN-2843-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2843-3"
"url": "http://www.ubuntu.com/usn/USN-2829-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2829-2"
},
{
"name": "https://github.com/torvalds/linux/commit/ce1fad2740c648a4340f6f6c391a8a83769d2e8c",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/ce1fad2740c648a4340f6f6c391a8a83769d2e8c"
"url": "http://www.ubuntu.com/usn/USN-2840-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2840-1"
},
{
"name": "DSA-3396",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3396"
"url": "http://www.ubuntu.com/usn/USN-2840-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2840-2"
},
{
"name": "openSUSE-SU-2016:1008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"
"url": "http://www.ubuntu.com/usn/USN-2843-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2843-1"
},
{
"name": "SUSE-SU-2016:0387",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html"
"url": "http://www.ubuntu.com/usn/USN-2843-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2843-2"
},
{
"name": "USN-2824-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2824-1"
"url": "http://www.ubuntu.com/usn/USN-2843-3",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2843-3"
},
{
"name": "77544",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77544"
"url": "https://access.redhat.com/security/cve/CVE-2015-7872",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-7872"
},
{
"name": "SUSE-SU-2016:0381",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1272172",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1272172"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1272371",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1272371"
},
{
"url": "https://github.com/torvalds/linux/commit/ce1fad2740c648a4340f6f6c391a8a83769d2e8c",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/ce1fad2740c648a4340f6f6c391a8a83769d2e8c"
},
{
"url": "https://github.com/torvalds/linux/commit/f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068676",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068676"
},
{
"url": "https://source.android.com/security/bulletin/2016-12-01.html",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2016-12-01.html"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.2,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}