admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-12 23:01:30 +00:00
parent 7d86bc9ef2
commit 9d9a192f2e
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
74 changed files with 2383 additions and 8567 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

229
2016/0xxx/CVE-2016-0723.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0723",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,152 +27,176 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2016-0723",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-0723"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-2930-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2930-1"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "USN-2967-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2967-1"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1296253",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296253"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c17c861a357e9458001f021a7afa7aab9937439",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c17c861a357e9458001f021a7afa7aab9937439"
},
{
"name": "USN-2930-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2930-2"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html"
},
{
"name": "DSA-3503",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3503"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html"
},
{
"name": "USN-2967-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2967-2"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"
},
{
"name": "SUSE-SU-2016:1764",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c17c861a357e9458001f021a7afa7aab9937439",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c17c861a357e9458001f021a7afa7aab9937439"
"url": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "MISC",
"name": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"name": "USN-2930-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2930-3"
"url": "http://www.debian.org/security/2016/dsa-3448",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3448"
},
{
"name": "SUSE-SU-2016:1102",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"
"url": "http://www.debian.org/security/2016/dsa-3503",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3503"
},
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name": "USN-2929-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2929-1"
"url": "http://www.securityfocus.com/bid/82950",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/82950"
},
{
"name": "USN-2932-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2932-1"
"url": "http://www.securitytracker.com/id/1035695",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1035695"
},
{
"name": "82950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/82950"
"url": "http://www.ubuntu.com/usn/USN-2929-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2929-1"
},
{
"name": "FEDORA-2016-5d43766e33",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html"
"url": "http://www.ubuntu.com/usn/USN-2929-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2929-2"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
"url": "http://www.ubuntu.com/usn/USN-2930-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2930-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
"url": "http://www.ubuntu.com/usn/USN-2930-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2930-2"
},
{
"name": "1035695",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035695"
"url": "http://www.ubuntu.com/usn/USN-2930-3",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2930-3"
},
{
"name": "USN-2948-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2948-1"
"url": "http://www.ubuntu.com/usn/USN-2932-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2932-1"
},
{
"name": "DSA-3448",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3448"
"url": "http://www.ubuntu.com/usn/USN-2948-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2948-1"
},
{
"name": "openSUSE-SU-2016:1008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"
"url": "http://www.ubuntu.com/usn/USN-2948-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2948-2"
},
{
"name": "USN-2929-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2929-2"
"url": "http://www.ubuntu.com/usn/USN-2967-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2967-1"
},
{
"name": "https://github.com/torvalds/linux/commit/5c17c861a357e9458001f021a7afa7aab9937439",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/5c17c861a357e9458001f021a7afa7aab9937439"
"url": "http://www.ubuntu.com/usn/USN-2967-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2967-2"
},
{
"name": "USN-2948-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2948-2"
"url": "https://github.com/torvalds/linux/commit/5c17c861a357e9458001f021a7afa7aab9937439",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/5c17c861a357e9458001f021a7afa7aab9937439"
},
{
"name": "FEDORA-2016-2f25d12c51",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html"
"url": "https://security-tracker.debian.org/tracker/CVE-2016-0723",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2016-0723"
},
{
"name": "SUSE-SU-2016:0911",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"
"url": "https://support.f5.com/csp/article/K43650115",
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K43650115"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K43650115",
"url": "https://support.f5.com/csp/article/K43650115"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296253",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1296253"
}
]
}

199
2016/0xxx/CVE-2016-0774.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0774",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,127 +27,151 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-2967-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2967-1"
"url": "http://www.ubuntu.com/usn/USN-2968-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "http://source.android.com/security/bulletin/2016-05-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-05-01.html"
"url": "http://www.ubuntu.com/usn/USN-2968-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "SUSE-SU-2016:1038",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:1033",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html"
"url": "http://www.debian.org/security/2016/dsa-3503",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3503"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
"url": "http://www.ubuntu.com/usn/USN-2967-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2967-1"
},
{
"name": "DSA-3503",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3503"
"url": "http://www.ubuntu.com/usn/USN-2967-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2967-2"
},
{
"name": "SUSE-SU-2016:1034",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html"
"url": "http://source.android.com/security/bulletin/2016-05-01.html",
"refsource": "MISC",
"name": "http://source.android.com/security/bulletin/2016-05-01.html"
},
{
"name": "USN-2967-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2967-2"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html"
},
{
"name": "RHSA-2016:0494",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0494.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html"
},
{
"name": "USN-2968-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-1"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html"
},
{
"name": "SUSE-SU-2016:1035",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html"
},
{
"name": "SUSE-SU-2016:1031",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html"
},
{
"name": "SUSE-SU-2016:1037",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html"
},
{
"name": "SUSE-SU-2016:1045",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html"
},
{
"name": "USN-2968-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-2"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html"
},
{
"name": "SUSE-SU-2016:1032",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html"
},
{
"name": "SUSE-SU-2016:1039",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html"
},
{
"name": "RHSA-2016:0617",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0617.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2016-0774",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-0774"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html"
},
{
"name": "SUSE-SU-2016:1041",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-0494.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0494.html"
},
{
"name": "SUSE-SU-2016:1046",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-0617.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0617.html"
},
{
"name": "84126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84126"
"url": "http://www.securityfocus.com/bid/84126",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/84126"
},
{
"name": "SUSE-SU-2016:1040",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html"
"url": "https://security-tracker.debian.org/tracker/CVE-2016-0774",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2016-0774"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1303961",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303961"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303961",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1303961"
}
]
}

79
2016/0xxx/CVE-2016-0775.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0775",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,27 +27,51 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "GLSA-201612-52",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-52"
"url": "http://www.debian.org/security/2016/dsa-3499",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3499"
},
{
"name": "https://github.com/python-pillow/Pillow/commit/893a40850c2d5da41537958e40569c029a6e127b",
"refsource": "CONFIRM",
"url": "https://github.com/python-pillow/Pillow/commit/893a40850c2d5da41537958e40569c029a6e127b"
"url": "https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst",
"refsource": "MISC",
"name": "https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst"
},
{
"name": "DSA-3499",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3499"
"url": "https://security.gentoo.org/glsa/201612-52",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201612-52"
},
{
"name": "https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst",
"refsource": "CONFIRM",
"url": "https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst"
"url": "https://github.com/python-pillow/Pillow/commit/893a40850c2d5da41537958e40569c029a6e127b",
"refsource": "MISC",
"name": "https://github.com/python-pillow/Pillow/commit/893a40850c2d5da41537958e40569c029a6e127b"
}
]
}

87
2016/0xxx/CVE-2016-0793.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0793",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03784en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03784en_us"
},
{
"name": "http://packetstormsecurity.com/files/136323/Wildfly-Filter-Restriction-Bypass-Information-Disclosure.html",
"url": "http://packetstormsecurity.com/files/136323/Wildfly-Filter-Restriction-Bypass-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136323/Wildfly-Filter-Restriction-Bypass-Information-Disclosure.html"
"name": "http://packetstormsecurity.com/files/136323/Wildfly-Filter-Restriction-Bypass-Information-Disclosure.html"
},
{
"name": "39573",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39573/"
"url": "https://security.netapp.com/advisory/ntap-20180215-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20180215-0001/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1305937",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1305937"
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03784en_us",
"refsource": "MISC",
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03784en_us"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180215-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180215-0001/"
"url": "https://www.exploit-db.com/exploits/39573/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/39573/"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1305937",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1305937"
}
]
}

65
2016/0xxx/CVE-2016-0794.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple flaws were found in the Lotus Word Pro (LWP) document format parser in LibreOffice. By tricking a user into opening a specially crafted LWP document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file."
"value": "The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
"value": "n/a"
}
]
}
@ -32,28 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:0.5.1-2.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.3-1.el7",
"version_affected": "!"
},
{
"version_value": "1:5.0.6.2-3.el7",
"version_affected": "!"
},
{
"version_value": "0:0.12.1-1.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -101,21 +88,6 @@
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2899-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2579",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2579"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-0794",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-0794"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1306609",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1306609"
},
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/",
"refsource": "MISC",
@ -137,30 +109,5 @@
"name": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1222"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}
}

65
2016/0xxx/CVE-2016-0795.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple flaws were found in the Lotus Word Pro (LWP) document format parser in LibreOffice. By tricking a user into opening a specially crafted LWP document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file."
"value": "LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
"value": "n/a"
}
]
}
@ -32,28 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:0.5.1-2.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.3-1.el7",
"version_affected": "!"
},
{
"version_value": "1:5.0.6.2-3.el7",
"version_affected": "!"
},
{
"version_value": "0:0.12.1-1.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -101,21 +88,6 @@
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2899-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2579",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2579"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1306609",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1306609"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-0795",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-0795"
},
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/",
"refsource": "MISC",
@ -127,30 +99,5 @@
"name": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1223"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}
}

91
2016/10xxx/CVE-2016-10163.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-10163",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,37 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "GLSA-201707-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-06"
"url": "http://www.openwall.com/lists/oss-security/2017/01/24/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/01/24/2"
},
{
"name": "[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0",
"refsource": "MLIST",
"url": "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html"
"url": "http://www.openwall.com/lists/oss-security/2017/01/25/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/01/25/4"
},
{
"name": "[oss-security] 20170124 CVE request Virglrenderer: host memory leakage when creating decode context",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/24/2"
"url": "http://www.securityfocus.com/bid/95784",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/95784"
},
{
"name": "https://cgit.freedesktop.org/virglrenderer/commit/?id=747a293ff6055203e529f083896b823e22523fe7",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=747a293ff6055203e529f083896b823e22523fe7"
"url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=747a293ff6055203e529f083896b823e22523fe7",
"refsource": "MISC",
"name": "https://cgit.freedesktop.org/virglrenderer/commit/?id=747a293ff6055203e529f083896b823e22523fe7"
},
{
"name": "[oss-security] 20170125 Re: CVE request Virglrenderer: host memory leakage when creating decode context",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/25/4"
"url": "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html",
"refsource": "MISC",
"name": "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html"
},
{
"name": "95784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95784"
"url": "https://security.gentoo.org/glsa/201707-06",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201707-06"
}
]
}

85
2016/10xxx/CVE-2016-10214.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-10214",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "GLSA-201707-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-06"
"url": "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html",
"refsource": "MISC",
"name": "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html"
},
{
"name": "[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0",
"refsource": "MLIST",
"url": "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html"
"url": "https://security.gentoo.org/glsa/201707-06",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201707-06"
},
{
"name": "https://cgit.freedesktop.org/virglrenderer/commit/?id=40b0e7813325b08077b6f541b3989edb2d86d837",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=40b0e7813325b08077b6f541b3989edb2d86d837"
"url": "http://www.openwall.com/lists/oss-security/2017/02/09/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/02/09/5"
},
{
"name": "96181",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96181"
"url": "http://www.securityfocus.com/bid/96181",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/96181"
},
{
"name": "[oss-security] 20170208 Re: CVE request virglrenderer: host memory leak issue in virgl_resource_attach_backing",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/09/5"
"url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=40b0e7813325b08077b6f541b3989edb2d86d837",
"refsource": "MISC",
"name": "https://cgit.freedesktop.org/virglrenderer/commit/?id=40b0e7813325b08077b6f541b3989edb2d86d837"
}
]
}

176
2016/1xxx/CVE-2016-1714.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process."
"value": "The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read",
"cweId": "CWE-125"
"value": "n/a"
}
]
}
@ -32,104 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.479.el6_7.4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:1.5.3-105.el7_2.3",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.479.el6_7.4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.3.0-31.el7_2.7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.3.0-31.el7_2.7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.3.0-31.el7_2.7",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.6 For IBM Power Systems",
"version": {
"version_data": [
{
"version_value": "10:2.3.0-31.el7_2.7",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.479.el6_7.4",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-7",
"version": {
"version_data": [
{
"version_value": "10:2.3.0-31.el7_2.7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -187,26 +98,6 @@
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0088.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0084",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0084"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0086",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0086"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0087",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0087"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0088",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0088"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-0081.html",
"refsource": "MISC",
@ -252,66 +143,11 @@
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1034858"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0081",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0081"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0082",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0082"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0083",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0083"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0085",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0085"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-1714",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-1714"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296060",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1296060"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
}
}

364
2016/1xxx/CVE-2016-1905.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to gain additional access to resources such as RAM and disk space."
"value": "The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Authorization",
"cweId": "CWE-285"
"value": "n/a"
}
]
}
@ -32,327 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Enterprise 3.0",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.0.2.0-0.git.45.423f434.el7ose",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Enterprise 3.1",
"version": {
"version_data": [
{
"version_value": "0:3.1.1.6-1.git.0.b57e8bd.el7aos",
"version_affected": "!"
},
{
"version_value": "0:0.18.2-3.gitaf4752e.el7aos",
"version_affected": "!"
},
{
"version_value": "0:1.625.3-2.el7aos",
"version_affected": "!"
},
{
"version_value": "0:0.1.3-2.el7aos",
"version_affected": "!"
},
{
"version_value": "0:0.1.1-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:0.1.0-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:1.3.0-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:0.2.1-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:2.0.0-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:1.0.1-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:1.0.0-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:1.3.1-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:1.8.2-2.el7aos",
"version_affected": "!"
},
{
"version_value": "0:1.0.0-2.el7aos",
"version_affected": "!"
},
{
"version_value": "0:1.4.1-2.el7aos",
"version_affected": "!"
},
{
"version_value": "0:1.4.0-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:2.0.1-2.el7aos",
"version_affected": "!"
},
{
"version_value": "0:0.3.2-2.el7aos",
"version_affected": "!"
},
{
"version_value": "0:0.1.1-2.el7aos",
"version_affected": "!"
},
{
"version_value": "0:3.4.2-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-2.el7aos",
"version_affected": "!"
},
{
"version_value": "0:1.2.0-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:3.0.2-2.el7aos",
"version_affected": "!"
},
{
"version_value": "0:3.3.2-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:0.1.4-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:1.8.1-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:0.3.1-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:2.2.3-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:0.1.3-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:0.3.0-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:5.2.1-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:4.1.2-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-6.el7aos",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:2.0.1-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:2.1.0-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:1.0.1-2.el7aos",
"version_affected": "!"
},
{
"version_value": "0:3.0.2-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:3.2.0-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:3.0.1-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:3.1.1-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:3.1.2-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:3.9.1-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:3.0.4-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:3.0.9-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:3.6.1-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:0.1.0-2.el7aos",
"version_affected": "!"
},
{
"version_value": "0:2.3.5-2.el7aos",
"version_affected": "!"
},
{
"version_value": "0:0.5.0-2.el7aos",
"version_affected": "!"
},
{
"version_value": "0:1.8.1-2.el7aos",
"version_affected": "!"
},
{
"version_value": "0:4.0.1-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:0.4.0-5.el7aos",
"version_affected": "!"
},
{
"version_value": "0:2.3.0-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:2.2.0-2.el7aos",
"version_affected": "!"
},
{
"version_value": "0:0.0.11-2.el7aos",
"version_affected": "!"
},
{
"version_value": "0:0.2.0-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:1.1.5-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:1.1.2-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:3.0.1-3.el7aos",
"version_affected": "!"
},
{
"version_value": "0:2.0.0-2.el7aos",
"version_affected": "!"
},
{
"version_value": "0:0.4.2-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:3.0.3-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:5.1.0-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:1.1.5-3.el7aos",
"version_affected": "!"
},
{
"version_value": "0:0.3.3-2.el7aos",
"version_affected": "!"
},
{
"version_value": "0:0.2.1-2.el7aos",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-2.el7aos",
"version_affected": "!"
},
{
"version_value": "0:2.3.4-4.el7aos",
"version_affected": "!"
},
{
"version_value": "0:2.0.0-3.el7aos",
"version_affected": "!"
},
{
"version_value": "0:0.0.3-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:0.6.0-1.el7aos",
"version_affected": "!"
},
{
"version_value": "0:1.1.2-2.el7aos",
"version_affected": "!"
},
{
"version_value": "0:1.0.3-1.el7",
"version_affected": "!"
},
{
"version_value": "0:3.0.35-1.git.0.6a386dd.el7aos",
"version_affected": "!"
},
{
"version_value": "0:2.4.0-1.el7",
"version_affected": "!"
},
{
"version_value": "0:0.5.0-1.el7aos",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -370,51 +58,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0070"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0351",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0351"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-1905",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-1905"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1297910",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1297910"
},
{
"url": "https://github.com/kubernetes/kubernetes/issues/19479",
"refsource": "MISC",
"name": "https://github.com/kubernetes/kubernetes/issues/19479"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
]
}
}

91
2016/2xxx/CVE-2016-2094.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2094",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,37 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:0599",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0599.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-0595.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0595.html"
},
{
"name": "RHSA-2016:0596",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0596.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-0596.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0596.html"
},
{
"name": "RHSA-2016:0595",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0595.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-0597.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0597.html"
},
{
"name": "RHSA-2016:0598",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0598.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-0598.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0598.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1308465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308465"
"url": "http://rhn.redhat.com/errata/RHSA-2016-0599.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0599.html"
},
{
"name": "RHSA-2016:0597",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0597.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308465",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1308465"
}
]
}

48
2016/2xxx/CVE-2016-2103.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) flaws were found in the way certain form data was handled in Red Hat Satellite. A user able to enter form data could use these flaws to perform XSS attacks against other Satellite users."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to systems/PhysicalList.do or (2) unspecified vectors involving systems/VirtualSystemsList.do."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 5.7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.3.8-134.el6sat",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -59,46 +58,11 @@
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0590.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0590",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0590"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-2103",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-2103"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1305681",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1305681"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}
}

58
2016/2xxx/CVE-2016-2104.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) flaws were found in the way HTTP GET parameter data was handled in Red Hat Satellite. A user able to provide malicious links to a Satellite user could use these flaws to perform XSS attacks against other Satellite users."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 5.7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.3.8-134.el6sat",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -60,55 +59,14 @@
"name": "http://rhn.redhat.com/errata/RHSA-2016-0590.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1313515",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0590"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-2104",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-2104"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1313515"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1305677",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1305677"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1313515",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1313515"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Adam Willard (Raytheon Foreground Security) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

116
2016/2xxx/CVE-2016-2123.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2123",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "samba",
"version": {
"version_data": [
{
"version_value": "versions 4.0.0 to 4.5.2"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,55 +15,82 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
[
{
"vectorString": "7.9/AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122"
"value": "CWE-122",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "samba",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "versions 4.0.0 to 4.5.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.samba.org/samba/security/CVE-2016-2123.html",
"refsource": "CONFIRM",
"url": "https://www.samba.org/samba/security/CVE-2016-2123.html"
"url": "http://www.securityfocus.com/bid/94970",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94970"
},
{
"name": "94970",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94970"
"url": "http://www.securitytracker.com/id/1037493",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037493"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123"
},
{
"name": "1037493",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037493"
"url": "https://www.samba.org/samba/security/CVE-2016-2123.html",
"refsource": "MISC",
"name": "https://www.samba.org/samba/security/CVE-2016-2123.html"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}

83
2016/2xxx/CVE-2016-2143.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was reported that on s390x, the fork of a process with four page table levels will cause memory corruption with a variety of symptoms. All processes are created with three level page table and a limit of 4TB for the address space. If the parent process has four page table levels with a limit of 8PB, the function that duplicates the address space will try to copy memory areas outside of the address space limit for the child process."
"value": "The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
"value": "n/a"
}
]
}
@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-642.11.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-327.28.2.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -105,11 +93,6 @@
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1539.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1539",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1539"
},
{
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3446c13b268af86391d06611327006b059b8bab1",
"refsource": "MISC",
@ -125,21 +108,6 @@
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2766.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2766",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2766"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-2143",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-2143"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308908",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1308908"
},
{
"url": "https://github.com/torvalds/linux/commit/3446c13b268af86391d06611327006b059b8bab1",
"refsource": "MISC",
@ -151,44 +119,5 @@
"name": "https://security-tracker.debian.org/tracker/CVE-2016-2143"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.2,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}
}

73
2016/2xxx/CVE-2016-2145.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2145",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,22 +27,46 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[modmellon] 20160309 security update: mod_auth_mellon version 0.11.1",
"refsource": "MLIST",
"url": "https://sympa.uninett.no/lists/uninett.no/arc/modmellon/2016-03/msg00000.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179085.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179085.html"
},
{
"name": "https://github.com/UNINETT/mod_auth_mellon/pull/71",
"refsource": "CONFIRM",
"url": "https://github.com/UNINETT/mod_auth_mellon/pull/71"
"url": "https://github.com/UNINETT/mod_auth_mellon/pull/71",
"refsource": "MISC",
"name": "https://github.com/UNINETT/mod_auth_mellon/pull/71"
},
{
"name": "FEDORA-2016-5cf6959198",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179085.html"
"url": "https://sympa.uninett.no/lists/uninett.no/arc/modmellon/2016-03/msg00000.html",
"refsource": "MISC",
"name": "https://sympa.uninett.no/lists/uninett.no/arc/modmellon/2016-03/msg00000.html"
}
]
}

85
2016/2xxx/CVE-2016-2173.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2173",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-6cf17ad0df",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182959.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182551.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182551.html"
},
{
"name": "FEDORA-2016-005ac9cfd5",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182551.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182850.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182850.html"
},
{
"name": "https://pivotal.io/security/cve-2016-2173",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-2173"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182959.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182959.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1326205",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326205"
"url": "https://pivotal.io/security/cve-2016-2173",
"refsource": "MISC",
"name": "https://pivotal.io/security/cve-2016-2173"
},
{
"name": "FEDORA-2016-f099190fee",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182850.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326205",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1326205"
}
]
}

384
2016/2xxx/CVE-2016-2183.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite."
"value": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Use of a Broken or Risky Cryptographic Algorithm",
"cweId": "CWE-327"
"value": "n/a"
}
]
}
@ -32,280 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "JBoss Core Services on RHEL 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.4.23-122.jbcs.el6",
"version_affected": "!"
},
{
"version_value": "1:1.0.2h-14.jbcs.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "JBoss Core Services on RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2.4.23-122.jbcs.el7",
"version_affected": "!"
},
{
"version_value": "1:1.0.2h-14.jbcs.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5 Supplementary",
"version": {
"version_data": [
{
"version_value": "1:1.7.0.10.1-1jpp.1.el5_11",
"version_affected": "!"
},
{
"version_value": "1:1.6.0.16.41-1jpp.1.el5_11",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6 Supplementary",
"version": {
"version_data": [
{
"version_value": "1:1.7.1.4.1-1jpp.1.el6_8",
"version_affected": "!"
},
{
"version_value": "1:1.6.0.16.41-1jpp.1.el6_8",
"version_affected": "!"
},
{
"version_value": "1:1.8.0.4.1-1jpp.1.el6_8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.7.5-69.el7_5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7 Supplementary",
"version": {
"version_data": [
{
"version_value": "1:1.7.1.4.1-1jpp.2.el7",
"version_affected": "!"
},
{
"version_value": "1:1.8.0.4.1-1jpp.2.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2.2.26-57.ep6.el6",
"version_affected": "!"
},
{
"version_value": "1:1.0.2h-14.jbcs.el6",
"version_affected": "!"
},
{
"version_value": "0:1.2.13-9.Final_redhat_2.ep6.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2.2.26-58.ep6.el7",
"version_affected": "!"
},
{
"version_value": "1:1.0.2h-14.jbcs.el7",
"version_affected": "!"
},
{
"version_value": "0:1.2.13-9.Final_redhat_2.ep6.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2.2.26-57.ep6.el6",
"version_affected": "!"
},
{
"version_value": "1:1.0.2h-14.jbcs.el6",
"version_affected": "!"
},
{
"version_value": "0:1.2.13-9.Final_redhat_2.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:6.0.41-19_patch_04.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:7.0.54-28_patch_05.ep6.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2.2.26-58.ep6.el7",
"version_affected": "!"
},
{
"version_value": "1:1.0.2h-14.jbcs.el7",
"version_affected": "!"
},
{
"version_value": "0:1.2.13-9.Final_redhat_2.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:6.0.41-19_patch_04.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:7.0.54-28_patch_05.ep6.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 3.11",
"version": {
"version_data": [
{
"version_value": "v3.11.141-2",
"version_affected": "!"
},
{
"version_value": "v3.11.141-3",
"version_affected": "!"
},
{
"version_value": "v3.11.141-1",
"version_affected": "!"
},
{
"version_value": "v3.11.170-5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.1",
"version": {
"version_data": [
{
"version_value": "v4.1.18-201909201915",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.5",
"version": {
"version_data": [
{
"version_value": "v4.5.0-202009201759.p0",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.6",
"version": {
"version_data": [
{
"version_value": "v4.6.0-202101300140.p0",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.8",
"version": {
"version_data": [
{
"version_value": "v4.8.0-202107161820.p0.git.051ac4f.assembly.stream",
"version_affected": "!"
},
{
"version_value": "v4.8.0-202107011817.p0.git.29813c8.assembly.stream",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Satellite 5.6",
"version": {
"version_data": [
{
"version_value": "1:1.7.1.4.1-1jpp.1.el6_8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Satellite 5.7",
"version": {
"version_data": [
{
"version_value": "1:1.7.1.4.1-1jpp.1.el6_8",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -718,36 +453,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/articles/2548661"
},
{
"url": "https://access.redhat.com/errata/RHBA-2019:2581",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2019:2581"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1940",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1940"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0336",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0336"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0337",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0337"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0338",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0338"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0462",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0462"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:1216",
"refsource": "MISC",
@ -808,26 +513,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0451"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:3842",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:3842"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:0308",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:0308"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:2438",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:2438"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-2183",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-2183"
},
{
"url": "https://access.redhat.com/security/cve/cve-2016-2183",
"refsource": "MISC",
@ -838,11 +523,6 @@
"refsource": "MISC",
"name": "https://bto.bluecoat.com/security-advisory/sa133"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448",
"refsource": "MISC",
@ -1042,57 +722,11 @@
"url": "https://www.tenable.com/security/tns-2017-09",
"refsource": "MISC",
"name": "https://www.tenable.com/security/tns-2017-09"
}
]
},
"work_around": [
{
"lang": "en",
"value": "1.SSL/TLS configurations should prefer AES over DES. Versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7 already do so. In the version of OpenSSL shipped with Red Hat Enterprise Linux 5, 3DES is listed below the AES-256 cipher and above the AES-128 cipher, therefore AES-256 based ciphersuite should not be disabled on the server.\n2. Servers using OpenSSL, should not disable AES-128 and AES-256 ciphersuites. Versions of Apache shipped with Red Hat Enterprise Linux use the default cipher string, in which AES is preferred over DES/3DES based ciphersuites.\n\nFor JBoss Middleware, and Java mitigations, please review this knowledge base article:\n\nhttps://access.redhat.com/articles/2598471\n\nThis can be mitigated on OpenShift Container Platform (OCP) by disabling the vulnerable TLS cipher suite in the applicable component. TLS configuration options for OCP are described here:\n\nhttps://access.redhat.com/articles/5348961"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank OpenVPN for reporting this issue. Upstream acknowledges Ga\u00ebtan Leurent (Inria) and Karthikeyan Bhargavan (Inria) as the original reporters."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
}
]
}

217
2016/2xxx/CVE-2016-2184.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2184",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,142 +27,166 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-2971-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-2"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "20160310 oss-2016-17: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver)",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2016/Mar/89"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "84340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84340"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-2970-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2970-1"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1317012",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317012"
"url": "http://www.debian.org/security/2016/dsa-3607",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2969-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2969-1"
"url": "http://www.ubuntu.com/usn/USN-2968-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2968-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-1"
"url": "http://www.ubuntu.com/usn/USN-2968-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f886ca12765d20124bd06291c82951fd49a33be",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f886ca12765d20124bd06291c82951fd49a33be"
"url": "http://www.ubuntu.com/usn/USN-2969-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2971-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-3"
"url": "http://www.ubuntu.com/usn/USN-2970-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"name": "USN-2997-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2997-1"
"url": "http://www.ubuntu.com/usn/USN-2971-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "SUSE-SU-2016:1764",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
"url": "http://www.ubuntu.com/usn/USN-2971-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
"url": "http://www.ubuntu.com/usn/USN-2971-3",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2971-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-1"
"url": "http://www.ubuntu.com/usn/USN-2996-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1707",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
"url": "http://www.ubuntu.com/usn/USN-2997-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "USN-2996-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2996-1"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
},
{
"name": "SUSE-SU-2016:1019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f886ca12765d20124bd06291c82951fd49a33be",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f886ca12765d20124bd06291c82951fd49a33be"
},
{
"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1",
"refsource": "CONFIRM",
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
"url": "http://seclists.org/bugtraq/2016/Mar/102",
"refsource": "MISC",
"name": "http://seclists.org/bugtraq/2016/Mar/102"
},
{
"name": "USN-2968-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-2"
"url": "http://seclists.org/bugtraq/2016/Mar/88",
"refsource": "MISC",
"name": "http://seclists.org/bugtraq/2016/Mar/88"
},
{
"name": "https://github.com/torvalds/linux/commit/0f886ca12765d20124bd06291c82951fd49a33be",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/0f886ca12765d20124bd06291c82951fd49a33be"
"url": "http://seclists.org/bugtraq/2016/Mar/89",
"refsource": "MISC",
"name": "http://seclists.org/bugtraq/2016/Mar/89"
},
{
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
"url": "http://www.securityfocus.com/bid/84340",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/84340"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
"url": "https://github.com/torvalds/linux/commit/0f886ca12765d20124bd06291c82951fd49a33be",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/0f886ca12765d20124bd06291c82951fd49a33be"
},
{
"name": "20160310 oss-2016-16: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (snd-usb-audio driver)",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2016/Mar/88"
"url": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name": "20160314 Re: oss-2016-17: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver)",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2016/Mar/102"
"url": "https://www.exploit-db.com/exploits/39555/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/39555/"
},
{
"name": "openSUSE-SU-2016:1008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1",
"refsource": "MISC",
"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
},
{
"name": "39555",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39555/"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317012",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1317012"
}
]
}

211
2016/2xxx/CVE-2016-2185.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2185",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,137 +27,161 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-2971-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-2"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d"
},
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "84341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84341"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1283363",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283363"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1317014",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317014"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "SUSE-SU-2016:1696",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-2970-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2970-1"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1283362",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283362"
"url": "http://seclists.org/bugtraq/2016/Mar/116",
"refsource": "MISC",
"name": "http://seclists.org/bugtraq/2016/Mar/116"
},
{
"name": "20160310 oss-2016-18: Multiple Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2016/Mar/90"
"url": "http://seclists.org/bugtraq/2016/Mar/90",
"refsource": "MISC",
"name": "http://seclists.org/bugtraq/2016/Mar/90"
},
{
"name": "USN-2969-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2969-1"
"url": "http://www.debian.org/security/2016/dsa-3607",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2968-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-1"
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
},
{
"name": "USN-2971-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-3"
"url": "http://www.securityfocus.com/bid/84341",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/84341"
},
{
"name": "USN-2997-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2997-1"
"url": "http://www.ubuntu.com/usn/USN-2968-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "SUSE-SU-2016:1764",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
"url": "http://www.ubuntu.com/usn/USN-2968-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
"url": "http://www.ubuntu.com/usn/USN-2969-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2971-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-1"
"url": "http://www.ubuntu.com/usn/USN-2970-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"name": "SUSE-SU-2016:1707",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
"url": "http://www.ubuntu.com/usn/USN-2971-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "USN-2996-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2996-1"
"url": "http://www.ubuntu.com/usn/USN-2971-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
"url": "http://www.ubuntu.com/usn/USN-2971-3",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2968-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-2"
"url": "http://www.ubuntu.com/usn/USN-2996-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "openSUSE-SU-2016:1382",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
"url": "http://www.ubuntu.com/usn/USN-2997-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283362",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1283362"
},
{
"name": "https://github.com/torvalds/linux/commit/950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283363",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1283363"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
"url": "https://github.com/torvalds/linux/commit/950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d"
},
{
"name": "20160315 Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2016/Mar/116"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317014",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1317014"
}
]
}

85
2016/3xxx/CVE-2016-3093.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3093",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://struts.apache.org/docs/s2-034.html",
"refsource": "CONFIRM",
"url": "http://struts.apache.org/docs/s2-034.html"
"url": "http://struts.apache.org/docs/s2-034.html",
"refsource": "MISC",
"name": "http://struts.apache.org/docs/s2-034.html"
},
{
"name": "90961",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90961"
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854",
"refsource": "MISC",
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854"
},
{
"name": "1036018",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036018"
"url": "http://www.securityfocus.com/bid/90961",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/90961"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854"
"url": "http://www.securitytracker.com/id/1036018",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1036018"
},
{
"refsource": "MLIST",
"name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
"url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E"
"url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"
}
]
}

107
2016/3xxx/CVE-2016-3094.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3094",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,42 +27,66 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://issues.apache.org/jira/browse/QPID-7271",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/QPID-7271"
},
{
"name": "https://svn.apache.org/viewvc?view=revision&revision=1744403",
"refsource": "CONFIRM",
"url": "https://svn.apache.org/viewvc?view=revision&revision=1744403"
},
{
"name": "1035982",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035982"
},
{
"name": "http://packetstormsecurity.com/files/137215/Apache-Qpid-Java-Broker-6.0.2-Denial-Of-Service.html",
"url": "http://mail-archives.apache.org/mod_mbox/qpid-users/201605.mbox/%3C5748641A.2050701%40gmail.com%3E",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137215/Apache-Qpid-Java-Broker-6.0.2-Denial-Of-Service.html"
"name": "http://mail-archives.apache.org/mod_mbox/qpid-users/201605.mbox/%3C5748641A.2050701%40gmail.com%3E"
},
{
"name": "http://qpid.apache.org/releases/qpid-java-6.0.3/release-notes.html",
"refsource": "CONFIRM",
"url": "http://qpid.apache.org/releases/qpid-java-6.0.3/release-notes.html"
"url": "http://packetstormsecurity.com/files/137215/Apache-Qpid-Java-Broker-6.0.2-Denial-Of-Service.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/137215/Apache-Qpid-Java-Broker-6.0.2-Denial-Of-Service.html"
},
{
"name": "20160527 [CVE-2016-3094] Apache Qpid Java Broker denial of service vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538507/100/0/threaded"
"url": "http://qpid.apache.org/releases/qpid-java-6.0.3/release-notes.html",
"refsource": "MISC",
"name": "http://qpid.apache.org/releases/qpid-java-6.0.3/release-notes.html"
},
{
"name": "[qpid-users] 20160527 [CVE-2016-3094] Apache Qpid Java Broker denial of service vulnerability",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/qpid-users/201605.mbox/%3C5748641A.2050701%40gmail.com%3E"
"url": "http://www.securityfocus.com/archive/1/538507/100/0/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/538507/100/0/threaded"
},
{
"url": "http://www.securitytracker.com/id/1035982",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1035982"
},
{
"url": "https://issues.apache.org/jira/browse/QPID-7271",
"refsource": "MISC",
"name": "https://issues.apache.org/jira/browse/QPID-7271"
},
{
"url": "https://svn.apache.org/viewvc?view=revision&revision=1744403",
"refsource": "MISC",
"name": "https://svn.apache.org/viewvc?view=revision&revision=1744403"
}
]
}

85
2016/3xxx/CVE-2016-3095.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3095",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/pulp/pulp/pull/2503/commits/9f969b94c4b4f310865455d36db207de6cffebca",
"refsource": "CONFIRM",
"url": "https://github.com/pulp/pulp/pull/2503/commits/9f969b94c4b4f310865455d36db207de6cffebca"
"url": "http://www.openwall.com/lists/oss-security/2016/04/18/11",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/04/18/11"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1322706",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1322706"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182006.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182006.html"
},
{
"name": "[oss-security] 20160406 Pulp 2.8.2 release for CVE-2016-3095",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/06/3"
"url": "http://www.openwall.com/lists/oss-security/2016/04/06/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/04/06/3"
},
{
"name": "FEDORA-2016-f75bd73891",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182006.html"
"url": "https://github.com/pulp/pulp/pull/2503/commits/9f969b94c4b4f310865455d36db207de6cffebca",
"refsource": "MISC",
"name": "https://github.com/pulp/pulp/pull/2503/commits/9f969b94c4b4f310865455d36db207de6cffebca"
},
{
"name": "[oss-security] 20160418 CVE-2013-7450: Pulp < 2.3.0 distributed the same CA key to all users",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/18/11"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1322706",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1322706"
}
]
}

67
2016/6xxx/CVE-2016-6830.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-6830",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,17 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "92550",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92550"
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html",
"refsource": "MISC",
"name": "http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html"
},
{
"name": "[chicken-announce] 20160812 [SECURITY] Buffer overrun in process-execute and process-spawn",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html"
"url": "http://www.securityfocus.com/bid/92550",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92550"
}
]
}

67
2016/6xxx/CVE-2016-6831.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-6831",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,17 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "92550",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92550"
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html",
"refsource": "MISC",
"name": "http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html"
},
{
"name": "[chicken-announce] 20160812 [SECURITY] Buffer overrun in process-execute and process-spawn",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html"
"url": "http://www.securityfocus.com/bid/92550",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92550"
}
]
}

97
2016/6xxx/CVE-2016-6836.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-6836",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,42 +27,66 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "92444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92444"
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=fdda170e50b8af062cf5741e12c4fb5e57a2eacf",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=fdda170e50b8af062cf5741e12c4fb5e57a2eacf"
"url": "https://security.gentoo.org/glsa/201609-01",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "[oss-security] 20160812 CVE Request Qemu: Information leak in vmxnet3_complete_packet",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/11/5"
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fdda170e50b8af062cf5741e12c4fb5e57a2eacf",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fdda170e50b8af062cf5741e12c4fb5e57a2eacf"
},
{
"name": "[oss-security] 20160817 Re: CVE Request Qemu: Information leak in vmxnet3_complete_packet",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/5"
"url": "http://www.openwall.com/lists/oss-security/2016/08/11/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/08/11/5"
},
{
"name": "GLSA-201609-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201609-01"
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/08/18/5"
},
{
"name": "[qemu-devel] 20160811 [PATCH] net: vmxnet: initialise local tx descriptor",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html"
"url": "http://www.securityfocus.com/bid/92444",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92444"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html"
}
]
}

116
2016/8xxx/CVE-2016-8608.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8608",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BRMS",
"version": {
"version_data": [
{
"version_value": "6"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,55 +15,82 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
[
{
"vectorString": "5.5/AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
"value": "CWE-79",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "BRMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2822",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2822.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2822.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2822.html"
},
{
"name": "94568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94568"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2823.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2823.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8608",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8608"
"url": "http://www.securityfocus.com/bid/94568",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94568"
},
{
"name": "RHSA-2016:2823",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2823.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8608",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8608"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
]
}

294
2016/8xxx/CVE-2016-8610.json
View File

@ -1,45 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2016-10-24T00:00:00",
"ID": "CVE-2016-8610",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value": "All 0.9.8"
},
{
"version_value": "All 1.0.1"
},
{
"version_value": "1.0.2 through 1.0.2h"
},
{
"version_value": "1.1.0"
}
]
}
}
]
},
"vendor_name": "OpenSSL"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -54,94 +21,51 @@
"description": [
{
"lang": "eng",
"value": "CWE-400"
"value": "CWE-400",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OpenSSL",
"product": {
"product_data": [
{
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All 0.9.8"
},
{
"version_affected": "=",
"version_value": "All 1.0.1"
},
{
"version_affected": "=",
"version_value": "1.0.2 through 1.0.2h"
},
{
"version_affected": "=",
"version_value": "1.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "93841",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93841"
},
{
"name": "RHSA-2017:1659",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
},
{
"name": "RHSA-2017:1658",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1658"
},
{
"name": "RHSA-2017:1801",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1801"
},
{
"name": "RHSA-2017:0286",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
},
{
"name": "RHSA-2017:1413",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"name": "RHSA-2017:2494",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2494"
},
{
"name": "FreeBSD-SA-16:35",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc"
},
{
"name": "RHSA-2017:1414",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"name": "[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2016/q4/224"
},
{
"name": "RHSA-2017:0574",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"name": "DSA-3773",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3773"
},
{
"name": "RHSA-2017:1415",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"name": "1037084",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037084"
},
{
"name": "RHSA-2017:1802",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1802"
},
{
"name": "RHSA-2017:2493",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2493"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
@ -168,39 +92,119 @@
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171130-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171130-0001/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401"
},
{
"name": "https://security.360.cn/cve/CVE-2016-8610/",
"url": "https://security.360.cn/cve/CVE-2016-8610/",
"refsource": "MISC",
"url": "https://security.360.cn/cve/CVE-2016-8610/"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us"
},
{
"name": "https://security.paloaltonetworks.com/CVE-2016-8610",
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2016-8610"
"name": "https://security.360.cn/cve/CVE-2016-8610/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
},
{
"url": "http://seclists.org/oss-sec/2016/q4/224",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2016/q4/224"
},
{
"url": "http://www.securityfocus.com/bid/93841",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/93841"
},
{
"url": "http://www.securitytracker.com/id/1037084",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037084"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:1413",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:1414",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:1658",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1658"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:1801",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1801"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:1802",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:1802"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2493",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2493"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2494",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2494"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401",
"refsource": "MISC",
"name": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401"
},
{
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc",
"refsource": "MISC",
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc"
},
{
"url": "https://security.netapp.com/advisory/ntap-20171130-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20171130-0001/"
},
{
"url": "https://security.paloaltonetworks.com/CVE-2016-8610",
"refsource": "MISC",
"name": "https://security.paloaltonetworks.com/CVE-2016-8610"
},
{
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us",
"refsource": "MISC",
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us"
},
{
"url": "https://www.debian.org/security/2017/dsa-3773",
"refsource": "MISC",
"name": "https://www.debian.org/security/2017/dsa-3773"
}
]
}

122
2016/8xxx/CVE-2016-8611.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8611",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openstack-glance",
"version": {
"version_data": [
{
"version_value": "v1 and v2"
}
]
}
}
]
},
"vendor_name": "The Openstack Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,60 +15,87 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
[
{
"vectorString": "3.5/AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
"value": "CWE-400",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The Openstack Foundation",
"product": {
"product_data": [
{
"product_name": "openstack-glance",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1 and v2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8611",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8611"
"url": "http://seclists.org/oss-sec/2016/q4/266",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2016/q4/266"
},
{
"name": "1037312",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037312"
"url": "http://www.securityfocus.com/bid/94378",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94378"
},
{
"name": "94378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94378"
"url": "http://www.securitytracker.com/id/1037312",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037312"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05333384",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05333384"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8611",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8611"
},
{
"name": "[oss-security] 20161027 [OSSN-0076] Glance Image service v1 and v2 api image-create vulnerability",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2016/q4/266"
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05333384",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05333384"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
}

140
2016/8xxx/CVE-2016-8612.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An error was found in protocol parsing logic of mod_cluster load balancer Apache HTTP Server modules. An attacker could use this flaw to cause a Segmentation Fault in the serving httpd process."
"value": "Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"value": "CWE-20",
"cweId": "CWE-20"
}
]
@ -32,91 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "JBoss Core Services on RHEL 6",
"product_name": "mod_cluster",
"version": {
"version_data": [
{
"version_value": "0:2.4.23-102.jbcs.el6",
"version_affected": "!"
},
{
"version_value": "0:5.4-35.jbcs.el6",
"version_affected": "!"
},
{
"version_value": "0:0.9.6-14.GA.jbcs.el6",
"version_affected": "!"
},
{
"version_value": "0:1.3.5-13.Final_redhat_1.jbcs.el6",
"version_affected": "!"
},
{
"version_value": "0:1.2.41-14.redhat_1.jbcs.el6",
"version_affected": "!"
},
{
"version_value": "0:2.4.1-16.GA.jbcs.el6",
"version_affected": "!"
},
{
"version_value": "0:2.9.1-18.GA.jbcs.el6",
"version_affected": "!"
},
{
"version_value": "0:1.12.0-9.jbcs.el6",
"version_affected": "!"
},
{
"version_value": "1:1.0.2h-12.jbcs.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "JBoss Core Services on RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2.4.23-102.jbcs.el7",
"version_affected": "!"
},
{
"version_value": "0:5.4-35.jbcs.el7",
"version_affected": "!"
},
{
"version_value": "0:0.9.6-14.GA.jbcs.el7",
"version_affected": "!"
},
{
"version_value": "0:1.3.5-13.Final_redhat_1.jbcs.el7",
"version_affected": "!"
},
{
"version_value": "0:1.2.41-14.redhat_1.jbcs.el7",
"version_affected": "!"
},
{
"version_value": "0:2.4.1-16.GA.jbcs.el7",
"version_affected": "!"
},
{
"version_value": "0:2.9.1-18.GA.jbcs.el7",
"version_affected": "!"
},
{
"version_value": "0:1.12.0-9.jbcs.el7",
"version_affected": "!"
},
{
"version_value": "1:1.0.2h-12.jbcs.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "httpd 2.4.23"
}
]
}
@ -134,11 +59,6 @@
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2957",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2957"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0193",
"refsource": "MISC",
@ -155,58 +75,14 @@
"name": "http://www.securityfocus.com/bid/94939"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-8612",
"url": "https://security.netapp.com/advisory/ntap-20180601-0005/",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8612"
"name": "https://security.netapp.com/advisory/ntap-20180601-0005/"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1387605",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1387605"
},
{
"url": "https://security.netapp.com/advisory/ntap-20180601-0005/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20180601-0005/"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
}

75
2016/8xxx/CVE-2016-8630.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS."
"value": "The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
"value": "n/a"
}
]
}
@ -32,20 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.10.2.rt56.435.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-514.10.2.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -89,68 +84,14 @@
"name": "http://www.securityfocus.com/bid/94459"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0386",
"url": "https://github.com/torvalds/linux/commit/d9092f52d7e61dd1557f2db2400ddb430e85937e",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0386"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:0387",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0387"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-8630",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8630"
"name": "https://github.com/torvalds/linux/commit/d9092f52d7e61dd1557f2db2400ddb430e85937e"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393350",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1393350"
},
{
"url": "https://github.com/torvalds/linux/commit/d9092f52d7e61dd1557f2db2400ddb430e85937e",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/d9092f52d7e61dd1557f2db2400ddb430e85937e"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.2,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
]
}

45
2016/8xxx/CVE-2016-8631.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"value": "CWE-20",
"cweId": "CWE-20"
}
]
@ -36,12 +36,12 @@
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 3.3",
"product_name": "Openshift Enterprise",
"version": {
"version_data": [
{
"version_value": "0:3.3.1.4-1.git.0.7c8657c.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "3"
}
]
}
@ -64,16 +64,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2696"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-8631",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8631"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390735",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1390735"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631",
"refsource": "MISC",
@ -81,35 +71,8 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Jordan Liggitt (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",

79
2016/8xxx/CVE-2016-8632.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8632",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,27 +27,51 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161108 CVE-2016-8632 -- Linux kernel: tipc_msg_build() doesn't validate MTU that can trigger heap overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/08/5"
"url": "http://www.openwall.com/lists/oss-security/2016/11/08/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/11/08/5"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1390832",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390832"
"url": "http://www.securityfocus.com/bid/94211",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94211"
},
{
"name": "94211",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94211"
"url": "https://www.mail-archive.com/netdev%40vger.kernel.org/msg133205.html",
"refsource": "MISC",
"name": "https://www.mail-archive.com/netdev%40vger.kernel.org/msg133205.html"
},
{
"name": "[netdev] 20161018 [PATCH net] tipc: Guard against tiny MTU in tipc_msg_build()",
"refsource": "MLIST",
"url": "https://www.mail-archive.com/netdev@vger.kernel.org/msg133205.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390832",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1390832"
}
]
}

107
2016/8xxx/CVE-2016-8636.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8636",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,42 +27,66 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "96189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96189"
},
{
"name": "[oss-security] 20170211 CVE publication request - CVE 2016-8636",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/11/9"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10"
},
{
"name": "https://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66",
"refsource": "MISC",
"url": "https://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/"
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66"
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1421981",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421981"
"url": "http://www.openwall.com/lists/oss-security/2017/02/11/9",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2017/02/11/9"
},
{
"name": "https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66"
"url": "http://www.securityfocus.com/bid/96189",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/96189"
},
{
"url": "https://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/",
"refsource": "MISC",
"name": "https://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/"
},
{
"url": "https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421981",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1421981"
}
]
}

73
2016/8xxx/CVE-2016-8638.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in ipsilon in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could determine what service providers other users are logged in to and terminate their sessions."
"value": "A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a \"SAML2 multi-session vulnerability.\""
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Authentication",
"cweId": "CWE-287"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:1.0.0-13.el7_3",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -64,21 +63,6 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94439"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:2809",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2809"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-8638",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8638"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1392829",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1392829"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638",
"refsource": "MISC",
@ -100,50 +84,5 @@
"name": "https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Howard Johnson and Patrick Uiterwijk (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
}
]
}
}

122
2016/8xxx/CVE-2016-8641.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8641",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nagios",
"version": {
"version_data": [
{
"version_value": "4.2.x"
}
]
}
}
]
},
"vendor_name": "Nagios Enterprises"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,60 +15,87 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.7/CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
[
{
"vectorString": "4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59"
"value": "CWE-59",
"cweId": "CWE-59"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Nagios Enterprises",
"product": {
"product_data": [
{
"product_name": "nagios",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.2.x"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "40774",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40774/"
"url": "http://www.securityfocus.com/bid/95121",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/95121"
},
{
"name": "https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch",
"refsource": "CONFIRM",
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641"
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch",
"refsource": "MISC",
"name": "https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch"
},
{
"name": "95121",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95121"
"url": "https://security.gentoo.org/glsa/201702-26",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "GLSA-201702-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-26"
"url": "https://www.exploit-db.com/exploits/40774/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/40774/"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}

67
2016/8xxx/CVE-2016-8642.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8642",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moodle 2.x and 3.x",
"version": {
"version_data": [
{
"version_value": "Moodle 2.x and 3.x"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,17 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Moodle 2.x and 3.x",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Moodle 2.x and 3.x"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://moodle.org/mod/forum/discuss.php?d=343275",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=343275"
"url": "http://www.securityfocus.com/bid/94441",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94441"
},
{
"name": "94441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94441"
"url": "https://moodle.org/mod/forum/discuss.php?d=343275",
"refsource": "MISC",
"name": "https://moodle.org/mod/forum/discuss.php?d=343275"
}
]
}

82
2016/8xxx/CVE-2016-8646.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set."
"value": "The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
"value": "n/a"
}
]
}
@ -32,31 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.21.1.rt56.438.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-514.21.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-514.rt56.221.el6rt",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -105,64 +89,14 @@
"name": "https://access.redhat.com/errata/RHSA-2017:1308"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-8646",
"url": "https://github.com/torvalds/linux/commit/4afa5f9617927453ac04b24b584f6c718dfb4f45",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8646"
"name": "https://github.com/torvalds/linux/commit/4afa5f9617927453ac04b24b584f6c718dfb4f45"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388821",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1388821"
},
{
"url": "https://github.com/torvalds/linux/commit/4afa5f9617927453ac04b24b584f6c718dfb4f45",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/4afa5f9617927453ac04b24b584f6c718dfb4f45"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Igor Redko (Virtuozzo kernel team) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.7,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

104
2016/8xxx/CVE-2016-8648.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8648",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Karaf",
"version": {
"version_data": [
{
"version_value": "As shipped with Jboss Fuse 6.x"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,45 +15,72 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.2/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
[
{
"vectorString": "6.5/AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502"
"value": "CWE-502",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Karaf",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "As shipped with Jboss Fuse 6.x"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "94513",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94513"
"url": "http://www.securityfocus.com/bid/94513",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94513"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8648",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8648"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8648",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8648"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}

91
2016/8xxx/CVE-2016-8649.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8649",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LXC before 1.0.9 and 2.x before 2.0.6",
"version": {
"version_data": [
{
"version_value": "LXC before 1.0.9 and 2.x before 2.0.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,37 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "LXC before 1.0.9 and 2.x before 2.0.6",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "LXC before 1.0.9 and 2.x before 2.0.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1398242",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1398242"
"url": "http://www.securityfocus.com/bid/94498",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94498"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345"
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465",
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465"
},
{
"name": "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c",
"refsource": "CONFIRM",
"url": "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c"
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465"
"url": "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c",
"refsource": "MISC",
"name": "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2016-8649",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-8649"
"url": "https://security-tracker.debian.org/tracker/CVE-2016-8649",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2016-8649"
},
{
"name": "94498",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94498"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1398242",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1398242"
}
]
}

87
2016/8xxx/CVE-2016-8650.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key."
"value": "The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
"value": "n/a"
}
]
}
@ -32,42 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-754.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.16.1.rt56.437.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-514.16.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-514.rt56.219.el6rt",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -131,58 +104,14 @@
"name": "http://www.securityfocus.com/bid/94532"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-8650",
"url": "https://github.com/torvalds/linux/commit/f5527fffff3f002b0a6b376163613b82f69de073",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8650"
"name": "https://github.com/torvalds/linux/commit/f5527fffff3f002b0a6b376163613b82f69de073"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395187",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1395187"
},
{
"url": "https://github.com/torvalds/linux/commit/f5527fffff3f002b0a6b376163613b82f69de073",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/f5527fffff3f002b0a6b376163613b82f69de073"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
}

63
2016/8xxx/CVE-2016-8651.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An input validation flaw was found in the way OpenShift handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image."
"value": "An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"value": "CWE-20",
"cweId": "CWE-20"
}
]
@ -36,34 +36,12 @@
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 3.2",
"product_name": "OpenShift Enterprise",
"version": {
"version_data": [
{
"version_value": "0:3.2.1.21-1.git.0.4250771.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 3.3",
"version": {
"version_data": [
{
"version_value": "0:3.3.1.7-1.git.0.0988966.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Enterprise 3.1",
"version": {
"version_data": [
{
"version_value": "0:3.1.1.10-1.git.0.efeef8d.el7aos",
"version_affected": "!"
"version_affected": "=",
"version_value": "3"
}
]
}
@ -86,16 +64,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2915"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-8651",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8651"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397987",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1397987"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651",
"refsource": "MISC",
@ -105,27 +73,6 @@
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",

91
2016/8xxx/CVE-2016-8668.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8668",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,37 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161015 Re: CVE request Qemu: net: OOB buffer access in rocker switch emulation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/15/9"
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "GLSA-201611-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-11"
"url": "https://security.gentoo.org/glsa/201611-11",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20161014 CVE request Qemu: net: OOB buffer access in rocker switch emulation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/14/8"
"url": "http://www.openwall.com/lists/oss-security/2016/10/14/8",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/10/14/8"
},
{
"name": "[qemu-devel] 20161012 [PATCH] net: rocker: set limit to DMA buffer size",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02501.html"
"url": "http://www.openwall.com/lists/oss-security/2016/10/15/9",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/10/15/9"
},
{
"name": "openSUSE-SU-2016:3237",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
"url": "http://www.securityfocus.com/bid/93566",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/93566"
},
{
"name": "93566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93566"
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02501.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02501.html"
}
]
}

134
2016/8xxx/CVE-2016-8669.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2016-8669 Qemu: char: divide by zero error in serial_update_parameters"
"value": "The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Divide By Zero",
"cweId": "CWE-369"
"value": "n/a"
}
]
}
@ -32,82 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 11.0 (Ocata)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-14.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -164,61 +97,6 @@
"url": "http://www.securityfocus.com/bid/93563",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/93563"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-8669",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8669"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384909",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1384909"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank PSIRT (Huawei Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
]
}

134
2016/8xxx/CVE-2016-8909.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2016-8909 Qemu: audio: intel-hda: infinite loop in processing dma buffer stream"
"value": "The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Loop with Unreachable Exit Condition ('Infinite Loop')",
"cweId": "CWE-835"
"value": "n/a"
}
]
}
@ -32,82 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 11.0 (Ocata)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-14.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -160,66 +93,11 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/93842"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-8909",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8909"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388052",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1388052"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04682.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04682.html"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank PSIRT (Huawei Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
]
}
}

134
2016/8xxx/CVE-2016-8910.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2016-8910 Qemu: net: rtl8139: infinite loop while transmit in C+ mode"
"value": "The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Loop with Unreachable Exit Condition ('Infinite Loop')",
"cweId": "CWE-835"
"value": "n/a"
}
]
}
@ -32,82 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 11.0 (Ocata)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-14.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -160,66 +93,11 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/93844"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-8910",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-8910"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388046",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1388046"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Andrew Henderson (Intelligent Automation Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
]
}
}

125
2016/9xxx/CVE-2016-9580.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9580",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openjpeg2",
"version": {
"version_data": [
{
"version_value": "2.1.2"
}
]
}
}
]
},
"vendor_name": "The OpenJPEG Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,29 +15,14 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
[
{
"vectorString": "4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
"value": "CWE-190",
"cweId": "CWE-190"
}
]
},
@ -68,38 +30,81 @@
"description": [
{
"lang": "eng",
"value": "CWE-122"
"value": "CWE-122",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The OpenJPEG Project",
"product": {
"product_data": [
{
"product_name": "openjpeg2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/uclouvain/openjpeg/issues/871",
"refsource": "CONFIRM",
"url": "https://github.com/uclouvain/openjpeg/issues/871"
"url": "https://security.gentoo.org/glsa/201710-26",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201710-26"
},
{
"name": "GLSA-201710-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-26"
"url": "http://www.securityfocus.com/bid/94822",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94822"
},
{
"name": "94822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94822"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9580",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9580"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9580",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9580"
"url": "https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255",
"refsource": "MISC",
"name": "https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255"
},
{
"name": "https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255",
"refsource": "CONFIRM",
"url": "https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255"
"url": "https://github.com/uclouvain/openjpeg/issues/871",
"refsource": "MISC",
"name": "https://github.com/uclouvain/openjpeg/issues/871"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
}

125
2016/9xxx/CVE-2016-9581.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9581",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openjpeg2",
"version": {
"version_data": [
{
"version_value": "2.1.2"
}
]
}
}
]
},
"vendor_name": "The OpenJPEG Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,29 +15,14 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
[
{
"vectorString": "4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-835"
"value": "CWE-835",
"cweId": "CWE-835"
}
]
},
@ -68,38 +30,81 @@
"description": [
{
"lang": "eng",
"value": "CWE-122"
"value": "CWE-122",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The OpenJPEG Project",
"product": {
"product_data": [
{
"product_name": "openjpeg2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/uclouvain/openjpeg/issues/872",
"refsource": "CONFIRM",
"url": "https://github.com/uclouvain/openjpeg/issues/872"
"url": "https://security.gentoo.org/glsa/201710-26",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201710-26"
},
{
"name": "GLSA-201710-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-26"
"url": "http://www.securityfocus.com/bid/94822",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94822"
},
{
"name": "94822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94822"
"url": "https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255",
"refsource": "MISC",
"name": "https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9581",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9581"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9581",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9581"
},
{
"name": "https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255",
"refsource": "CONFIRM",
"url": "https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255"
"url": "https://github.com/uclouvain/openjpeg/issues/872",
"refsource": "MISC",
"name": "https://github.com/uclouvain/openjpeg/issues/872"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
}

65
2017/12xxx/CVE-2017-12168.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An assertion failure issue was found in the Linux kernel's KVM hypervisor module built to support visualization on ARM64 architecture platforms. The failure could occur while accessing Performance Monitors Cycle Count Register (PMCCNTR) from a guest. A privileged guest user could use this flaw to crash the host kernel resulting in denial of service."
"value": "The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR)."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Reachable Assertion",
"value": "assert failure CWE-617",
"cweId": "CWE-617"
}
]
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "Linux kernel before 4.9",
"version": {
"version_data": [
{
"version_value": "0:4.11.0-44.el7a",
"version_affected": "!"
"version_affected": "=",
"version_value": "Linux kernel before 4.9"
}
]
}
@ -65,63 +65,14 @@
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.11"
},
{
"url": "https://access.redhat.com/errata/RHEA-2017:3163",
"url": "https://github.com/torvalds/linux/commit/9e3f7a29694049edd728e2400ab57ad7553e5aa9",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHEA-2017:3163"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-12168",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-12168"
"name": "https://github.com/torvalds/linux/commit/9e3f7a29694049edd728e2400ab57ad7553e5aa9"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492984",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1492984"
},
{
"url": "https://github.com/torvalds/linux/commit/9e3f7a29694049edd728e2400ab57ad7553e5aa9",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/9e3f7a29694049edd728e2400ab57ad7553e5aa9"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.2,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
]
}

71
2017/12xxx/CVE-2017-12169.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-09-01T00:00:00",
"ID": "CVE-2017-12169",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ipa",
"version": {
"version_data": [
{
"version_value": "4.2.0 and later"
}
]
}
}
]
},
"vendor_name": "FreeIPA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,23 +21,48 @@
"description": [
{
"lang": "eng",
"value": "CWE-200"
"value": "CWE-200",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FreeIPA",
"product": {
"product_data": [
{
"product_name": "ipa",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.2.0 and later"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1487697",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487697"
"url": "http://www.securityfocus.com/bid/102136",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/102136"
},
{
"name": "102136",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102136"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487697",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1487697"
}
]
}

62
2017/12xxx/CVE-2017-12170.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-08-14T00:00:00",
"ID": "CVE-2017-12170",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pure-ftpd",
"version": {
"version_data": [
{
"version_value": "Fedora downstream version pure-ftpd-1.0.46-1"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -51,12 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "pure-ftpd",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Fedora downstream version pure-ftpd-1.0.46-1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1493114",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493114"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493114",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1493114"
}
]
}

26
2017/12xxx/CVE-2017-12171.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the \"Allow\" and \"Deny\" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource."
"value": "A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the \"Allow\" and \"Deny\" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Access Control",
"value": "CWE-284",
"cweId": "CWE-284"
}
]
@ -36,12 +36,12 @@
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "httpd",
"version": {
"version_data": [
{
"version_value": "0:2.2.15-60.el6_9.6",
"version_affected": "!"
"version_affected": "=",
"version_value": "2.2.15-60"
}
]
}
@ -69,16 +69,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2972"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-12171",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-12171"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493056",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1493056"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12171",
"refsource": "MISC",
@ -86,12 +76,6 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank KAWAHARA Masashi for reporting this issue."
}
],
"impact": {
"cvss": [
{

131
2017/12xxx/CVE-2017-12174.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-02-05T00:00:00",
"ID": "CVE-2017-12174",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HornetQ/Artemis",
"version": {
"version_data": [
{
"version_value": "before 2.4.0"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,73 +21,98 @@
"description": [
{
"lang": "eng",
"value": "CWE-400"
"value": "CWE-400",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "HornetQ/Artemis",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "before 2.4.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:0479",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0479"
"url": "https://access.redhat.com/errata/RHSA-2018:0478",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0478"
},
{
"name": "RHSA-2018:0481",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0481"
"url": "https://access.redhat.com/errata/RHSA-2018:0479",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0479"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12174",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12174"
"url": "https://access.redhat.com/errata/RHSA-2018:0480",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0480"
},
{
"name": "RHSA-2018:0269",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0269"
"url": "https://access.redhat.com/errata/RHSA-2018:0481",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0481"
},
{
"name": "RHSA-2018:0270",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0270"
"url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"
},
{
"name": "RHSA-2018:0271",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0271"
"url": "https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E"
},
{
"name": "RHSA-2018:0268",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0268"
"url": "https://access.redhat.com/errata/RHSA-2018:0268",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0268"
},
{
"name": "RHSA-2018:0480",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0480"
"url": "https://access.redhat.com/errata/RHSA-2018:0269",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0269"
},
{
"name": "RHSA-2018:0275",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0275"
"url": "https://access.redhat.com/errata/RHSA-2018:0270",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0270"
},
{
"name": "RHSA-2018:0478",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0478"
"url": "https://access.redhat.com/errata/RHSA-2018:0271",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0271"
},
{
"refsource": "MLIST",
"name": "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26118",
"url": "https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088@%3Ccommits.activemq.apache.org%3E"
"url": "https://access.redhat.com/errata/RHSA-2018:0275",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0275"
},
{
"refsource": "MLIST",
"name": "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26117",
"url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12174",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12174"
}
]
}

1140
2017/12xxx/CVE-2017-12175.json
View File

File diff suppressed because it is too large Load Diff

66
2017/12xxx/CVE-2017-12188.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled (nested=1), was vulnerable to a stack buffer overflow issue. The vulnerability could occur while traversing guest page table entries to resolve guest virtual address(gva). An L1 guest could use this flaw to crash the host kernel resulting in denial of service (DoS) or potentially execute arbitrary code on the host to gain privileges on the system."
"value": "arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an \"MMU potential stack buffer overrun.\""
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"value": "CWE-121",
"cweId": "CWE-121"
}
]
@ -32,20 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "Linux kernel",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.21.1.rt56.639.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-693.21.1.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "Linux kernel"
}
]
}
@ -73,16 +69,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0412"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-12188",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-12188"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500380",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1500380"
},
{
"url": "https://patchwork.kernel.org/patch/9996579/",
"refsource": "MISC",
@ -92,45 +78,11 @@
"url": "https://patchwork.kernel.org/patch/9996587/",
"refsource": "MISC",
"name": "https://patchwork.kernel.org/patch/9996587/"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500380",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1500380"
}
]
}

95
2017/12xxx/CVE-2017-12189.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-10-09T00:00:00",
"ID": "CVE-2017-12189",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Red Hat JBoss Enterprise Application Platform",
"version": {
"version_data": [
{
"version_value": "7.0.7.GA"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,43 +21,68 @@
"description": [
{
"lang": "eng",
"value": "CWE-282"
"value": "CWE-282",
"cweId": "CWE-282"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "Red Hat JBoss Enterprise Application Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.0.7.GA"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189"
"url": "http://www.securityfocus.com/bid/102407",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/102407"
},
{
"name": "RHSA-2018:0002",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0002"
"url": "https://access.redhat.com/errata/RHSA-2018:0002",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0002"
},
{
"name": "RHSA-2018:0004",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0004"
"url": "https://access.redhat.com/errata/RHSA-2018:0003",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0003"
},
{
"name": "RHSA-2018:0003",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0003"
"url": "https://access.redhat.com/errata/RHSA-2018:0004",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0004"
},
{
"name": "RHSA-2018:0005",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0005"
"url": "https://access.redhat.com/errata/RHSA-2018:0005",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0005"
},
{
"name": "102407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102407"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189"
}
]
}

90
2017/12xxx/CVE-2017-12190.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was found that in the Linux kernel through v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in 'block/bio.c' do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page. bio_add_pc_page() merges them into one, but the page reference is never dropped, causing a memory leak and possible system lockup due to out-of-memory condition."
"value": "The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption",
"value": "CWE-400",
"cweId": "CWE-400"
}
]
@ -32,57 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "Linux kernel through v4.14-rc5",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-754.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-862.rt56.804.el7",
"version_affected": "!"
},
{
"version_value": "0:4.14.0-49.el7a",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-862.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.47.2.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-693.47.2.rt56.641.el6rt",
"version_affected": "!"
"version_affected": "=",
"version_value": "Linux kernel through v4.14-rc5"
}
]
}
@ -175,16 +134,6 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/101911"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-12190",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-12190"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495089",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1495089"
},
{
"url": "https://github.com/torvalds/linux/commit/2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058",
"refsource": "MISC",
@ -199,30 +148,11 @@
"url": "https://support.f5.com/csp/article/K93472064?utm_source=f5support&amp%3Butm_medium=RSS",
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K93472064?utm_source=f5support&amp%3Butm_medium=RSS"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Vitaly Mayatskih for reporting this issue."
}
],
"impact": {
"cvss": [
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495089",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1495089"
}
]
}

63
2017/12xxx/CVE-2017-12191.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Access Control",
"value": "Improper Access Control (CWE-284)",
"cweId": "CWE-284"
}
]
@ -32,40 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "CloudForms Management Engine 5.8",
"product_name": "CloudForms",
"version": {
"version_data": [
{
"version_value": "0:2.4.3.0-1.el7ae",
"version_affected": "!"
},
{
"version_value": "0:3.1.5-3.el7at",
"version_affected": "!"
},
{
"version_value": "0:5.8.3.4-1.el7cf",
"version_affected": "!"
},
{
"version_value": "0:9.4.15-3PGDG.el7at",
"version_affected": "!"
},
{
"version_value": "0:2.6.1-16.el7at",
"version_affected": "!"
},
{
"version_value": "0:0.9.0-4.el7ae",
"version_affected": "!"
},
{
"version_value": "0:2.1.1-2.el7ae",
"version_affected": "!"
"version_affected": "=",
"version_value": "Through 5.9"
}
]
}
@ -83,40 +59,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0374"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-12191",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-12191"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500517",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1500517"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Gellert Kis (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
]
}
}

99
2017/12xxx/CVE-2017-12192.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in the Key Management sub component of the Linux kernel, where when trying to issue a KEYTCL_READ on a negative key would lead to a NULL pointer dereference. A local attacker could use this flaw to crash the kernel."
"value": "The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
"value": "n/a"
}
]
}
@ -32,46 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-754.30.2.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.17.1.rt56.636.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-693.17.1.el7",
"version_affected": "!"
},
{
"version_value": "0:4.14.0-49.el7a",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-693.17.1.rt56.604.el6rt",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -94,56 +63,21 @@
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3583-2/"
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:0654",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0654"
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:0151",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0151"
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:0152",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0152"
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:0181",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0181"
},
{
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=37863c43b2c6464f252862bf2e9768264e961678",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=37863c43b2c6464f252862bf2e9768264e961678"
},
{
"url": "http://seclists.org/oss-sec/2017/q4/63",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2017/q4/63"
},
{
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:2430",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:2430"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-12192",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-12192"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493435",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1493435"
},
{
"url": "https://github.com/torvalds/linux/commit/37863c43b2c6464f252862bf2e9768264e961678",
"refsource": "MISC",
@ -153,24 +87,11 @@
"url": "https://lkml.org/lkml/2017/9/18/764",
"refsource": "MISC",
"name": "https://lkml.org/lkml/2017/9/18/764"
}
]
},
"impact": {
"cvss": [
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493435",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1493435"
}
]
}

70
2017/12xxx/CVE-2017-12193.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel's implementation of associative arrays introduced in 3.13. This functionality was backported to the 3.10 kernels in Red Hat Enterprise Linux 7. The flaw involved a null pointer dereference in assoc_array_apply_edit() due to incorrect node-splitting in assoc_array implementation. This affects the keyring key type and thus key addition and link creation operations may cause the kernel to panic."
"value": "The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"value": "CWE-476",
"cweId": "CWE-476"
}
]
@ -32,31 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "Linux kernel since 3.13 up to 4.14 (not including)",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.17.1.rt56.636.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-693.17.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-693.17.1.rt56.604.el6rt",
"version_affected": "!"
"version_affected": "=",
"version_value": "Linux kernel since 3.13 up to 4.14 (not including)"
}
]
}
@ -74,16 +59,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0151"
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:0152",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0152"
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:0181",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0181"
},
{
"url": "https://usn.ubuntu.com/3698-1/",
"refsource": "MISC",
@ -110,43 +85,14 @@
"name": "http://www.securityfocus.com/bid/101678"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-12193",
"url": "https://github.com/torvalds/linux/commit/ea6789980fdaa610d7eb63602c746bf6ec70cd2b",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-12193"
"name": "https://github.com/torvalds/linux/commit/ea6789980fdaa610d7eb63602c746bf6ec70cd2b"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501215",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1501215"
},
{
"url": "https://github.com/torvalds/linux/commit/ea6789980fdaa610d7eb63602c746bf6ec70cd2b",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/ea6789980fdaa610d7eb63602c746bf6ec70cd2b"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Fan Wu (University of Hong Kong), Haoran Qiu (University of Hong Kong), Heming Cui (University of Hong Kong), and Shixiong Zhao (University of Hong Kong) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

83
2017/12xxx/CVE-2017-12194.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-03-14T00:00:00",
"ID": "CVE-2017-12194",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "spice-gtk",
"version": {
"version_data": [
{
"version_value": "through 0.34"
}
]
}
}
]
},
"vendor_name": "freedesktop.org"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,33 +21,58 @@
"description": [
{
"lang": "eng",
"value": "CWE-121"
"value": "CWE-121",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "freedesktop.org",
"product": {
"product_data": [
{
"product_name": "spice-gtk",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "through 0.34"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "GLSA-201811-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-20"
"url": "http://www.securityfocus.com/bid/103413",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/103413"
},
{
"name": "USN-3659-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3659-1/"
"url": "https://security.gentoo.org/glsa/201811-20",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201811-20"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1501200",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501200"
"url": "https://usn.ubuntu.com/3659-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3659-1/"
},
{
"name": "103413",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103413"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501200",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1501200"
}
]
}

1327
2017/12xxx/CVE-2017-12195.json
View File

File diff suppressed because it is too large Load Diff

95
2017/12xxx/CVE-2017-12197.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-01-16T00:00:00",
"ID": "CVE-2017-12197",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libpam4j",
"version": {
"version_data": [
{
"version_value": "up to and including 1.8"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,43 +21,68 @@
"description": [
{
"lang": "eng",
"value": "CWE-863"
"value": "CWE-863",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "libpam4j",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "up to and including 1.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20171107 [SECURITY] [DLA 1165-1] libpam4j security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00008.html"
"url": "https://access.redhat.com/errata/RHSA-2017:2904",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2904"
},
{
"name": "RHSA-2017:2904",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2904"
"url": "https://access.redhat.com/errata/RHSA-2017:2905",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2905"
},
{
"name": "RHSA-2017:2905",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2905"
"url": "https://access.redhat.com/errata/RHSA-2017:2906",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2906"
},
{
"name": "RHSA-2017:2906",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2906"
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00008.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2017/11/msg00008.html"
},
{
"name": "DSA-4025",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4025"
"url": "https://www.debian.org/security/2017/dsa-4025",
"refsource": "MISC",
"name": "https://www.debian.org/security/2017/dsa-4025"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1503103",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503103"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503103",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1503103"
}
]
}

38
2017/15xxx/CVE-2017-15085.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Channel Accessible by Non-Endpoint",
"value": "CWE-300",
"cweId": "CWE-300"
}
]
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "Red Hat Gluster Storage 3.3 for RHEL 6",
"product_name": "Gluster Storage for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:4.6.3-8.el6rhs",
"version_affected": "!"
"version_affected": "=",
"version_value": "3.3"
}
]
}
@ -64,39 +64,11 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/101554"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-15085",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-15085"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1505787",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1505787"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15085",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15085"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
]
}
}

38
2017/15xxx/CVE-2017-15086.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Channel Accessible by Non-Endpoint",
"value": "CWE-300",
"cweId": "CWE-300"
}
]
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "Red Hat Gluster Storage 3.3 for RHEL 6",
"product_name": "Gluster Storage for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:4.6.3-8.el6rhs",
"version_affected": "!"
"version_affected": "=",
"version_value": "3.3"
}
]
}
@ -64,39 +64,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3110"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-15086",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-15086"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1505785",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1505785"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15086",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15086"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
]
}
}

38
2017/15xxx/CVE-2017-15087.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"value": "CWE-200",
"cweId": "CWE-200"
}
]
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "Red Hat Gluster Storage 3.3 for RHEL 6",
"product_name": "Gluster Storage for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:4.6.3-8.el6rhs",
"version_affected": "!"
"version_affected": "=",
"version_value": "3.3"
}
]
}
@ -64,39 +64,11 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/101556"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-15087",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-15087"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1505788",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1505788"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15087",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15087"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
]
}
}

78
2017/15xxx/CVE-2017-15091.json
View File

@ -1,39 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-11-27T00:00:00",
"ID": "CVE-2017-15091",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerDNS Authoritative",
"version": {
"version_data": [
{
"version_value": "4.x up to and including 4.0.4"
},
{
"version_value": "3.x up to and including 3.4.11"
}
]
}
}
]
},
"vendor_name": "PowerDNS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -48,23 +21,52 @@
"description": [
{
"lang": "eng",
"value": "CWE-863"
"value": "CWE-863",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PowerDNS",
"product": {
"product_data": [
{
"product_name": "PowerDNS Authoritative",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.x up to and including 4.0.4"
},
{
"version_affected": "=",
"version_value": "3.x up to and including 3.4.11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "101982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101982"
"url": "http://www.securityfocus.com/bid/101982",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/101982"
},
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html"
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html",
"refsource": "MISC",
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html"
}
]
}

75
2017/15xxx/CVE-2017-15096.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2017-15096 glusterfs: Null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c"
"value": "A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
"value": "Null pointer dereference"
}
]
}
@ -32,50 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "Native Client for RHEL 7 for Red Hat Storage",
"product_name": "GlusterFS",
"version": {
"version_data": [
{
"version_value": "0:6.0-21.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Gluster Storage 3.5 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:6.0-21.el7rhgs",
"version_affected": "!"
},
{
"version_value": "0:7.7-16.el7rhgs",
"version_affected": "!"
},
{
"version_value": "0:70.7.0-3.el7rhgs",
"version_affected": "!"
},
{
"version_value": "0:3.5.0.0-1.el7rhgs",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:6.0-21.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "Prior to 3.10"
}
]
}
@ -88,39 +53,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHEA-2019:3249",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHEA-2019:3249"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-15096",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-15096"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1504255",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1504255"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 1.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
}
}

141
2017/15xxx/CVE-2017-15097.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Link Resolution Before File Access ('Link Following')",
"value": "CWE-59",
"cweId": "CWE-59"
}
]
@ -36,129 +36,12 @@
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "postgresql init script",
"version": {
"version_data": [
{
"version_value": "0:9.2.23-3.el7_4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:9.4.14-2.el6",
"version_affected": "!"
},
{
"version_value": "0:9.5.9-4.el6",
"version_affected": "!"
},
{
"version_value": "0:9.6.5-2.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS",
"version": {
"version_data": [
{
"version_value": "0:9.4.14-2.el6",
"version_affected": "!"
},
{
"version_value": "0:9.5.9-4.el6",
"version_affected": "!"
},
{
"version_value": "0:9.6.5-2.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:9.4.14-2.el7",
"version_affected": "!"
},
{
"version_value": "0:9.5.9-4.el7",
"version_affected": "!"
},
{
"version_value": "0:9.6.5-2.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS",
"version": {
"version_data": [
{
"version_value": "0:9.4.14-2.el7",
"version_affected": "!"
},
{
"version_value": "0:9.5.9-4.el7",
"version_affected": "!"
},
{
"version_value": "0:9.6.5-2.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS",
"version": {
"version_data": [
{
"version_value": "0:9.4.14-2.el7",
"version_affected": "!"
},
{
"version_value": "0:9.5.9-4.el7",
"version_affected": "!"
},
{
"version_value": "0:9.6.5-2.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization Engine 4.2",
"version": {
"version_data": [
{
"version_value": "0:9.5.9-4.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization Engine 4.3",
"version": {
"version_data": [
{
"version_value": "0:9.5.9-4.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "all"
}
]
}
@ -196,16 +79,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:3405"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2017-15097",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-15097"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508985",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1508985"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097",
"refsource": "MISC",
@ -213,12 +86,6 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Pedro Barbosa (Red Hat) and the PostgreSQL project. Upstream acknowledges Antoine Scemama (Brainloop) as the original reporter."
}
],
"impact": {
"cvss": [
{

1160
2017/15xxx/CVE-2017-15100.json
View File

File diff suppressed because it is too large Load Diff

36
2017/15xxx/CVE-2017-15103.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A security-check flaw was found in the way the Heketi server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation."
"value": "A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"value": "CWE-78",
"cweId": "CWE-78"
}
]
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Heketi",
"product": {
"product_data": [
{
"product_name": "Red Hat Gluster Storage 3.3 for RHEL 7",
"product_name": "Heketi",
"version": {
"version_data": [
{
"version_value": "0:5.0.0-19.el7rhgs",
"version_affected": "!"
"version_affected": "=",
"version_value": "5.0"
}
]
}
@ -70,29 +70,5 @@
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1510147"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Markus Krell (NTT Security) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}
}

44
2017/15xxx/CVE-2017-15104.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An access flaw was found in heketi, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file."
"value": "An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Files or Directories Accessible to External Parties",
"value": "CWE-552",
"cweId": "CWE-552"
}
]
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Heketi",
"product": {
"product_data": [
{
"product_name": "Red Hat Gluster Storage 3.3 for RHEL 7",
"product_name": "Heketi",
"version": {
"version_data": [
{
"version_value": "0:5.0.0-19.el7rhgs",
"version_affected": "!"
"version_affected": "=",
"version_value": "5.0"
}
]
}
@ -64,39 +64,15 @@
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-15104"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510149",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1510149"
},
{
"url": "https://github.com/heketi/heketi/releases/tag/v5.0.1",
"refsource": "MISC",
"name": "https://github.com/heketi/heketi/releases/tag/v5.0.1"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Siddharth Sharma (Red Hat)."
}
],
"impact": {
"cvss": [
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510149",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1510149"
}
]
}

77
2017/15xxx/CVE-2017-15107.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-01-19T00:00:00",
"ID": "CVE-2017-15107",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dnsmasq",
"version": {
"version_data": [
{
"version_value": "up to and including 2.78"
}
]
}
}
]
},
"vendor_name": "Simon Kelley"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,28 +21,53 @@
"description": [
{
"lang": "eng",
"value": "CWE-358"
"value": "CWE-358",
"cweId": "CWE-358"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Simon Kelley",
"product": {
"product_data": [
{
"product_name": "dnsmasq",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "up to and including 2.78"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[dnsmasq-discuss] 20180119 DNSSEC security fix.",
"refsource": "MLIST",
"url": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00027.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00027.html"
},
{
"name": "102812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102812"
"url": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html",
"refsource": "MISC",
"name": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2669",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00027.html"
"url": "http://www.securityfocus.com/bid/102812",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/102812"
}
]
}

18
2023/0xxx/CVE-2023-0795.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0795",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}