From 9d9a192f2e90aed60619487af00295f17f7d1814 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 12 Feb 2023 23:01:30 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2016/0xxx/CVE-2016-0723.json | 229 +++--- 2016/0xxx/CVE-2016-0774.json | 199 ++--- 2016/0xxx/CVE-2016-0775.json | 79 +- 2016/0xxx/CVE-2016-0793.json | 87 +-- 2016/0xxx/CVE-2016-0794.json | 65 +- 2016/0xxx/CVE-2016-0795.json | 65 +- 2016/10xxx/CVE-2016-10163.json | 91 +-- 2016/10xxx/CVE-2016-10214.json | 85 +- 2016/1xxx/CVE-2016-1714.json | 176 +---- 2016/1xxx/CVE-2016-1905.json | 364 +-------- 2016/2xxx/CVE-2016-2094.json | 91 +-- 2016/2xxx/CVE-2016-2103.json | 48 +- 2016/2xxx/CVE-2016-2104.json | 58 +- 2016/2xxx/CVE-2016-2123.json | 116 +-- 2016/2xxx/CVE-2016-2143.json | 83 +- 2016/2xxx/CVE-2016-2145.json | 73 +- 2016/2xxx/CVE-2016-2173.json | 85 +- 2016/2xxx/CVE-2016-2183.json | 384 +-------- 2016/2xxx/CVE-2016-2184.json | 217 +++--- 2016/2xxx/CVE-2016-2185.json | 211 ++--- 2016/3xxx/CVE-2016-3093.json | 85 +- 2016/3xxx/CVE-2016-3094.json | 107 +-- 2016/3xxx/CVE-2016-3095.json | 85 +- 2016/6xxx/CVE-2016-6830.json | 67 +- 2016/6xxx/CVE-2016-6831.json | 67 +- 2016/6xxx/CVE-2016-6836.json | 97 +-- 2016/8xxx/CVE-2016-8608.json | 116 +-- 2016/8xxx/CVE-2016-8610.json | 294 +++---- 2016/8xxx/CVE-2016-8611.json | 122 +-- 2016/8xxx/CVE-2016-8612.json | 140 +--- 2016/8xxx/CVE-2016-8630.json | 75 +- 2016/8xxx/CVE-2016-8631.json | 45 +- 2016/8xxx/CVE-2016-8632.json | 79 +- 2016/8xxx/CVE-2016-8636.json | 107 +-- 2016/8xxx/CVE-2016-8638.json | 73 +- 2016/8xxx/CVE-2016-8641.json | 122 +-- 2016/8xxx/CVE-2016-8642.json | 67 +- 2016/8xxx/CVE-2016-8646.json | 82 +- 2016/8xxx/CVE-2016-8648.json | 104 +-- 2016/8xxx/CVE-2016-8649.json | 91 +-- 2016/8xxx/CVE-2016-8650.json | 87 +-- 2016/8xxx/CVE-2016-8651.json | 63 +- 2016/8xxx/CVE-2016-8668.json | 91 +-- 2016/8xxx/CVE-2016-8669.json | 134 +--- 2016/8xxx/CVE-2016-8909.json | 134 +--- 2016/8xxx/CVE-2016-8910.json | 134 +--- 2016/9xxx/CVE-2016-9580.json | 125 +-- 2016/9xxx/CVE-2016-9581.json | 125 +-- 2017/12xxx/CVE-2017-12168.json | 65 +- 2017/12xxx/CVE-2017-12169.json | 71 +- 2017/12xxx/CVE-2017-12170.json | 62 +- 2017/12xxx/CVE-2017-12171.json | 26 +- 2017/12xxx/CVE-2017-12174.json | 131 ++-- 2017/12xxx/CVE-2017-12175.json | 1140 +-------------------------- 2017/12xxx/CVE-2017-12188.json | 66 +- 2017/12xxx/CVE-2017-12189.json | 95 +-- 2017/12xxx/CVE-2017-12190.json | 90 +-- 2017/12xxx/CVE-2017-12191.json | 63 +- 2017/12xxx/CVE-2017-12192.json | 99 +-- 2017/12xxx/CVE-2017-12193.json | 70 +- 2017/12xxx/CVE-2017-12194.json | 83 +- 2017/12xxx/CVE-2017-12195.json | 1327 +------------------------------- 2017/12xxx/CVE-2017-12197.json | 95 +-- 2017/15xxx/CVE-2017-15085.json | 38 +- 2017/15xxx/CVE-2017-15086.json | 38 +- 2017/15xxx/CVE-2017-15087.json | 38 +- 2017/15xxx/CVE-2017-15091.json | 78 +- 2017/15xxx/CVE-2017-15096.json | 75 +- 2017/15xxx/CVE-2017-15097.json | 141 +--- 2017/15xxx/CVE-2017-15100.json | 1160 +--------------------------- 2017/15xxx/CVE-2017-15103.json | 36 +- 2017/15xxx/CVE-2017-15104.json | 44 +- 2017/15xxx/CVE-2017-15107.json | 77 +- 2023/0xxx/CVE-2023-0795.json | 18 + 74 files changed, 2383 insertions(+), 8567 deletions(-) create mode 100644 2023/0xxx/CVE-2023-0795.json diff --git a/2016/0xxx/CVE-2016-0723.json b/2016/0xxx/CVE-2016-0723.json index fc4485a34dd..40e6870292c 100644 --- a/2016/0xxx/CVE-2016-0723.json +++ b/2016/0xxx/CVE-2016-0723.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-0723", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,152 +27,176 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://security-tracker.debian.org/tracker/CVE-2016-0723", - "refsource": "CONFIRM", - "url": "https://security-tracker.debian.org/tracker/CVE-2016-0723" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { - "name": "USN-2930-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2930-1" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { - "name": "USN-2967-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2967-1" + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", + "refsource": "MISC", + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { - "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1296253", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296253" + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c17c861a357e9458001f021a7afa7aab9937439", + "refsource": "MISC", + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c17c861a357e9458001f021a7afa7aab9937439" }, { - "name": "USN-2930-2", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2930-2" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html" }, { - "name": "DSA-3503", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2016/dsa-3503" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { - "name": "USN-2967-2", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2967-2" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" }, { - "name": "SUSE-SU-2016:1764", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { - "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c17c861a357e9458001f021a7afa7aab9937439", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c17c861a357e9458001f021a7afa7aab9937439" + "url": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "MISC", + "name": "http://source.android.com/security/bulletin/2016-07-01.html" }, { - "name": "USN-2930-3", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2930-3" + "url": "http://www.debian.org/security/2016/dsa-3448", + "refsource": "MISC", + "name": "http://www.debian.org/security/2016/dsa-3448" }, { - "name": "SUSE-SU-2016:1102", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" + "url": "http://www.debian.org/security/2016/dsa-3503", + "refsource": "MISC", + "name": "http://www.debian.org/security/2016/dsa-3503" }, { - "name": "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource": "CONFIRM", - "url": "http://source.android.com/security/bulletin/2016-07-01.html" + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "refsource": "MISC", + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { - "name": "USN-2929-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2929-1" + "url": "http://www.securityfocus.com/bid/82950", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/82950" }, { - "name": "USN-2932-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2932-1" + "url": "http://www.securitytracker.com/id/1035695", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1035695" }, { - "name": "82950", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/82950" + "url": "http://www.ubuntu.com/usn/USN-2929-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2929-1" }, { - "name": "FEDORA-2016-5d43766e33", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" + "url": "http://www.ubuntu.com/usn/USN-2929-2", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2929-2" }, { - "name": "SUSE-SU-2016:2074", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" + "url": "http://www.ubuntu.com/usn/USN-2930-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2930-1" }, { - "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" + "url": "http://www.ubuntu.com/usn/USN-2930-2", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2930-2" }, { - "name": "1035695", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1035695" + "url": "http://www.ubuntu.com/usn/USN-2930-3", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2930-3" }, { - "name": "USN-2948-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2948-1" + "url": "http://www.ubuntu.com/usn/USN-2932-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2932-1" }, { - "name": "DSA-3448", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2016/dsa-3448" + "url": "http://www.ubuntu.com/usn/USN-2948-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2948-1" }, { - "name": "openSUSE-SU-2016:1008", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" + "url": "http://www.ubuntu.com/usn/USN-2948-2", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2948-2" }, { - "name": "USN-2929-2", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2929-2" + "url": "http://www.ubuntu.com/usn/USN-2967-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2967-1" }, { - "name": "https://github.com/torvalds/linux/commit/5c17c861a357e9458001f021a7afa7aab9937439", - "refsource": "CONFIRM", - "url": "https://github.com/torvalds/linux/commit/5c17c861a357e9458001f021a7afa7aab9937439" + "url": "http://www.ubuntu.com/usn/USN-2967-2", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2967-2" }, { - "name": "USN-2948-2", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2948-2" + "url": "https://github.com/torvalds/linux/commit/5c17c861a357e9458001f021a7afa7aab9937439", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/5c17c861a357e9458001f021a7afa7aab9937439" }, { - "name": "FEDORA-2016-2f25d12c51", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html" + "url": "https://security-tracker.debian.org/tracker/CVE-2016-0723", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2016-0723" }, { - "name": "SUSE-SU-2016:0911", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" + "url": "https://support.f5.com/csp/article/K43650115", + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K43650115" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K43650115", - "url": "https://support.f5.com/csp/article/K43650115" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296253", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1296253" } ] } diff --git a/2016/0xxx/CVE-2016-0774.json b/2016/0xxx/CVE-2016-0774.json index 24723ef6b8b..918afd7c631 100644 --- a/2016/0xxx/CVE-2016-0774.json +++ b/2016/0xxx/CVE-2016-0774.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-0774", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,127 +27,151 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "USN-2967-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2967-1" + "url": "http://www.ubuntu.com/usn/USN-2968-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2968-1" }, { - "name": "http://source.android.com/security/bulletin/2016-05-01.html", - "refsource": "CONFIRM", - "url": "http://source.android.com/security/bulletin/2016-05-01.html" + "url": "http://www.ubuntu.com/usn/USN-2968-2", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2968-2" }, { - "name": "SUSE-SU-2016:1038", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html" + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "MISC", + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { - "name": "SUSE-SU-2016:1033", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html" + "url": "http://www.debian.org/security/2016/dsa-3503", + "refsource": "MISC", + "name": "http://www.debian.org/security/2016/dsa-3503" }, { - "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + "url": "http://www.ubuntu.com/usn/USN-2967-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2967-1" }, { - "name": "DSA-3503", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2016/dsa-3503" + "url": "http://www.ubuntu.com/usn/USN-2967-2", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2967-2" }, { - "name": "SUSE-SU-2016:1034", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html" + "url": "http://source.android.com/security/bulletin/2016-05-01.html", + "refsource": "MISC", + "name": "http://source.android.com/security/bulletin/2016-05-01.html" }, { - "name": "USN-2967-2", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2967-2" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html" }, { - "name": "RHSA-2016:0494", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-0494.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html" }, { - "name": "USN-2968-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2968-1" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html" }, { - "name": "SUSE-SU-2016:1035", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html" }, { - "name": "SUSE-SU-2016:1031", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html" }, { - "name": "SUSE-SU-2016:1037", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html" }, { - "name": "SUSE-SU-2016:1045", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html" }, { - "name": "USN-2968-2", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2968-2" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html" }, { - "name": "SUSE-SU-2016:1032", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html" }, { - "name": "SUSE-SU-2016:1039", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html" }, { - "name": "RHSA-2016:0617", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-0617.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html" }, { - "name": "https://security-tracker.debian.org/tracker/CVE-2016-0774", - "refsource": "CONFIRM", - "url": "https://security-tracker.debian.org/tracker/CVE-2016-0774" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html" }, { - "name": "SUSE-SU-2016:1041", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html" + "url": "http://rhn.redhat.com/errata/RHSA-2016-0494.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-0494.html" }, { - "name": "SUSE-SU-2016:1046", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html" + "url": "http://rhn.redhat.com/errata/RHSA-2016-0617.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-0617.html" }, { - "name": "84126", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/84126" + "url": "http://www.securityfocus.com/bid/84126", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/84126" }, { - "name": "SUSE-SU-2016:1040", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html" + "url": "https://security-tracker.debian.org/tracker/CVE-2016-0774", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2016-0774" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1303961", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303961" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303961", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1303961" } ] } diff --git a/2016/0xxx/CVE-2016-0775.json b/2016/0xxx/CVE-2016-0775.json index 227d468f4cc..883a153a0ac 100644 --- a/2016/0xxx/CVE-2016-0775.json +++ b/2016/0xxx/CVE-2016-0775.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-0775", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,27 +27,51 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "GLSA-201612-52", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201612-52" + "url": "http://www.debian.org/security/2016/dsa-3499", + "refsource": "MISC", + "name": "http://www.debian.org/security/2016/dsa-3499" }, { - "name": "https://github.com/python-pillow/Pillow/commit/893a40850c2d5da41537958e40569c029a6e127b", - "refsource": "CONFIRM", - "url": "https://github.com/python-pillow/Pillow/commit/893a40850c2d5da41537958e40569c029a6e127b" + "url": "https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst", + "refsource": "MISC", + "name": "https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst" }, { - "name": "DSA-3499", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2016/dsa-3499" + "url": "https://security.gentoo.org/glsa/201612-52", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201612-52" }, { - "name": "https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst", - "refsource": "CONFIRM", - "url": "https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst" + "url": "https://github.com/python-pillow/Pillow/commit/893a40850c2d5da41537958e40569c029a6e127b", + "refsource": "MISC", + "name": "https://github.com/python-pillow/Pillow/commit/893a40850c2d5da41537958e40569c029a6e127b" } ] } diff --git a/2016/0xxx/CVE-2016-0793.json b/2016/0xxx/CVE-2016-0793.json index 202387c8396..2a35fa21e9a 100644 --- a/2016/0xxx/CVE-2016-0793.json +++ b/2016/0xxx/CVE-2016-0793.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-0793", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,32 +27,56 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03784en_us", - "refsource": "CONFIRM", - "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03784en_us" - }, - { - "name": "http://packetstormsecurity.com/files/136323/Wildfly-Filter-Restriction-Bypass-Information-Disclosure.html", + "url": "http://packetstormsecurity.com/files/136323/Wildfly-Filter-Restriction-Bypass-Information-Disclosure.html", "refsource": "MISC", - "url": "http://packetstormsecurity.com/files/136323/Wildfly-Filter-Restriction-Bypass-Information-Disclosure.html" + "name": "http://packetstormsecurity.com/files/136323/Wildfly-Filter-Restriction-Bypass-Information-Disclosure.html" }, { - "name": "39573", - "refsource": "EXPLOIT-DB", - "url": "https://www.exploit-db.com/exploits/39573/" + "url": "https://security.netapp.com/advisory/ntap-20180215-0001/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20180215-0001/" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1305937", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1305937" + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03784en_us", + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03784en_us" }, { - "name": "https://security.netapp.com/advisory/ntap-20180215-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20180215-0001/" + "url": "https://www.exploit-db.com/exploits/39573/", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/39573/" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1305937", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1305937" } ] } diff --git a/2016/0xxx/CVE-2016-0794.json b/2016/0xxx/CVE-2016-0794.json index 21dd99c36c7..c9598f4cf36 100644 --- a/2016/0xxx/CVE-2016-0794.json +++ b/2016/0xxx/CVE-2016-0794.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple flaws were found in the Lotus Word Pro (LWP) document format parser in LibreOffice. By tricking a user into opening a specially crafted LWP document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file." + "value": "The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer", - "cweId": "CWE-119" + "value": "n/a" } ] } @@ -32,28 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:0.5.1-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.0.3-1.el7", - "version_affected": "!" - }, - { - "version_value": "1:5.0.6.2-3.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.12.1-1.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -101,21 +88,6 @@ "refsource": "MISC", "name": "http://www.ubuntu.com/usn/USN-2899-1" }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:2579", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:2579" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-0794", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-0794" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1306609", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1306609" - }, { "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/", "refsource": "MISC", @@ -137,30 +109,5 @@ "name": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1222" } ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 6.8, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "PARTIAL", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "version": "2.0" - } - ] } } \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0795.json b/2016/0xxx/CVE-2016-0795.json index 2042f404e2f..2f114e3fd7b 100644 --- a/2016/0xxx/CVE-2016-0795.json +++ b/2016/0xxx/CVE-2016-0795.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple flaws were found in the Lotus Word Pro (LWP) document format parser in LibreOffice. By tricking a user into opening a specially crafted LWP document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file." + "value": "LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer", - "cweId": "CWE-119" + "value": "n/a" } ] } @@ -32,28 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:0.5.1-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.0.3-1.el7", - "version_affected": "!" - }, - { - "version_value": "1:5.0.6.2-3.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.12.1-1.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -101,21 +88,6 @@ "refsource": "MISC", "name": "http://www.ubuntu.com/usn/USN-2899-1" }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:2579", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:2579" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1306609", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1306609" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-0795", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-0795" - }, { "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/", "refsource": "MISC", @@ -127,30 +99,5 @@ "name": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1223" } ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 6.8, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "PARTIAL", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "version": "2.0" - } - ] } } \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10163.json b/2016/10xxx/CVE-2016-10163.json index 60328240eb2..63b4a98885a 100644 --- a/2016/10xxx/CVE-2016-10163.json +++ b/2016/10xxx/CVE-2016-10163.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-10163", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,37 +27,61 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "GLSA-201707-06", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201707-06" + "url": "http://www.openwall.com/lists/oss-security/2017/01/24/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2017/01/24/2" }, { - "name": "[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0", - "refsource": "MLIST", - "url": "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html" + "url": "http://www.openwall.com/lists/oss-security/2017/01/25/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2017/01/25/4" }, { - "name": "[oss-security] 20170124 CVE request Virglrenderer: host memory leakage when creating decode context", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2017/01/24/2" + "url": "http://www.securityfocus.com/bid/95784", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/95784" }, { - "name": "https://cgit.freedesktop.org/virglrenderer/commit/?id=747a293ff6055203e529f083896b823e22523fe7", - "refsource": "CONFIRM", - "url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=747a293ff6055203e529f083896b823e22523fe7" + "url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=747a293ff6055203e529f083896b823e22523fe7", + "refsource": "MISC", + "name": "https://cgit.freedesktop.org/virglrenderer/commit/?id=747a293ff6055203e529f083896b823e22523fe7" }, { - "name": "[oss-security] 20170125 Re: CVE request Virglrenderer: host memory leakage when creating decode context", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2017/01/25/4" + "url": "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html", + "refsource": "MISC", + "name": "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html" }, { - "name": "95784", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/95784" + "url": "https://security.gentoo.org/glsa/201707-06", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201707-06" } ] } diff --git a/2016/10xxx/CVE-2016-10214.json b/2016/10xxx/CVE-2016-10214.json index ba287fbaadc..a65bf804b25 100644 --- a/2016/10xxx/CVE-2016-10214.json +++ b/2016/10xxx/CVE-2016-10214.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-10214", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,32 +27,56 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "GLSA-201707-06", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201707-06" + "url": "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html", + "refsource": "MISC", + "name": "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html" }, { - "name": "[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0", - "refsource": "MLIST", - "url": "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html" + "url": "https://security.gentoo.org/glsa/201707-06", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201707-06" }, { - "name": "https://cgit.freedesktop.org/virglrenderer/commit/?id=40b0e7813325b08077b6f541b3989edb2d86d837", - "refsource": "CONFIRM", - "url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=40b0e7813325b08077b6f541b3989edb2d86d837" + "url": "http://www.openwall.com/lists/oss-security/2017/02/09/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2017/02/09/5" }, { - "name": "96181", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/96181" + "url": "http://www.securityfocus.com/bid/96181", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/96181" }, { - "name": "[oss-security] 20170208 Re: CVE request virglrenderer: host memory leak issue in virgl_resource_attach_backing", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2017/02/09/5" + "url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=40b0e7813325b08077b6f541b3989edb2d86d837", + "refsource": "MISC", + "name": "https://cgit.freedesktop.org/virglrenderer/commit/?id=40b0e7813325b08077b6f541b3989edb2d86d837" } ] } diff --git a/2016/1xxx/CVE-2016-1714.json b/2016/1xxx/CVE-2016-1714.json index ac3bba5ed9f..45946738021 100644 --- a/2016/1xxx/CVE-2016-1714.json +++ b/2016/1xxx/CVE-2016-1714.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process." + "value": "The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Out-of-bounds Read", - "cweId": "CWE-125" + "value": "n/a" } ] } @@ -32,104 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 6", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "2:0.12.1.2-2.479.el6_7.4", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "10:1.5.3-105.el7_2.3", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6", - "version": { - "version_data": [ - { - "version_value": "2:0.12.1.2-2.479.el6_7.4", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", - "version": { - "version_data": [ - { - "version_value": "10:2.3.0-31.el7_2.7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", - "version": { - "version_data": [ - { - "version_value": "10:2.3.0-31.el7_2.7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7", - "version": { - "version_data": [ - { - "version_value": "10:2.3.0-31.el7_2.7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "RHEV 3.6 For IBM Power Systems", - "version": { - "version_data": [ - { - "version_value": "10:2.3.0-31.el7_2.7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6", - "version": { - "version_data": [ - { - "version_value": "2:0.12.1.2-2.479.el6_7.4", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "RHEV 3.X Hypervisor and Agents for RHEL-7", - "version": { - "version_data": [ - { - "version_value": "10:2.3.0-31.el7_2.7", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -187,26 +98,6 @@ "refsource": "MISC", "name": "http://rhn.redhat.com/errata/RHSA-2016-0088.html" }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:0084", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:0084" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:0086", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:0086" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:0087", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:0087" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:0088", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:0088" - }, { "url": "http://rhn.redhat.com/errata/RHSA-2016-0081.html", "refsource": "MISC", @@ -252,66 +143,11 @@ "refsource": "MISC", "name": "http://www.securitytracker.com/id/1034858" }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:0081", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:0081" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:0082", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:0082" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:0083", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:0083" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:0085", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:0085" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-1714", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-1714" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296060", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1296060" - }, { "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html", "refsource": "MISC", "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html" } ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "ADJACENT_NETWORK", - "authentication": "SINGLE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 4.9, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "PARTIAL", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P", - "version": "2.0" - } - ] } } \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1905.json b/2016/1xxx/CVE-2016-1905.json index f75dd76886e..ce6d588136e 100644 --- a/2016/1xxx/CVE-2016-1905.json +++ b/2016/1xxx/CVE-2016-1905.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to gain additional access to resources such as RAM and disk space." + "value": "The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Authorization", - "cweId": "CWE-285" + "value": "n/a" } ] } @@ -32,327 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat OpenShift Enterprise 3.0", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:3.0.2.0-0.git.45.423f434.el7ose", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenShift Enterprise 3.1", - "version": { - "version_data": [ - { - "version_value": "0:3.1.1.6-1.git.0.b57e8bd.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.18.2-3.gitaf4752e.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.625.3-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.1.3-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.1.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.1.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.3.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.2.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.0.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.0.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.3.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.8.2-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.4.1-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.4.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.0.1-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.3.2-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.1.1-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:3.4.2-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.1.0-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.2.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:3.0.2-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:3.3.2-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.1.4-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.8.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.3.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.2.3-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.1.3-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.3.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:5.2.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:4.1.2-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.1.0-6.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.0.2-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.0.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.1.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.0.1-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:3.0.2-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:3.2.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:3.0.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:3.1.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:3.1.2-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:3.9.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:3.0.4-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:3.0.9-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:3.6.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.1.0-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.3.5-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.5.0-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.8.1-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:4.0.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.4.0-5.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.3.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.2.0-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.0.11-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.2.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.1.5-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.1.2-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:3.0.1-3.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.0.0-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.4.2-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:3.0.3-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:5.1.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.1.5-3.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.3.3-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.2.1-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.0.2-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.3.4-4.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.0.0-3.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.0.3-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.6.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.1.2-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.0.3-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.0.35-1.git.0.6a386dd.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.4.0-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.5.0-1.el7aos", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -370,51 +58,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2016:0070" }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:0351", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:0351" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-1905", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-1905" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1297910", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1297910" - }, { "url": "https://github.com/kubernetes/kubernetes/issues/19479", "refsource": "MISC", "name": "https://github.com/kubernetes/kubernetes/issues/19479" } ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "LOW", - "accessVector": "NETWORK", - "authentication": "SINGLE", - "availabilityImpact": "NONE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 4, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "version": "2.0" - } - ] } } \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2094.json b/2016/2xxx/CVE-2016-2094.json index 558e6535397..8f2d06b4440 100644 --- a/2016/2xxx/CVE-2016-2094.json +++ b/2016/2xxx/CVE-2016-2094.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-2094", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,37 +27,61 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2016:0599", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-0599.html" + "url": "http://rhn.redhat.com/errata/RHSA-2016-0595.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-0595.html" }, { - "name": "RHSA-2016:0596", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-0596.html" + "url": "http://rhn.redhat.com/errata/RHSA-2016-0596.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-0596.html" }, { - "name": "RHSA-2016:0595", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-0595.html" + "url": "http://rhn.redhat.com/errata/RHSA-2016-0597.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-0597.html" }, { - "name": "RHSA-2016:0598", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-0598.html" + "url": "http://rhn.redhat.com/errata/RHSA-2016-0598.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-0598.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1308465", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308465" + "url": "http://rhn.redhat.com/errata/RHSA-2016-0599.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-0599.html" }, { - "name": "RHSA-2016:0597", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-0597.html" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308465", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1308465" } ] } diff --git a/2016/2xxx/CVE-2016-2103.json b/2016/2xxx/CVE-2016-2103.json index 213e13fa211..4447d2a5c10 100644 --- a/2016/2xxx/CVE-2016-2103.json +++ b/2016/2xxx/CVE-2016-2103.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple cross-site scripting (XSS) flaws were found in the way certain form data was handled in Red Hat Satellite. A user able to enter form data could use these flaws to perform XSS attacks against other Satellite users." + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to systems/PhysicalList.do or (2) unspecified vectors involving systems/VirtualSystemsList.do." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" + "value": "n/a" } ] } @@ -32,16 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Satellite 5.7", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:2.3.8-134.el6sat", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -59,46 +58,11 @@ "refsource": "MISC", "name": "http://rhn.redhat.com/errata/RHSA-2016-0590.html" }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:0590", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:0590" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-2103", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-2103" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1305681", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1305681" } ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "NONE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 4.3, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "version": "2.0" - } - ] } } \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2104.json b/2016/2xxx/CVE-2016-2104.json index 5aa1bb01e23..7db38a9d9a1 100644 --- a/2016/2xxx/CVE-2016-2104.json +++ b/2016/2xxx/CVE-2016-2104.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple cross-site scripting (XSS) flaws were found in the way HTTP GET parameter data was handled in Red Hat Satellite. A user able to provide malicious links to a Satellite user could use these flaws to perform XSS attacks against other Satellite users." + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) or (6) tags." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" + "value": "n/a" } ] } @@ -32,16 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Satellite 5.7", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:2.3.8-134.el6sat", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -60,55 +59,14 @@ "name": "http://rhn.redhat.com/errata/RHSA-2016-0590.html" }, { - "url": "https://access.redhat.com/errata/RHSA-2016:0590", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1313515", "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:0590" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-2104", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-2104" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1313515" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1305677", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1305677" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1313515", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1313515" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Adam Willard (Raytheon Foreground Security) for reporting this issue." - } - ], - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "NONE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 4.3, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "version": "2.0" } ] } diff --git a/2016/2xxx/CVE-2016-2123.json b/2016/2xxx/CVE-2016-2123.json index ed27c1c8539..f99369731eb 100644 --- a/2016/2xxx/CVE-2016-2123.json +++ b/2016/2xxx/CVE-2016-2123.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-2123", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "samba", - "version": { - "version_data": [ - { - "version_value": "versions 4.0.0 to 4.5.2" - } - ] - } - } - ] - }, - "vendor_name": "[UNKNOWN]" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,55 +15,82 @@ } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - ], - [ - { - "vectorString": "7.9/AV:A/AC:M/Au:N/C:C/I:C/A:C", - "version": "2.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-122" + "value": "CWE-122", + "cweId": "CWE-122" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "samba", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "versions 4.0.0 to 4.5.2" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.samba.org/samba/security/CVE-2016-2123.html", - "refsource": "CONFIRM", - "url": "https://www.samba.org/samba/security/CVE-2016-2123.html" + "url": "http://www.securityfocus.com/bid/94970", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94970" }, { - "name": "94970", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/94970" + "url": "http://www.securitytracker.com/id/1037493", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1037493" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123" }, { - "name": "1037493", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1037493" + "url": "https://www.samba.org/samba/security/CVE-2016-2123.html", + "refsource": "MISC", + "name": "https://www.samba.org/samba/security/CVE-2016-2123.html" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" } ] } diff --git a/2016/2xxx/CVE-2016-2143.json b/2016/2xxx/CVE-2016-2143.json index 220d603a90d..b3c8090117c 100644 --- a/2016/2xxx/CVE-2016-2143.json +++ b/2016/2xxx/CVE-2016-2143.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "It was reported that on s390x, the fork of a process with four page table levels will cause memory corruption with a variety of symptoms. All processes are created with three level page table and a limit of 4TB for the address space. If the parent process has four page table levels with a limit of 8PB, the function that duplicates the address space will try to copy memory areas outside of the address space limit for the child process." + "value": "The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer", - "cweId": "CWE-119" + "value": "n/a" } ] } @@ -32,27 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 6", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:2.6.32-642.11.1.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "0:3.10.0-327.28.2.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -105,11 +93,6 @@ "refsource": "MISC", "name": "http://rhn.redhat.com/errata/RHSA-2016-1539.html" }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:1539", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:1539" - }, { "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3446c13b268af86391d06611327006b059b8bab1", "refsource": "MISC", @@ -125,21 +108,6 @@ "refsource": "MISC", "name": "http://rhn.redhat.com/errata/RHSA-2016-2766.html" }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:2766", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:2766" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-2143", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-2143" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308908", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1308908" - }, { "url": "https://github.com/torvalds/linux/commit/3446c13b268af86391d06611327006b059b8bab1", "refsource": "MISC", @@ -151,44 +119,5 @@ "name": "https://security-tracker.debian.org/tracker/CVE-2016-2143" } ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "HIGH", - "accessVector": "LOCAL", - "authentication": "NONE", - "availabilityImpact": "COMPLETE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 6.2, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "COMPLETE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "COMPLETE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "version": "2.0" - }, - { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" - } - ] } } \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2145.json b/2016/2xxx/CVE-2016-2145.json index 4814c5fd1a6..f9422b24afe 100644 --- a/2016/2xxx/CVE-2016-2145.json +++ b/2016/2xxx/CVE-2016-2145.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-2145", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,22 +27,46 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[modmellon] 20160309 security update: mod_auth_mellon version 0.11.1", - "refsource": "MLIST", - "url": "https://sympa.uninett.no/lists/uninett.no/arc/modmellon/2016-03/msg00000.html" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179085.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179085.html" }, { - "name": "https://github.com/UNINETT/mod_auth_mellon/pull/71", - "refsource": "CONFIRM", - "url": "https://github.com/UNINETT/mod_auth_mellon/pull/71" + "url": "https://github.com/UNINETT/mod_auth_mellon/pull/71", + "refsource": "MISC", + "name": "https://github.com/UNINETT/mod_auth_mellon/pull/71" }, { - "name": "FEDORA-2016-5cf6959198", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179085.html" + "url": "https://sympa.uninett.no/lists/uninett.no/arc/modmellon/2016-03/msg00000.html", + "refsource": "MISC", + "name": "https://sympa.uninett.no/lists/uninett.no/arc/modmellon/2016-03/msg00000.html" } ] } diff --git a/2016/2xxx/CVE-2016-2173.json b/2016/2xxx/CVE-2016-2173.json index ed827f539c4..cb02c0ef3c5 100644 --- a/2016/2xxx/CVE-2016-2173.json +++ b/2016/2xxx/CVE-2016-2173.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-2173", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,32 +27,56 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "FEDORA-2016-6cf17ad0df", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182959.html" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182551.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182551.html" }, { - "name": "FEDORA-2016-005ac9cfd5", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182551.html" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182850.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182850.html" }, { - "name": "https://pivotal.io/security/cve-2016-2173", - "refsource": "CONFIRM", - "url": "https://pivotal.io/security/cve-2016-2173" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182959.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182959.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1326205", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326205" + "url": "https://pivotal.io/security/cve-2016-2173", + "refsource": "MISC", + "name": "https://pivotal.io/security/cve-2016-2173" }, { - "name": "FEDORA-2016-f099190fee", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182850.html" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326205", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1326205" } ] } diff --git a/2016/2xxx/CVE-2016-2183.json b/2016/2xxx/CVE-2016-2183.json index 27dbd50a8e4..23416224adb 100644 --- a/2016/2xxx/CVE-2016-2183.json +++ b/2016/2xxx/CVE-2016-2183.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite." + "value": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Use of a Broken or Risky Cryptographic Algorithm", - "cweId": "CWE-327" + "value": "n/a" } ] } @@ -32,280 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "JBoss Core Services on RHEL 6", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:2.4.23-122.jbcs.el6", - "version_affected": "!" - }, - { - "version_value": "1:1.0.2h-14.jbcs.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "JBoss Core Services on RHEL 7", - "version": { - "version_data": [ - { - "version_value": "0:2.4.23-122.jbcs.el7", - "version_affected": "!" - }, - { - "version_value": "1:1.0.2h-14.jbcs.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 5 Supplementary", - "version": { - "version_data": [ - { - "version_value": "1:1.7.0.10.1-1jpp.1.el5_11", - "version_affected": "!" - }, - { - "version_value": "1:1.6.0.16.41-1jpp.1.el5_11", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 6 Supplementary", - "version": { - "version_data": [ - { - "version_value": "1:1.7.1.4.1-1jpp.1.el6_8", - "version_affected": "!" - }, - { - "version_value": "1:1.6.0.16.41-1jpp.1.el6_8", - "version_affected": "!" - }, - { - "version_value": "1:1.8.0.4.1-1jpp.1.el6_8", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "0:2.7.5-69.el7_5", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7 Supplementary", - "version": { - "version_data": [ - { - "version_value": "1:1.7.1.4.1-1jpp.2.el7", - "version_affected": "!" - }, - { - "version_value": "1:1.8.0.4.1-1jpp.2.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", - "version": { - "version_data": [ - { - "version_value": "0:2.2.26-57.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "1:1.0.2h-14.jbcs.el6", - "version_affected": "!" - }, - { - "version_value": "0:1.2.13-9.Final_redhat_2.ep6.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", - "version": { - "version_data": [ - { - "version_value": "0:2.2.26-58.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "1:1.0.2h-14.jbcs.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.2.13-9.Final_redhat_2.ep6.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6", - "version": { - "version_data": [ - { - "version_value": "0:2.2.26-57.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "1:1.0.2h-14.jbcs.el6", - "version_affected": "!" - }, - { - "version_value": "0:1.2.13-9.Final_redhat_2.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:6.0.41-19_patch_04.ep6.el6", - "version_affected": "!" - }, - { - "version_value": "0:7.0.54-28_patch_05.ep6.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7", - "version": { - "version_data": [ - { - "version_value": "0:2.2.26-58.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "1:1.0.2h-14.jbcs.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.2.13-9.Final_redhat_2.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:6.0.41-19_patch_04.ep6.el7", - "version_affected": "!" - }, - { - "version_value": "0:7.0.54-28_patch_05.ep6.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenShift Container Platform 3.11", - "version": { - "version_data": [ - { - "version_value": "v3.11.141-2", - "version_affected": "!" - }, - { - "version_value": "v3.11.141-3", - "version_affected": "!" - }, - { - "version_value": "v3.11.141-1", - "version_affected": "!" - }, - { - "version_value": "v3.11.170-5", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenShift Container Platform 4.1", - "version": { - "version_data": [ - { - "version_value": "v4.1.18-201909201915", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenShift Container Platform 4.5", - "version": { - "version_data": [ - { - "version_value": "v4.5.0-202009201759.p0", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenShift Container Platform 4.6", - "version": { - "version_data": [ - { - "version_value": "v4.6.0-202101300140.p0", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenShift Container Platform 4.8", - "version": { - "version_data": [ - { - "version_value": "v4.8.0-202107161820.p0.git.051ac4f.assembly.stream", - "version_affected": "!" - }, - { - "version_value": "v4.8.0-202107011817.p0.git.29813c8.assembly.stream", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Satellite 5.6", - "version": { - "version_data": [ - { - "version_value": "1:1.7.1.4.1-1jpp.1.el6_8", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Satellite 5.7", - "version": { - "version_data": [ - { - "version_value": "1:1.7.1.4.1-1jpp.1.el6_8", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -718,36 +453,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/articles/2548661" }, - { - "url": "https://access.redhat.com/errata/RHBA-2019:2581", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHBA-2019:2581" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:1940", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:1940" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2017:0336", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2017:0336" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2017:0337", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2017:0337" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2017:0338", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2017:0338" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2017:0462", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2017:0462" - }, { "url": "https://access.redhat.com/errata/RHSA-2017:1216", "refsource": "MISC", @@ -808,26 +513,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2020:0451" }, - { - "url": "https://access.redhat.com/errata/RHSA-2020:3842", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2020:3842" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2021:0308", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2021:0308" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2021:2438", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2021:2438" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-2183", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-2183" - }, { "url": "https://access.redhat.com/security/cve/cve-2016-2183", "refsource": "MISC", @@ -838,11 +523,6 @@ "refsource": "MISC", "name": "https://bto.bluecoat.com/security-advisory/sa133" }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" - }, { "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", "refsource": "MISC", @@ -1042,57 +722,11 @@ "url": "https://www.tenable.com/security/tns-2017-09", "refsource": "MISC", "name": "https://www.tenable.com/security/tns-2017-09" - } - ] - }, - "work_around": [ - { - "lang": "en", - "value": "1.SSL/TLS configurations should prefer AES over DES. Versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7 already do so. In the version of OpenSSL shipped with Red Hat Enterprise Linux 5, 3DES is listed below the AES-256 cipher and above the AES-128 cipher, therefore AES-256 based ciphersuite should not be disabled on the server.\n2. Servers using OpenSSL, should not disable AES-128 and AES-256 ciphersuites. Versions of Apache shipped with Red Hat Enterprise Linux use the default cipher string, in which AES is preferred over DES/3DES based ciphersuites.\n\nFor JBoss Middleware, and Java mitigations, please review this knowledge base article:\n\nhttps://access.redhat.com/articles/2598471\n\nThis can be mitigated on OpenShift Container Platform (OCP) by disabling the vulnerable TLS cipher suite in the applicable component. TLS configuration options for OCP are described here:\n\nhttps://access.redhat.com/articles/5348961" - } - ], - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank OpenVPN for reporting this issue. Upstream acknowledges Ga\u00ebtan Leurent (Inria) and Karthikeyan Bhargavan (Inria) as the original reporters." - } - ], - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "NONE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 4.3, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "PARTIAL", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "version": "2.0" }, { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 7.5, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "version": "3.0" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" } ] } diff --git a/2016/2xxx/CVE-2016-2184.json b/2016/2xxx/CVE-2016-2184.json index f3fb8f66a0a..71da8a77ef6 100644 --- a/2016/2xxx/CVE-2016-2184.json +++ b/2016/2xxx/CVE-2016-2184.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-2184", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,142 +27,166 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "USN-2971-2", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2971-2" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html" }, { - "name": "SUSE-SU-2016:1690", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html" }, { - "name": "20160310 oss-2016-17: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver)", - "refsource": "BUGTRAQ", - "url": "http://seclists.org/bugtraq/2016/Mar/89" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html" }, { - "name": "84340", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/84340" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { - "name": "USN-2970-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2970-1" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1317012", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317012" + "url": "http://www.debian.org/security/2016/dsa-3607", + "refsource": "MISC", + "name": "http://www.debian.org/security/2016/dsa-3607" }, { - "name": "USN-2969-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2969-1" + "url": "http://www.ubuntu.com/usn/USN-2968-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2968-1" }, { - "name": "USN-2968-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2968-1" + "url": "http://www.ubuntu.com/usn/USN-2968-2", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2968-2" }, { - "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f886ca12765d20124bd06291c82951fd49a33be", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f886ca12765d20124bd06291c82951fd49a33be" + "url": "http://www.ubuntu.com/usn/USN-2969-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2969-1" }, { - "name": "USN-2971-3", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2971-3" + "url": "http://www.ubuntu.com/usn/USN-2970-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2970-1" }, { - "name": "USN-2997-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2997-1" + "url": "http://www.ubuntu.com/usn/USN-2971-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2971-1" }, { - "name": "SUSE-SU-2016:1764", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" + "url": "http://www.ubuntu.com/usn/USN-2971-2", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2971-2" }, { - "name": "DSA-3607", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2016/dsa-3607" + "url": "http://www.ubuntu.com/usn/USN-2971-3", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2971-3" }, { - "name": "USN-2971-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2971-1" + "url": "http://www.ubuntu.com/usn/USN-2996-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2996-1" }, { - "name": "SUSE-SU-2016:1707", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html" + "url": "http://www.ubuntu.com/usn/USN-2997-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2997-1" }, { - "name": "USN-2996-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2996-1" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { - "name": "SUSE-SU-2016:1672", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html" }, { - "name": "SUSE-SU-2016:1019", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html" + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f886ca12765d20124bd06291c82951fd49a33be", + "refsource": "MISC", + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f886ca12765d20124bd06291c82951fd49a33be" }, { - "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", - "refsource": "CONFIRM", - "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1" + "url": "http://seclists.org/bugtraq/2016/Mar/102", + "refsource": "MISC", + "name": "http://seclists.org/bugtraq/2016/Mar/102" }, { - "name": "USN-2968-2", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2968-2" + "url": "http://seclists.org/bugtraq/2016/Mar/88", + "refsource": "MISC", + "name": "http://seclists.org/bugtraq/2016/Mar/88" }, { - "name": "https://github.com/torvalds/linux/commit/0f886ca12765d20124bd06291c82951fd49a33be", - "refsource": "CONFIRM", - "url": "https://github.com/torvalds/linux/commit/0f886ca12765d20124bd06291c82951fd49a33be" + "url": "http://seclists.org/bugtraq/2016/Mar/89", + "refsource": "MISC", + "name": "http://seclists.org/bugtraq/2016/Mar/89" }, { - "name": "https://source.android.com/security/bulletin/2016-11-01.html", - "refsource": "CONFIRM", - "url": "https://source.android.com/security/bulletin/2016-11-01.html" + "url": "http://www.securityfocus.com/bid/84340", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/84340" }, { - "name": "SUSE-SU-2016:2074", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" + "url": "https://github.com/torvalds/linux/commit/0f886ca12765d20124bd06291c82951fd49a33be", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/0f886ca12765d20124bd06291c82951fd49a33be" }, { - "name": "20160310 oss-2016-16: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (snd-usb-audio driver)", - "refsource": "BUGTRAQ", - "url": "http://seclists.org/bugtraq/2016/Mar/88" + "url": "https://source.android.com/security/bulletin/2016-11-01.html", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2016-11-01.html" }, { - "name": "20160314 Re: oss-2016-17: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver)", - "refsource": "BUGTRAQ", - "url": "http://seclists.org/bugtraq/2016/Mar/102" + "url": "https://www.exploit-db.com/exploits/39555/", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/39555/" }, { - "name": "openSUSE-SU-2016:1008", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" + "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", + "refsource": "MISC", + "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1" }, { - "name": "39555", - "refsource": "EXPLOIT-DB", - "url": "https://www.exploit-db.com/exploits/39555/" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317012", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1317012" } ] } diff --git a/2016/2xxx/CVE-2016-2185.json b/2016/2xxx/CVE-2016-2185.json index c17312aede1..f12d7953ad6 100644 --- a/2016/2xxx/CVE-2016-2185.json +++ b/2016/2xxx/CVE-2016-2185.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-2185", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,137 +27,161 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "USN-2971-2", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2971-2" + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d", + "refsource": "MISC", + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d" }, { - "name": "SUSE-SU-2016:1690", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html" }, { - "name": "84341", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/84341" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1283363", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283363" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1317014", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317014" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html" }, { - "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html" }, { - "name": "SUSE-SU-2016:1696", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { - "name": "USN-2970-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2970-1" + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1283362", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283362" + "url": "http://seclists.org/bugtraq/2016/Mar/116", + "refsource": "MISC", + "name": "http://seclists.org/bugtraq/2016/Mar/116" }, { - "name": "20160310 oss-2016-18: Multiple Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)", - "refsource": "BUGTRAQ", - "url": "http://seclists.org/bugtraq/2016/Mar/90" + "url": "http://seclists.org/bugtraq/2016/Mar/90", + "refsource": "MISC", + "name": "http://seclists.org/bugtraq/2016/Mar/90" }, { - "name": "USN-2969-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2969-1" + "url": "http://www.debian.org/security/2016/dsa-3607", + "refsource": "MISC", + "name": "http://www.debian.org/security/2016/dsa-3607" }, { - "name": "USN-2968-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2968-1" + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", + "refsource": "MISC", + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1" }, { - "name": "USN-2971-3", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2971-3" + "url": "http://www.securityfocus.com/bid/84341", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/84341" }, { - "name": "USN-2997-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2997-1" + "url": "http://www.ubuntu.com/usn/USN-2968-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2968-1" }, { - "name": "SUSE-SU-2016:1764", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" + "url": "http://www.ubuntu.com/usn/USN-2968-2", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2968-2" }, { - "name": "DSA-3607", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2016/dsa-3607" + "url": "http://www.ubuntu.com/usn/USN-2969-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2969-1" }, { - "name": "USN-2971-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2971-1" + "url": "http://www.ubuntu.com/usn/USN-2970-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2970-1" }, { - "name": "SUSE-SU-2016:1707", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html" + "url": "http://www.ubuntu.com/usn/USN-2971-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2971-1" }, { - "name": "USN-2996-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2996-1" + "url": "http://www.ubuntu.com/usn/USN-2971-2", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2971-2" }, { - "name": "SUSE-SU-2016:1672", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html" + "url": "http://www.ubuntu.com/usn/USN-2971-3", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2971-3" }, { - "name": "USN-2968-2", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2968-2" + "url": "http://www.ubuntu.com/usn/USN-2996-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2996-1" }, { - "name": "openSUSE-SU-2016:1382", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html" + "url": "http://www.ubuntu.com/usn/USN-2997-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2997-1" }, { - "name": "SUSE-SU-2016:2074", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283362", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1283362" }, { - "name": "https://github.com/torvalds/linux/commit/950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d", - "refsource": "CONFIRM", - "url": "https://github.com/torvalds/linux/commit/950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283363", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1283363" }, { - "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", - "refsource": "CONFIRM", - "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1" + "url": "https://github.com/torvalds/linux/commit/950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d" }, { - "name": "20160315 Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)", - "refsource": "BUGTRAQ", - "url": "http://seclists.org/bugtraq/2016/Mar/116" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317014", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1317014" } ] } diff --git a/2016/3xxx/CVE-2016-3093.json b/2016/3xxx/CVE-2016-3093.json index a9a528f8bc1..db1c848ed7d 100644 --- a/2016/3xxx/CVE-2016-3093.json +++ b/2016/3xxx/CVE-2016-3093.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-3093", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,32 +27,56 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://struts.apache.org/docs/s2-034.html", - "refsource": "CONFIRM", - "url": "http://struts.apache.org/docs/s2-034.html" + "url": "http://struts.apache.org/docs/s2-034.html", + "refsource": "MISC", + "name": "http://struts.apache.org/docs/s2-034.html" }, { - "name": "90961", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/90961" + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854", + "refsource": "MISC", + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854" }, { - "name": "1036018", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1036018" + "url": "http://www.securityfocus.com/bid/90961", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/90961" }, { - "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854", - "refsource": "CONFIRM", - "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854" + "url": "http://www.securitytracker.com/id/1036018", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1036018" }, { - "refsource": "MLIST", - "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", - "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" + "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E" } ] } diff --git a/2016/3xxx/CVE-2016-3094.json b/2016/3xxx/CVE-2016-3094.json index 7a258dfb2f8..e1398465b83 100644 --- a/2016/3xxx/CVE-2016-3094.json +++ b/2016/3xxx/CVE-2016-3094.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-3094", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,42 +27,66 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://issues.apache.org/jira/browse/QPID-7271", - "refsource": "CONFIRM", - "url": "https://issues.apache.org/jira/browse/QPID-7271" - }, - { - "name": "https://svn.apache.org/viewvc?view=revision&revision=1744403", - "refsource": "CONFIRM", - "url": "https://svn.apache.org/viewvc?view=revision&revision=1744403" - }, - { - "name": "1035982", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1035982" - }, - { - "name": "http://packetstormsecurity.com/files/137215/Apache-Qpid-Java-Broker-6.0.2-Denial-Of-Service.html", + "url": "http://mail-archives.apache.org/mod_mbox/qpid-users/201605.mbox/%3C5748641A.2050701%40gmail.com%3E", "refsource": "MISC", - "url": "http://packetstormsecurity.com/files/137215/Apache-Qpid-Java-Broker-6.0.2-Denial-Of-Service.html" + "name": "http://mail-archives.apache.org/mod_mbox/qpid-users/201605.mbox/%3C5748641A.2050701%40gmail.com%3E" }, { - "name": "http://qpid.apache.org/releases/qpid-java-6.0.3/release-notes.html", - "refsource": "CONFIRM", - "url": "http://qpid.apache.org/releases/qpid-java-6.0.3/release-notes.html" + "url": "http://packetstormsecurity.com/files/137215/Apache-Qpid-Java-Broker-6.0.2-Denial-Of-Service.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/137215/Apache-Qpid-Java-Broker-6.0.2-Denial-Of-Service.html" }, { - "name": "20160527 [CVE-2016-3094] Apache Qpid Java Broker denial of service vulnerability", - "refsource": "BUGTRAQ", - "url": "http://www.securityfocus.com/archive/1/538507/100/0/threaded" + "url": "http://qpid.apache.org/releases/qpid-java-6.0.3/release-notes.html", + "refsource": "MISC", + "name": "http://qpid.apache.org/releases/qpid-java-6.0.3/release-notes.html" }, { - "name": "[qpid-users] 20160527 [CVE-2016-3094] Apache Qpid Java Broker denial of service vulnerability", - "refsource": "MLIST", - "url": "http://mail-archives.apache.org/mod_mbox/qpid-users/201605.mbox/%3C5748641A.2050701%40gmail.com%3E" + "url": "http://www.securityfocus.com/archive/1/538507/100/0/threaded", + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/538507/100/0/threaded" + }, + { + "url": "http://www.securitytracker.com/id/1035982", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1035982" + }, + { + "url": "https://issues.apache.org/jira/browse/QPID-7271", + "refsource": "MISC", + "name": "https://issues.apache.org/jira/browse/QPID-7271" + }, + { + "url": "https://svn.apache.org/viewvc?view=revision&revision=1744403", + "refsource": "MISC", + "name": "https://svn.apache.org/viewvc?view=revision&revision=1744403" } ] } diff --git a/2016/3xxx/CVE-2016-3095.json b/2016/3xxx/CVE-2016-3095.json index 02ba51764f8..f0421a74c38 100644 --- a/2016/3xxx/CVE-2016-3095.json +++ b/2016/3xxx/CVE-2016-3095.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-3095", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,32 +27,56 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://github.com/pulp/pulp/pull/2503/commits/9f969b94c4b4f310865455d36db207de6cffebca", - "refsource": "CONFIRM", - "url": "https://github.com/pulp/pulp/pull/2503/commits/9f969b94c4b4f310865455d36db207de6cffebca" + "url": "http://www.openwall.com/lists/oss-security/2016/04/18/11", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/04/18/11" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1322706", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1322706" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182006.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182006.html" }, { - "name": "[oss-security] 20160406 Pulp 2.8.2 release for CVE-2016-3095", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/04/06/3" + "url": "http://www.openwall.com/lists/oss-security/2016/04/06/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/04/06/3" }, { - "name": "FEDORA-2016-f75bd73891", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182006.html" + "url": "https://github.com/pulp/pulp/pull/2503/commits/9f969b94c4b4f310865455d36db207de6cffebca", + "refsource": "MISC", + "name": "https://github.com/pulp/pulp/pull/2503/commits/9f969b94c4b4f310865455d36db207de6cffebca" }, { - "name": "[oss-security] 20160418 CVE-2013-7450: Pulp < 2.3.0 distributed the same CA key to all users", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/04/18/11" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1322706", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1322706" } ] } diff --git a/2016/6xxx/CVE-2016-6830.json b/2016/6xxx/CVE-2016-6830.json index d5cd739f687..7e640e78d8c 100644 --- a/2016/6xxx/CVE-2016-6830.json +++ b/2016/6xxx/CVE-2016-6830.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-6830", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,17 +27,41 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "92550", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/92550" + "url": "http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html", + "refsource": "MISC", + "name": "http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html" }, { - "name": "[chicken-announce] 20160812 [SECURITY] Buffer overrun in process-execute and process-spawn", - "refsource": "MLIST", - "url": "http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html" + "url": "http://www.securityfocus.com/bid/92550", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/92550" } ] } diff --git a/2016/6xxx/CVE-2016-6831.json b/2016/6xxx/CVE-2016-6831.json index bc0143e363c..d6829c775e3 100644 --- a/2016/6xxx/CVE-2016-6831.json +++ b/2016/6xxx/CVE-2016-6831.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-6831", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,17 +27,41 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "92550", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/92550" + "url": "http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html", + "refsource": "MISC", + "name": "http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html" }, { - "name": "[chicken-announce] 20160812 [SECURITY] Buffer overrun in process-execute and process-spawn", - "refsource": "MLIST", - "url": "http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html" + "url": "http://www.securityfocus.com/bid/92550", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/92550" } ] } diff --git a/2016/6xxx/CVE-2016-6836.json b/2016/6xxx/CVE-2016-6836.json index 741a4ca3fb8..c884ea6a646 100644 --- a/2016/6xxx/CVE-2016-6836.json +++ b/2016/6xxx/CVE-2016-6836.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-6836", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,42 +27,66 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "92444", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/92444" + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" }, { - "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=fdda170e50b8af062cf5741e12c4fb5e57a2eacf", - "refsource": "CONFIRM", - "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=fdda170e50b8af062cf5741e12c4fb5e57a2eacf" + "url": "https://security.gentoo.org/glsa/201609-01", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201609-01" }, { - "name": "[oss-security] 20160812 CVE Request Qemu: Information leak in vmxnet3_complete_packet", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/08/11/5" + "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fdda170e50b8af062cf5741e12c4fb5e57a2eacf", + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fdda170e50b8af062cf5741e12c4fb5e57a2eacf" }, { - "name": "[oss-security] 20160817 Re: CVE Request Qemu: Information leak in vmxnet3_complete_packet", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/08/18/5" + "url": "http://www.openwall.com/lists/oss-security/2016/08/11/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/08/11/5" }, { - "name": "GLSA-201609-01", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201609-01" + "url": "http://www.openwall.com/lists/oss-security/2016/08/18/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/08/18/5" }, { - "name": "[qemu-devel] 20160811 [PATCH] net: vmxnet: initialise local tx descriptor", - "refsource": "MLIST", - "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html" + "url": "http://www.securityfocus.com/bid/92444", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/92444" }, { - "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html" } ] } diff --git a/2016/8xxx/CVE-2016-8608.json b/2016/8xxx/CVE-2016-8608.json index 393cf371430..c6dc6c68e18 100644 --- a/2016/8xxx/CVE-2016-8608.json +++ b/2016/8xxx/CVE-2016-8608.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-8608", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "BRMS", - "version": { - "version_data": [ - { - "version_value": "6" - } - ] - } - } - ] - }, - "vendor_name": "Red Hat" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,55 +15,82 @@ } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", - "version": "3.0" - } - ], - [ - { - "vectorString": "5.5/AV:N/AC:L/Au:S/C:P/I:P/A:N", - "version": "2.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-79" + "value": "CWE-79", + "cweId": "CWE-79" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "BRMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2016:2822", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-2822.html" + "url": "http://rhn.redhat.com/errata/RHSA-2016-2822.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-2822.html" }, { - "name": "94568", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/94568" + "url": "http://rhn.redhat.com/errata/RHSA-2016-2823.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-2823.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8608", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8608" + "url": "http://www.securityfocus.com/bid/94568", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94568" }, { - "name": "RHSA-2016:2823", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-2823.html" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8608", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8608" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" } ] } diff --git a/2016/8xxx/CVE-2016-8610.json b/2016/8xxx/CVE-2016-8610.json index 16735e61575..ce1b6e461cb 100644 --- a/2016/8xxx/CVE-2016-8610.json +++ b/2016/8xxx/CVE-2016-8610.json @@ -1,45 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "DATE_PUBLIC": "2016-10-24T00:00:00", "ID": "CVE-2016-8610", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "OpenSSL", - "version": { - "version_data": [ - { - "version_value": "All 0.9.8" - }, - { - "version_value": "All 1.0.1" - }, - { - "version_value": "1.0.2 through 1.0.2h" - }, - { - "version_value": "1.1.0" - } - ] - } - } - ] - }, - "vendor_name": "OpenSSL" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -54,94 +21,51 @@ "description": [ { "lang": "eng", - "value": "CWE-400" + "value": "CWE-400", + "cweId": "CWE-400" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenSSL", + "product": { + "product_data": [ + { + "product_name": "OpenSSL", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All 0.9.8" + }, + { + "version_affected": "=", + "version_value": "All 1.0.1" + }, + { + "version_affected": "=", + "version_value": "1.0.2 through 1.0.2h" + }, + { + "version_affected": "=", + "version_value": "1.1.0" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ - { - "name": "93841", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/93841" - }, - { - "name": "RHSA-2017:1659", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html" - }, - { - "name": "RHSA-2017:1658", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1658" - }, - { - "name": "RHSA-2017:1801", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1801" - }, - { - "name": "RHSA-2017:0286", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html" - }, - { - "name": "RHSA-2017:1413", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1413" - }, - { - "name": "RHSA-2017:2494", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2494" - }, - { - "name": "FreeBSD-SA-16:35", - "refsource": "FREEBSD", - "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc" - }, - { - "name": "RHSA-2017:1414", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1414" - }, - { - "name": "[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS", - "refsource": "MLIST", - "url": "http://seclists.org/oss-sec/2016/q4/224" - }, - { - "name": "RHSA-2017:0574", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html" - }, - { - "name": "DSA-3773", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2017/dsa-3773" - }, - { - "name": "RHSA-2017:1415", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html" - }, - { - "name": "1037084", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1037084" - }, - { - "name": "RHSA-2017:1802", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1802" - }, - { - "name": "RHSA-2017:2493", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2493" - }, { "url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", @@ -168,39 +92,119 @@ "name": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { - "name": "https://security.netapp.com/advisory/ntap-20171130-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20171130-0001/" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610" - }, - { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401" - }, - { - "name": "https://security.360.cn/cve/CVE-2016-8610/", + "url": "https://security.360.cn/cve/CVE-2016-8610/", "refsource": "MISC", - "url": "https://security.360.cn/cve/CVE-2016-8610/" - }, - { - "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us", - "refsource": "CONFIRM", - "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us" - }, - { - "name": "https://security.paloaltonetworks.com/CVE-2016-8610", - "refsource": "CONFIRM", - "url": "https://security.paloaltonetworks.com/CVE-2016-8610" + "name": "https://security.360.cn/cve/CVE-2016-8610/" }, { "url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2020.html" + }, + { + "url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2017-0286.html" + }, + { + "url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2017-0574.html" + }, + { + "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2017-1415.html" + }, + { + "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2017-1659.html" + }, + { + "url": "http://seclists.org/oss-sec/2016/q4/224", + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2016/q4/224" + }, + { + "url": "http://www.securityfocus.com/bid/93841", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/93841" + }, + { + "url": "http://www.securitytracker.com/id/1037084", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1037084" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2017:1413", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:1413" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2017:1414", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:1414" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2017:1658", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:1658" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2017:1801", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:1801" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2017:1802", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:1802" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2017:2493", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:2493" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2017:2494", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:2494" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610" + }, + { + "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401", + "refsource": "MISC", + "name": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401" + }, + { + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc", + "refsource": "MISC", + "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20171130-0001/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20171130-0001/" + }, + { + "url": "https://security.paloaltonetworks.com/CVE-2016-8610", + "refsource": "MISC", + "name": "https://security.paloaltonetworks.com/CVE-2016-8610" + }, + { + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us", + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us" + }, + { + "url": "https://www.debian.org/security/2017/dsa-3773", + "refsource": "MISC", + "name": "https://www.debian.org/security/2017/dsa-3773" } ] } diff --git a/2016/8xxx/CVE-2016-8611.json b/2016/8xxx/CVE-2016-8611.json index 3974f724b1c..0f83e20127a 100644 --- a/2016/8xxx/CVE-2016-8611.json +++ b/2016/8xxx/CVE-2016-8611.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-8611", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "openstack-glance", - "version": { - "version_data": [ - { - "version_value": "v1 and v2" - } - ] - } - } - ] - }, - "vendor_name": "The Openstack Foundation" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,60 +15,87 @@ } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "version": "3.0" - } - ], - [ - { - "vectorString": "3.5/AV:N/AC:M/Au:S/C:N/I:N/A:P", - "version": "2.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-400" + "value": "CWE-400", + "cweId": "CWE-400" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Openstack Foundation", + "product": { + "product_data": [ + { + "product_name": "openstack-glance", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1 and v2" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8611", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8611" + "url": "http://seclists.org/oss-sec/2016/q4/266", + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2016/q4/266" }, { - "name": "1037312", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1037312" + "url": "http://www.securityfocus.com/bid/94378", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94378" }, { - "name": "94378", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/94378" + "url": "http://www.securitytracker.com/id/1037312", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1037312" }, { - "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05333384", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05333384" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8611", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8611" }, { - "name": "[oss-security] 20161027 [OSSN-0076] Glance Image service v1 and v2 api image-create vulnerability", - "refsource": "MLIST", - "url": "http://seclists.org/oss-sec/2016/q4/266" + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05333384", + "refsource": "MISC", + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05333384" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" } ] } diff --git a/2016/8xxx/CVE-2016-8612.json b/2016/8xxx/CVE-2016-8612.json index 378e15d7a1e..dcdefc24025 100644 --- a/2016/8xxx/CVE-2016-8612.json +++ b/2016/8xxx/CVE-2016-8612.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An error was found in protocol parsing logic of mod_cluster load balancer Apache HTTP Server modules. An attacker could use this flaw to cause a Segmentation Fault in the serving httpd process." + "value": "Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation", + "value": "CWE-20", "cweId": "CWE-20" } ] @@ -32,91 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "Red Hat, Inc.", "product": { "product_data": [ { - "product_name": "JBoss Core Services on RHEL 6", + "product_name": "mod_cluster", "version": { "version_data": [ { - "version_value": "0:2.4.23-102.jbcs.el6", - "version_affected": "!" - }, - { - "version_value": "0:5.4-35.jbcs.el6", - "version_affected": "!" - }, - { - "version_value": "0:0.9.6-14.GA.jbcs.el6", - "version_affected": "!" - }, - { - "version_value": "0:1.3.5-13.Final_redhat_1.jbcs.el6", - "version_affected": "!" - }, - { - "version_value": "0:1.2.41-14.redhat_1.jbcs.el6", - "version_affected": "!" - }, - { - "version_value": "0:2.4.1-16.GA.jbcs.el6", - "version_affected": "!" - }, - { - "version_value": "0:2.9.1-18.GA.jbcs.el6", - "version_affected": "!" - }, - { - "version_value": "0:1.12.0-9.jbcs.el6", - "version_affected": "!" - }, - { - "version_value": "1:1.0.2h-12.jbcs.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "JBoss Core Services on RHEL 7", - "version": { - "version_data": [ - { - "version_value": "0:2.4.23-102.jbcs.el7", - "version_affected": "!" - }, - { - "version_value": "0:5.4-35.jbcs.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.9.6-14.GA.jbcs.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.3.5-13.Final_redhat_1.jbcs.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.2.41-14.redhat_1.jbcs.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.4.1-16.GA.jbcs.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.9.1-18.GA.jbcs.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.12.0-9.jbcs.el7", - "version_affected": "!" - }, - { - "version_value": "1:1.0.2h-12.jbcs.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "httpd 2.4.23" } ] } @@ -134,11 +59,6 @@ "refsource": "MISC", "name": "http://rhn.redhat.com/errata/RHSA-2016-2957.html" }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:2957", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:2957" - }, { "url": "https://access.redhat.com/errata/RHSA-2017:0193", "refsource": "MISC", @@ -155,58 +75,14 @@ "name": "http://www.securityfocus.com/bid/94939" }, { - "url": "https://access.redhat.com/security/cve/CVE-2016-8612", + "url": "https://security.netapp.com/advisory/ntap-20180601-0005/", "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-8612" + "name": "https://security.netapp.com/advisory/ntap-20180601-0005/" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1387605", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1387605" - }, - { - "url": "https://security.netapp.com/advisory/ntap-20180601-0005/", - "refsource": "MISC", - "name": "https://security.netapp.com/advisory/ntap-20180601-0005/" - } - ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "ADJACENT_NETWORK", - "authentication": "NONE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 2.9, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", - "version": "2.0" - }, - { - "attackComplexity": "LOW", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "LOW", - "baseScore": 4.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "version": "3.0" } ] } diff --git a/2016/8xxx/CVE-2016-8630.json b/2016/8xxx/CVE-2016-8630.json index 4d25bda2218..fb2986cb3a4 100644 --- a/2016/8xxx/CVE-2016-8630.json +++ b/2016/8xxx/CVE-2016-8630.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS." + "value": "The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "NULL Pointer Dereference", - "cweId": "CWE-476" + "value": "n/a" } ] } @@ -32,20 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:3.10.0-514.10.2.rt56.435.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.10.0-514.10.2.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -89,68 +84,14 @@ "name": "http://www.securityfocus.com/bid/94459" }, { - "url": "https://access.redhat.com/errata/RHSA-2017:0386", + "url": "https://github.com/torvalds/linux/commit/d9092f52d7e61dd1557f2db2400ddb430e85937e", "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2017:0386" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2017:0387", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2017:0387" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-8630", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-8630" + "name": "https://github.com/torvalds/linux/commit/d9092f52d7e61dd1557f2db2400ddb430e85937e" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393350", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1393350" - }, - { - "url": "https://github.com/torvalds/linux/commit/d9092f52d7e61dd1557f2db2400ddb430e85937e", - "refsource": "MISC", - "name": "https://github.com/torvalds/linux/commit/d9092f52d7e61dd1557f2db2400ddb430e85937e" - } - ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "ADJACENT_NETWORK", - "authentication": "SINGLE", - "availabilityImpact": "COMPLETE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 5.2, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:C", - "version": "2.0" - }, - { - "attackComplexity": "LOW", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 6.2, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", - "version": "3.0" } ] } diff --git a/2016/8xxx/CVE-2016-8631.json b/2016/8xxx/CVE-2016-8631.json index 39645644e4e..a3354f28a87 100644 --- a/2016/8xxx/CVE-2016-8631.json +++ b/2016/8xxx/CVE-2016-8631.json @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation", + "value": "CWE-20", "cweId": "CWE-20" } ] @@ -36,12 +36,12 @@ "product": { "product_data": [ { - "product_name": "Red Hat OpenShift Container Platform 3.3", + "product_name": "Openshift Enterprise", "version": { "version_data": [ { - "version_value": "0:3.3.1.4-1.git.0.7c8657c.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "3" } ] } @@ -64,16 +64,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2016:2696" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-8631", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-8631" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390735", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1390735" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631", "refsource": "MISC", @@ -81,35 +71,8 @@ } ] }, - "credits": [ - { - "lang": "en", - "value": "This issue was discovered by Jordan Liggitt (Red Hat)." - } - ], "impact": { "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "NETWORK", - "authentication": "SINGLE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 6, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "PARTIAL", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", - "version": "2.0" - }, { "attackComplexity": "LOW", "attackVector": "NETWORK", diff --git a/2016/8xxx/CVE-2016-8632.json b/2016/8xxx/CVE-2016-8632.json index 5844ba42793..42e58be4512 100644 --- a/2016/8xxx/CVE-2016-8632.json +++ b/2016/8xxx/CVE-2016-8632.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-8632", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,27 +27,51 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20161108 CVE-2016-8632 -- Linux kernel: tipc_msg_build() doesn't validate MTU that can trigger heap overflow", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/11/08/5" + "url": "http://www.openwall.com/lists/oss-security/2016/11/08/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/11/08/5" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1390832", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390832" + "url": "http://www.securityfocus.com/bid/94211", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94211" }, { - "name": "94211", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/94211" + "url": "https://www.mail-archive.com/netdev%40vger.kernel.org/msg133205.html", + "refsource": "MISC", + "name": "https://www.mail-archive.com/netdev%40vger.kernel.org/msg133205.html" }, { - "name": "[netdev] 20161018 [PATCH net] tipc: Guard against tiny MTU in tipc_msg_build()", - "refsource": "MLIST", - "url": "https://www.mail-archive.com/netdev@vger.kernel.org/msg133205.html" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390832", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1390832" } ] } diff --git a/2016/8xxx/CVE-2016-8636.json b/2016/8xxx/CVE-2016-8636.json index 10c1d8f548b..eb3b5ea724b 100644 --- a/2016/8xxx/CVE-2016-8636.json +++ b/2016/8xxx/CVE-2016-8636.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-8636", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,42 +27,66 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "96189", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/96189" - }, - { - "name": "[oss-security] 20170211 CVE publication request - CVE 2016-8636", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2017/02/11/9" - }, - { - "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10", - "refsource": "CONFIRM", - "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10" - }, - { - "name": "https://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66", "refsource": "MISC", - "url": "https://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/" + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66" }, { - "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66" + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10", + "refsource": "MISC", + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1421981", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421981" + "url": "http://www.openwall.com/lists/oss-security/2017/02/11/9", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2017/02/11/9" }, { - "name": "https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66", - "refsource": "CONFIRM", - "url": "https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66" + "url": "http://www.securityfocus.com/bid/96189", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/96189" + }, + { + "url": "https://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/", + "refsource": "MISC", + "name": "https://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/" + }, + { + "url": "https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421981", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1421981" } ] } diff --git a/2016/8xxx/CVE-2016-8638.json b/2016/8xxx/CVE-2016-8638.json index 899e4ddf005..75ab7d051e3 100644 --- a/2016/8xxx/CVE-2016-8638.json +++ b/2016/8xxx/CVE-2016-8638.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in ipsilon in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could determine what service providers other users are logged in to and terminate their sessions." + "value": "A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a \"SAML2 multi-session vulnerability.\"" } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Authentication", - "cweId": "CWE-287" + "value": "n/a" } ] } @@ -32,16 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:1.0.0-13.el7_3", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -64,21 +63,6 @@ "refsource": "MISC", "name": "http://www.securityfocus.com/bid/94439" }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:2809", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:2809" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-8638", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-8638" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1392829", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1392829" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638", "refsource": "MISC", @@ -100,50 +84,5 @@ "name": "https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c" } ] - }, - "credits": [ - { - "lang": "en", - "value": "This issue was discovered by Howard Johnson and Patrick Uiterwijk (Red Hat)." - } - ], - "impact": { - "cvss": [ - { - "accessComplexity": "LOW", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 6.4, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "PARTIAL", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "version": "2.0" - }, - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.2, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", - "version": "3.0" - } - ] } } \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8641.json b/2016/8xxx/CVE-2016-8641.json index 82c7c273e89..a756df5c3cd 100644 --- a/2016/8xxx/CVE-2016-8641.json +++ b/2016/8xxx/CVE-2016-8641.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-8641", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "nagios", - "version": { - "version_data": [ - { - "version_value": "4.2.x" - } - ] - } - } - ] - }, - "vendor_name": "Nagios Enterprises" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,60 +15,87 @@ } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "6.7/CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" - } - ], - [ - { - "vectorString": "4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P", - "version": "2.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-59" + "value": "CWE-59", + "cweId": "CWE-59" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Nagios Enterprises", + "product": { + "product_data": [ + { + "product_name": "nagios", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.2.x" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "40774", - "refsource": "EXPLOIT-DB", - "url": "https://www.exploit-db.com/exploits/40774/" + "url": "http://www.securityfocus.com/bid/95121", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/95121" }, { - "name": "https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch", - "refsource": "CONFIRM", - "url": "https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641" + "url": "https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch", + "refsource": "MISC", + "name": "https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch" }, { - "name": "95121", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/95121" + "url": "https://security.gentoo.org/glsa/201702-26", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201702-26" }, { - "name": "GLSA-201702-26", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201702-26" + "url": "https://www.exploit-db.com/exploits/40774/", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/40774/" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" } ] } diff --git a/2016/8xxx/CVE-2016-8642.json b/2016/8xxx/CVE-2016-8642.json index c77266564b0..1b124644695 100644 --- a/2016/8xxx/CVE-2016-8642.json +++ b/2016/8xxx/CVE-2016-8642.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-8642", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Moodle 2.x and 3.x", - "version": { - "version_data": [ - { - "version_value": "Moodle 2.x and 3.x" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,17 +27,41 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Moodle 2.x and 3.x", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Moodle 2.x and 3.x" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://moodle.org/mod/forum/discuss.php?d=343275", - "refsource": "CONFIRM", - "url": "https://moodle.org/mod/forum/discuss.php?d=343275" + "url": "http://www.securityfocus.com/bid/94441", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94441" }, { - "name": "94441", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/94441" + "url": "https://moodle.org/mod/forum/discuss.php?d=343275", + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=343275" } ] } diff --git a/2016/8xxx/CVE-2016-8646.json b/2016/8xxx/CVE-2016-8646.json index f334bf636bd..793667f057b 100644 --- a/2016/8xxx/CVE-2016-8646.json +++ b/2016/8xxx/CVE-2016-8646.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set." + "value": "The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "NULL Pointer Dereference", - "cweId": "CWE-476" + "value": "n/a" } ] } @@ -32,31 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:3.10.0-514.21.1.rt56.438.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.10.0-514.21.1.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise MRG 2", - "version": { - "version_data": [ - { - "version_value": "1:3.10.0-514.rt56.221.el6rt", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -105,64 +89,14 @@ "name": "https://access.redhat.com/errata/RHSA-2017:1308" }, { - "url": "https://access.redhat.com/security/cve/CVE-2016-8646", + "url": "https://github.com/torvalds/linux/commit/4afa5f9617927453ac04b24b584f6c718dfb4f45", "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-8646" + "name": "https://github.com/torvalds/linux/commit/4afa5f9617927453ac04b24b584f6c718dfb4f45" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388821", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1388821" - }, - { - "url": "https://github.com/torvalds/linux/commit/4afa5f9617927453ac04b24b584f6c718dfb4f45", - "refsource": "MISC", - "name": "https://github.com/torvalds/linux/commit/4afa5f9617927453ac04b24b584f6c718dfb4f45" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Igor Redko (Virtuozzo kernel team) for reporting this issue." - } - ], - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "LOCAL", - "authentication": "NONE", - "availabilityImpact": "COMPLETE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 4.7, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", - "version": "2.0" - }, - { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 5.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" } ] } diff --git a/2016/8xxx/CVE-2016-8648.json b/2016/8xxx/CVE-2016-8648.json index 3800a4eea3c..77966b573eb 100644 --- a/2016/8xxx/CVE-2016-8648.json +++ b/2016/8xxx/CVE-2016-8648.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-8648", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Karaf", - "version": { - "version_data": [ - { - "version_value": "As shipped with Jboss Fuse 6.x" - } - ] - } - } - ] - }, - "vendor_name": "Apache Software Foundation" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,45 +15,72 @@ } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "7.2/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - ], - [ - { - "vectorString": "6.5/AV:N/AC:L/Au:S/C:P/I:P/A:P", - "version": "2.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-502" + "value": "CWE-502", + "cweId": "CWE-502" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Karaf", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "As shipped with Jboss Fuse 6.x" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "94513", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/94513" + "url": "http://www.securityfocus.com/bid/94513", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94513" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8648", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8648" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8648", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8648" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" } ] } diff --git a/2016/8xxx/CVE-2016-8649.json b/2016/8xxx/CVE-2016-8649.json index 670bc0f734c..a8b8af5430b 100644 --- a/2016/8xxx/CVE-2016-8649.json +++ b/2016/8xxx/CVE-2016-8649.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-8649", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "LXC before 1.0.9 and 2.x before 2.0.6", - "version": { - "version_data": [ - { - "version_value": "LXC before 1.0.9 and 2.x before 2.0.6" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,37 +27,61 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "LXC before 1.0.9 and 2.x before 2.0.6", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "LXC before 1.0.9 and 2.x before 2.0.6" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1398242", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1398242" + "url": "http://www.securityfocus.com/bid/94498", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94498" }, { - "name": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345", - "refsource": "CONFIRM", - "url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345" + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465", + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465" }, { - "name": "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c", - "refsource": "CONFIRM", - "url": "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c" + "url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345" }, { - "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465", - "refsource": "CONFIRM", - "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465" + "url": "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c", + "refsource": "MISC", + "name": "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c" }, { - "name": "https://security-tracker.debian.org/tracker/CVE-2016-8649", - "refsource": "CONFIRM", - "url": "https://security-tracker.debian.org/tracker/CVE-2016-8649" + "url": "https://security-tracker.debian.org/tracker/CVE-2016-8649", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2016-8649" }, { - "name": "94498", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/94498" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1398242", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1398242" } ] } diff --git a/2016/8xxx/CVE-2016-8650.json b/2016/8xxx/CVE-2016-8650.json index a1753b4439b..6b4442308c7 100644 --- a/2016/8xxx/CVE-2016-8650.json +++ b/2016/8xxx/CVE-2016-8650.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key." + "value": "The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "NULL Pointer Dereference", - "cweId": "CWE-476" + "value": "n/a" } ] } @@ -32,42 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 6", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:2.6.32-754.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "0:3.10.0-514.16.1.rt56.437.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.10.0-514.16.1.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise MRG 2", - "version": { - "version_data": [ - { - "version_value": "1:3.10.0-514.rt56.219.el6rt", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -131,58 +104,14 @@ "name": "http://www.securityfocus.com/bid/94532" }, { - "url": "https://access.redhat.com/security/cve/CVE-2016-8650", + "url": "https://github.com/torvalds/linux/commit/f5527fffff3f002b0a6b376163613b82f69de073", "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-8650" + "name": "https://github.com/torvalds/linux/commit/f5527fffff3f002b0a6b376163613b82f69de073" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395187", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1395187" - }, - { - "url": "https://github.com/torvalds/linux/commit/f5527fffff3f002b0a6b376163613b82f69de073", - "refsource": "MISC", - "name": "https://github.com/torvalds/linux/commit/f5527fffff3f002b0a6b376163613b82f69de073" - } - ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "LOW", - "accessVector": "LOCAL", - "authentication": "NONE", - "availabilityImpact": "COMPLETE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 4.9, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", - "version": "2.0" - }, - { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", - "version": "3.0" } ] } diff --git a/2016/8xxx/CVE-2016-8651.json b/2016/8xxx/CVE-2016-8651.json index 32a2b5119bf..2928a3a1bf6 100644 --- a/2016/8xxx/CVE-2016-8651.json +++ b/2016/8xxx/CVE-2016-8651.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An input validation flaw was found in the way OpenShift handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image." + "value": "An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation", + "value": "CWE-20", "cweId": "CWE-20" } ] @@ -36,34 +36,12 @@ "product": { "product_data": [ { - "product_name": "Red Hat OpenShift Container Platform 3.2", + "product_name": "OpenShift Enterprise", "version": { "version_data": [ { - "version_value": "0:3.2.1.21-1.git.0.4250771.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenShift Container Platform 3.3", - "version": { - "version_data": [ - { - "version_value": "0:3.3.1.7-1.git.0.0988966.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenShift Enterprise 3.1", - "version": { - "version_data": [ - { - "version_value": "0:3.1.1.10-1.git.0.efeef8d.el7aos", - "version_affected": "!" + "version_affected": "=", + "version_value": "3" } ] } @@ -86,16 +64,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2016:2915" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-8651", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-8651" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397987", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1397987" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651", "refsource": "MISC", @@ -105,27 +73,6 @@ }, "impact": { "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "ADJACENT_NETWORK", - "authentication": "SINGLE", - "availabilityImpact": "NONE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 2.3, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "PARTIAL", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:A/AC:M/Au:S/C:P/I:N/A:N", - "version": "2.0" - }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", diff --git a/2016/8xxx/CVE-2016-8668.json b/2016/8xxx/CVE-2016-8668.json index 3d6edb24634..f77dc3aba10 100644 --- a/2016/8xxx/CVE-2016-8668.json +++ b/2016/8xxx/CVE-2016-8668.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-8668", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,37 +27,61 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20161015 Re: CVE request Qemu: net: OOB buffer access in rocker switch emulation", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/10/15/9" + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" }, { - "name": "GLSA-201611-11", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201611-11" + "url": "https://security.gentoo.org/glsa/201611-11", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201611-11" }, { - "name": "[oss-security] 20161014 CVE request Qemu: net: OOB buffer access in rocker switch emulation", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/10/14/8" + "url": "http://www.openwall.com/lists/oss-security/2016/10/14/8", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/10/14/8" }, { - "name": "[qemu-devel] 20161012 [PATCH] net: rocker: set limit to DMA buffer size", - "refsource": "MLIST", - "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02501.html" + "url": "http://www.openwall.com/lists/oss-security/2016/10/15/9", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/10/15/9" }, { - "name": "openSUSE-SU-2016:3237", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" + "url": "http://www.securityfocus.com/bid/93566", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/93566" }, { - "name": "93566", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/93566" + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02501.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02501.html" } ] } diff --git a/2016/8xxx/CVE-2016-8669.json b/2016/8xxx/CVE-2016-8669.json index db058c43562..50f82c3566d 100644 --- a/2016/8xxx/CVE-2016-8669.json +++ b/2016/8xxx/CVE-2016-8669.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2016-8669 Qemu: char: divide by zero error in serial_update_parameters" + "value": "The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Divide By Zero", - "cweId": "CWE-369" + "value": "n/a" } ] } @@ -32,82 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenStack Platform 11.0 (Ocata)", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenStack Platform 8.0 (Liberty)", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-14.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -164,61 +97,6 @@ "url": "http://www.securityfocus.com/bid/93563", "refsource": "MISC", "name": "http://www.securityfocus.com/bid/93563" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-8669", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-8669" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384909", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1384909" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank PSIRT (Huawei Inc.) for reporting this issue." - } - ], - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "ADJACENT_NETWORK", - "authentication": "SINGLE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 2.3, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P", - "version": "2.0" - }, - { - "attackComplexity": "HIGH", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "LOW", - "baseScore": 3, - "baseSeverity": "LOW", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L", - "version": "3.0" } ] } diff --git a/2016/8xxx/CVE-2016-8909.json b/2016/8xxx/CVE-2016-8909.json index 124d9b358a2..d0849845c6d 100644 --- a/2016/8xxx/CVE-2016-8909.json +++ b/2016/8xxx/CVE-2016-8909.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2016-8909 Qemu: audio: intel-hda: infinite loop in processing dma buffer stream" + "value": "The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Loop with Unreachable Exit Condition ('Infinite Loop')", - "cweId": "CWE-835" + "value": "n/a" } ] } @@ -32,82 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenStack Platform 11.0 (Ocata)", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenStack Platform 8.0 (Liberty)", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-14.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -160,66 +93,11 @@ "refsource": "MISC", "name": "http://www.securityfocus.com/bid/93842" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-8909", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-8909" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388052", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1388052" - }, { "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04682.html", "refsource": "MISC", "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04682.html" } ] - }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank PSIRT (Huawei Inc.) for reporting this issue." - } - ], - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "ADJACENT_NETWORK", - "authentication": "SINGLE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 2.3, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P", - "version": "2.0" - }, - { - "attackComplexity": "HIGH", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "LOW", - "baseScore": 3, - "baseSeverity": "LOW", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L", - "version": "3.0" - } - ] } } \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8910.json b/2016/8xxx/CVE-2016-8910.json index c40b9a4b0cc..7de522b5aec 100644 --- a/2016/8xxx/CVE-2016-8910.json +++ b/2016/8xxx/CVE-2016-8910.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2016-8910 Qemu: net: rtl8139: infinite loop while transmit in C+ mode" + "value": "The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Loop with Unreachable Exit Condition ('Infinite Loop')", - "cweId": "CWE-835" + "value": "n/a" } ] } @@ -32,82 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenStack Platform 11.0 (Ocata)", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenStack Platform 8.0 (Liberty)", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-14.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -160,66 +93,11 @@ "refsource": "MISC", "name": "http://www.securityfocus.com/bid/93844" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-8910", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-8910" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388046", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1388046" - }, { "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html", "refsource": "MISC", "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html" } ] - }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Andrew Henderson (Intelligent Automation Inc.) for reporting this issue." - } - ], - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "ADJACENT_NETWORK", - "authentication": "SINGLE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 2.3, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P", - "version": "2.0" - }, - { - "attackComplexity": "HIGH", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "LOW", - "baseScore": 3, - "baseSeverity": "LOW", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L", - "version": "3.0" - } - ] } } \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9580.json b/2016/9xxx/CVE-2016-9580.json index e23e5d96f16..cd3cd5347fd 100644 --- a/2016/9xxx/CVE-2016-9580.json +++ b/2016/9xxx/CVE-2016-9580.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-9580", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "openjpeg2", - "version": { - "version_data": [ - { - "version_value": "2.1.2" - } - ] - } - } - ] - }, - "vendor_name": "The OpenJPEG Project" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,29 +15,14 @@ } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "version": "3.0" - } - ], - [ - { - "vectorString": "4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P", - "version": "2.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-190" + "value": "CWE-190", + "cweId": "CWE-190" } ] }, @@ -68,38 +30,81 @@ "description": [ { "lang": "eng", - "value": "CWE-122" + "value": "CWE-122", + "cweId": "CWE-122" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The OpenJPEG Project", + "product": { + "product_data": [ + { + "product_name": "openjpeg2", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.1.2" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://github.com/uclouvain/openjpeg/issues/871", - "refsource": "CONFIRM", - "url": "https://github.com/uclouvain/openjpeg/issues/871" + "url": "https://security.gentoo.org/glsa/201710-26", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201710-26" }, { - "name": "GLSA-201710-26", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201710-26" + "url": "http://www.securityfocus.com/bid/94822", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94822" }, { - "name": "94822", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/94822" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9580", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9580" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9580", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9580" + "url": "https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255", + "refsource": "MISC", + "name": "https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255" }, { - "name": "https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255", - "refsource": "CONFIRM", - "url": "https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255" + "url": "https://github.com/uclouvain/openjpeg/issues/871", + "refsource": "MISC", + "name": "https://github.com/uclouvain/openjpeg/issues/871" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "version": "3.0" } ] } diff --git a/2016/9xxx/CVE-2016-9581.json b/2016/9xxx/CVE-2016-9581.json index a41425ccf91..2c8e3a2492c 100644 --- a/2016/9xxx/CVE-2016-9581.json +++ b/2016/9xxx/CVE-2016-9581.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-9581", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "openjpeg2", - "version": { - "version_data": [ - { - "version_value": "2.1.2" - } - ] - } - } - ] - }, - "vendor_name": "The OpenJPEG Project" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,29 +15,14 @@ } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "version": "3.0" - } - ], - [ - { - "vectorString": "4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P", - "version": "2.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-835" + "value": "CWE-835", + "cweId": "CWE-835" } ] }, @@ -68,38 +30,81 @@ "description": [ { "lang": "eng", - "value": "CWE-122" + "value": "CWE-122", + "cweId": "CWE-122" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The OpenJPEG Project", + "product": { + "product_data": [ + { + "product_name": "openjpeg2", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.1.2" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://github.com/uclouvain/openjpeg/issues/872", - "refsource": "CONFIRM", - "url": "https://github.com/uclouvain/openjpeg/issues/872" + "url": "https://security.gentoo.org/glsa/201710-26", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201710-26" }, { - "name": "GLSA-201710-26", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201710-26" + "url": "http://www.securityfocus.com/bid/94822", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94822" }, { - "name": "94822", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/94822" + "url": "https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255", + "refsource": "MISC", + "name": "https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9581", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9581" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9581", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9581" }, { - "name": "https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255", - "refsource": "CONFIRM", - "url": "https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255" + "url": "https://github.com/uclouvain/openjpeg/issues/872", + "refsource": "MISC", + "name": "https://github.com/uclouvain/openjpeg/issues/872" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "version": "3.0" } ] } diff --git a/2017/12xxx/CVE-2017-12168.json b/2017/12xxx/CVE-2017-12168.json index a080b0dede2..a9ee7d5bbd2 100644 --- a/2017/12xxx/CVE-2017-12168.json +++ b/2017/12xxx/CVE-2017-12168.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An assertion failure issue was found in the Linux kernel's KVM hypervisor module built to support visualization on ARM64 architecture platforms. The failure could occur while accessing Performance Monitors Cycle Count Register (PMCCNTR) from a guest. A privileged guest user could use this flaw to crash the host kernel resulting in denial of service." + "value": "The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR)." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Reachable Assertion", + "value": "assert failure CWE-617", "cweId": "CWE-617" } ] @@ -32,16 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "Linux kernel before 4.9", "version": { "version_data": [ { - "version_value": "0:4.11.0-44.el7a", - "version_affected": "!" + "version_affected": "=", + "version_value": "Linux kernel before 4.9" } ] } @@ -65,63 +65,14 @@ "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.11" }, { - "url": "https://access.redhat.com/errata/RHEA-2017:3163", + "url": "https://github.com/torvalds/linux/commit/9e3f7a29694049edd728e2400ab57ad7553e5aa9", "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHEA-2017:3163" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2017-12168", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-12168" + "name": "https://github.com/torvalds/linux/commit/9e3f7a29694049edd728e2400ab57ad7553e5aa9" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492984", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1492984" - }, - { - "url": "https://github.com/torvalds/linux/commit/9e3f7a29694049edd728e2400ab57ad7553e5aa9", - "refsource": "MISC", - "name": "https://github.com/torvalds/linux/commit/9e3f7a29694049edd728e2400ab57ad7553e5aa9" - } - ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "ADJACENT_NETWORK", - "authentication": "SINGLE", - "availabilityImpact": "COMPLETE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 5.2, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:C", - "version": "2.0" - }, - { - "attackComplexity": "LOW", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 6.2, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", - "version": "3.0" } ] } diff --git a/2017/12xxx/CVE-2017-12169.json b/2017/12xxx/CVE-2017-12169.json index 2ea063bd037..6df660f3a45 100644 --- a/2017/12xxx/CVE-2017-12169.json +++ b/2017/12xxx/CVE-2017-12169.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "DATE_PUBLIC": "2017-09-01T00:00:00", "ID": "CVE-2017-12169", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "ipa", - "version": { - "version_data": [ - { - "version_value": "4.2.0 and later" - } - ] - } - } - ] - }, - "vendor_name": "FreeIPA" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-200" + "value": "CWE-200", + "cweId": "CWE-200" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "FreeIPA", + "product": { + "product_data": [ + { + "product_name": "ipa", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.2.0 and later" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1487697", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487697" + "url": "http://www.securityfocus.com/bid/102136", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/102136" }, { - "name": "102136", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/102136" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487697", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1487697" } ] } diff --git a/2017/12xxx/CVE-2017-12170.json b/2017/12xxx/CVE-2017-12170.json index 7042345c185..2c0d8dfec9f 100644 --- a/2017/12xxx/CVE-2017-12170.json +++ b/2017/12xxx/CVE-2017-12170.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "DATE_PUBLIC": "2017-08-14T00:00:00", "ID": "CVE-2017-12170", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "pure-ftpd", - "version": { - "version_data": [ - { - "version_value": "Fedora downstream version pure-ftpd-1.0.46-1" - } - ] - } - } - ] - }, - "vendor_name": "Red Hat, Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -51,12 +27,36 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat, Inc.", + "product": { + "product_data": [ + { + "product_name": "pure-ftpd", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Fedora downstream version pure-ftpd-1.0.46-1" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1493114", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493114" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493114", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1493114" } ] } diff --git a/2017/12xxx/CVE-2017-12171.json b/2017/12xxx/CVE-2017-12171.json index bd5682e04d4..65a28ee5826 100644 --- a/2017/12xxx/CVE-2017-12171.json +++ b/2017/12xxx/CVE-2017-12171.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the \"Allow\" and \"Deny\" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource." + "value": "A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the \"Allow\" and \"Deny\" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Access Control", + "value": "CWE-284", "cweId": "CWE-284" } ] @@ -36,12 +36,12 @@ "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 6", + "product_name": "httpd", "version": { "version_data": [ { - "version_value": "0:2.2.15-60.el6_9.6", - "version_affected": "!" + "version_affected": "=", + "version_value": "2.2.15-60" } ] } @@ -69,16 +69,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2017:2972" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2017-12171", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-12171" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493056", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1493056" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12171", "refsource": "MISC", @@ -86,12 +76,6 @@ } ] }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank KAWAHARA Masashi for reporting this issue." - } - ], "impact": { "cvss": [ { diff --git a/2017/12xxx/CVE-2017-12174.json b/2017/12xxx/CVE-2017-12174.json index 972ef8e84bf..8d07b7e538e 100644 --- a/2017/12xxx/CVE-2017-12174.json +++ b/2017/12xxx/CVE-2017-12174.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "DATE_PUBLIC": "2018-02-05T00:00:00", "ID": "CVE-2017-12174", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "HornetQ/Artemis", - "version": { - "version_data": [ - { - "version_value": "before 2.4.0" - } - ] - } - } - ] - }, - "vendor_name": "Red Hat, Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,73 +21,98 @@ "description": [ { "lang": "eng", - "value": "CWE-400" + "value": "CWE-400", + "cweId": "CWE-400" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat, Inc.", + "product": { + "product_data": [ + { + "product_name": "HornetQ/Artemis", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before 2.4.0" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2018:0479", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0479" + "url": "https://access.redhat.com/errata/RHSA-2018:0478", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0478" }, { - "name": "RHSA-2018:0481", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0481" + "url": "https://access.redhat.com/errata/RHSA-2018:0479", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0479" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12174", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12174" + "url": "https://access.redhat.com/errata/RHSA-2018:0480", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0480" }, { - "name": "RHSA-2018:0269", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0269" + "url": "https://access.redhat.com/errata/RHSA-2018:0481", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0481" }, { - "name": "RHSA-2018:0270", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0270" + "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E" }, { - "name": "RHSA-2018:0271", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0271" + "url": "https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E" }, { - "name": "RHSA-2018:0268", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0268" + "url": "https://access.redhat.com/errata/RHSA-2018:0268", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0268" }, { - "name": "RHSA-2018:0480", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0480" + "url": "https://access.redhat.com/errata/RHSA-2018:0269", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0269" }, { - "name": "RHSA-2018:0275", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0275" + "url": "https://access.redhat.com/errata/RHSA-2018:0270", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0270" }, { - "name": "RHSA-2018:0478", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0478" + "url": "https://access.redhat.com/errata/RHSA-2018:0271", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0271" }, { - "refsource": "MLIST", - "name": "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26118", - "url": "https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088@%3Ccommits.activemq.apache.org%3E" + "url": "https://access.redhat.com/errata/RHSA-2018:0275", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0275" }, { - "refsource": "MLIST", - "name": "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26117", - "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12174", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12174" } ] } diff --git a/2017/12xxx/CVE-2017-12175.json b/2017/12xxx/CVE-2017-12175.json index d35c2dfc43b..2875a11782a 100644 --- a/2017/12xxx/CVE-2017-12175.json +++ b/2017/12xxx/CVE-2017-12175.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2017-12175 Satellite 6: XSS in discovery rule filter autocomplete functionality" + "value": "Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "value": "CWE-79", "cweId": "CWE-79" } ] @@ -36,1132 +36,12 @@ "product": { "product_data": [ { - "product_name": "Red Hat Satellite 6.4 for RHEL 7", + "product_name": "Satellite", "version": { "version_data": [ { - "version_value": "0:1.5-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.8-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.7.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.18.0.37-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:201801241201-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:1.18.0.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.18.0.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.12.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:332.14-12.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.7.0-8.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.6.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.7.0.10-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.0.3-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.5.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0-2.585svn.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.1.0-3.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.1.0-1.el7", - "version_affected": "!" - }, - { - "version_value": "1:20.4-1.6.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.12-10.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.6.11-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2017.1-2.atomic.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.16.4.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.1.4.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.2-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.16.4-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.16.4.1-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.5.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.5.1-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.16-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.2.1-1.20140510git08b00d9.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.3.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.2.2-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.3-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:3.5.0.3-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.0.2-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.1.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.11.11-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:0.10.1-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.7.3-12.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.3.7-1.el7ui", - "version_affected": "!" - }, - { - "version_value": "0:0.5.0-5.pulp.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.23-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.7.2-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.6-11.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:4.0.2-8.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.10.5-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.5.6-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.5.211-8.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.32-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.35.0-5.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.2.0-6.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.2.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:12.2.0-4.el7", - "version_affected": "!" - }, - { - "version_value": "0:12.1.0-5.el7_2", - "version_affected": "!" - }, - { - "version_value": "0:1.1.3-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.0.5-4.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.36.0-19.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.8.0-19.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.16.0-12.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.9-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.6.6-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.4.3-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.4.1-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1.2-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:1.0.3-6.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1.0-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.4.0-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.0-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1.2-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.5-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.7.8-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.1.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.6-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1.3-22.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.2.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.19-7.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.12.2-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.7.7-9.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.6-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.5.4-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.4.7-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.0.18-24.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.17-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:1.6.4-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.5.3-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.2.2-41.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.7-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.6.7-7.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.3-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.4.2-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.10.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:1.4.7-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.2-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.9-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.2.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.6.11-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.2.0-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.7-2.git.0.3b416c9.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.22-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:6.4.0-15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:6.4.0.7-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.11.6-17.el7", - "version_affected": "!" - }, - { - "version_value": "0:4.0-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.1.6-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:8.0.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.2.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.2.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.12.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.5-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.7.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.7.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.4.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.1.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.7.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.2016.0521-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.8.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.7.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.3-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.7.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.2.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.13-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.20.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.6-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.8-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.5.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.4-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.6.5-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1.0-6.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.3.6-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.7.3-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.0.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.7.2-19.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:1.0.2-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.2.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.5-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.5.7-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.7.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.3-9.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.8.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:6.1.11-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:0.2.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.4.7-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.3-6.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.2.2-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.0-10.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.0.1-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.28.0-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.5.20160310-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.5.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.58.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.16-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.0-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.1-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.4.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.4.0-11.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.42.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.45.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.0-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.2-9.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.4.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.25-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.4-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.3.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.2.3-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.2-6.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.2.9-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.1.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:12.0.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:12.0.2.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.1.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.14.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.10.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.13-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.5.6-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.13.4.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.2.5-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:6.0.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.1.11-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.2.1-10.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.1.0-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.1-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.5-8.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.8.2-10.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.0-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.13.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.3.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.13.2.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.8-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.3.3-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.6-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.12-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.3-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.13.4.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.2-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.8.0-10.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.3-11.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.10-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.0-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.7.0.41-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.3-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.4.7-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.9-12.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.2.2-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.15.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.11.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.0.1-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.4.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.2.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.2-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.4-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.21.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.5-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.7.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.36.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.2.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.1-6.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.0.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.2.1-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.7-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.10.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.1.6-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1.4-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.4.1-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.2.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-20.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.7.0-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.10.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.8.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.5-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.1.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.0.5-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.7.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.10.0-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.6.0-9.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.9.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.1.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.1.2-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.3-6.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.6-8.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.4.4.1-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.16.8-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.5.0-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.8-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.1.5-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.5.5-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:3.14.5.10-19.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.5.1-7.el7sat", - "version_affected": "!" + "version_affected": "=", + "version_value": "6.5" } ] } @@ -1184,16 +64,6 @@ "refsource": "MISC", "name": "http://www.securityfocus.com/bid/101245" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2017-12175", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-12175" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1498976", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1498976" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12175", "refsource": "MISC", diff --git a/2017/12xxx/CVE-2017-12188.json b/2017/12xxx/CVE-2017-12188.json index 27c9a423e54..e6fd3f849bc 100644 --- a/2017/12xxx/CVE-2017-12188.json +++ b/2017/12xxx/CVE-2017-12188.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled (nested=1), was vulnerable to a stack buffer overflow issue. The vulnerability could occur while traversing guest page table entries to resolve guest virtual address(gva). An L1 guest could use this flaw to crash the host kernel resulting in denial of service (DoS) or potentially execute arbitrary code on the host to gain privileges on the system." + "value": "arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an \"MMU potential stack buffer overrun.\"" } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Stack-based Buffer Overflow", + "value": "CWE-121", "cweId": "CWE-121" } ] @@ -32,20 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "Linux kernel", "version": { "version_data": [ { - "version_value": "0:3.10.0-693.21.1.rt56.639.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.10.0-693.21.1.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "Linux kernel" } ] } @@ -73,16 +69,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2018:0412" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2017-12188", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-12188" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500380", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1500380" - }, { "url": "https://patchwork.kernel.org/patch/9996579/", "refsource": "MISC", @@ -92,45 +78,11 @@ "url": "https://patchwork.kernel.org/patch/9996587/", "refsource": "MISC", "name": "https://patchwork.kernel.org/patch/9996587/" - } - ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "HIGH", - "accessVector": "ADJACENT_NETWORK", - "authentication": "SINGLE", - "availabilityImpact": "COMPLETE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 6.5, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "COMPLETE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "COMPLETE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C", - "version": "2.0" }, { - "attackComplexity": "HIGH", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.6, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "version": "3.0" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500380", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1500380" } ] } diff --git a/2017/12xxx/CVE-2017-12189.json b/2017/12xxx/CVE-2017-12189.json index 9ff94925914..fc23ef20978 100644 --- a/2017/12xxx/CVE-2017-12189.json +++ b/2017/12xxx/CVE-2017-12189.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "DATE_PUBLIC": "2017-10-09T00:00:00", "ID": "CVE-2017-12189", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Red Hat JBoss Enterprise Application Platform", - "version": { - "version_data": [ - { - "version_value": "7.0.7.GA" - } - ] - } - } - ] - }, - "vendor_name": "Red Hat, Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,43 +21,68 @@ "description": [ { "lang": "eng", - "value": "CWE-282" + "value": "CWE-282", + "cweId": "CWE-282" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat, Inc.", + "product": { + "product_data": [ + { + "product_name": "Red Hat JBoss Enterprise Application Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.0.7.GA" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189" + "url": "http://www.securityfocus.com/bid/102407", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/102407" }, { - "name": "RHSA-2018:0002", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0002" + "url": "https://access.redhat.com/errata/RHSA-2018:0002", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0002" }, { - "name": "RHSA-2018:0004", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0004" + "url": "https://access.redhat.com/errata/RHSA-2018:0003", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0003" }, { - "name": "RHSA-2018:0003", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0003" + "url": "https://access.redhat.com/errata/RHSA-2018:0004", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0004" }, { - "name": "RHSA-2018:0005", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0005" + "url": "https://access.redhat.com/errata/RHSA-2018:0005", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0005" }, { - "name": "102407", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/102407" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189" } ] } diff --git a/2017/12xxx/CVE-2017-12190.json b/2017/12xxx/CVE-2017-12190.json index 97f6257bb4a..21f018e0dde 100644 --- a/2017/12xxx/CVE-2017-12190.json +++ b/2017/12xxx/CVE-2017-12190.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "It was found that in the Linux kernel through v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in 'block/bio.c' do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page. bio_add_pc_page() merges them into one, but the page reference is never dropped, causing a memory leak and possible system lockup due to out-of-memory condition." + "value": "The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Uncontrolled Resource Consumption", + "value": "CWE-400", "cweId": "CWE-400" } ] @@ -32,57 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 6", + "product_name": "Linux kernel through v4.14-rc5", "version": { "version_data": [ { - "version_value": "0:2.6.32-754.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "0:3.10.0-862.rt56.804.el7", - "version_affected": "!" - }, - { - "version_value": "0:4.14.0-49.el7a", - "version_affected": "!" - }, - { - "version_value": "0:3.10.0-862.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support", - "version": { - "version_data": [ - { - "version_value": "0:3.10.0-693.47.2.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise MRG 2", - "version": { - "version_data": [ - { - "version_value": "1:3.10.0-693.47.2.rt56.641.el6rt", - "version_affected": "!" + "version_affected": "=", + "version_value": "Linux kernel through v4.14-rc5" } ] } @@ -175,16 +134,6 @@ "refsource": "MISC", "name": "http://www.securityfocus.com/bid/101911" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2017-12190", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-12190" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495089", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1495089" - }, { "url": "https://github.com/torvalds/linux/commit/2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058", "refsource": "MISC", @@ -199,30 +148,11 @@ "url": "https://support.f5.com/csp/article/K93472064?utm_source=f5support&%3Butm_medium=RSS", "refsource": "MISC", "name": "https://support.f5.com/csp/article/K93472064?utm_source=f5support&%3Butm_medium=RSS" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Vitaly Mayatskih for reporting this issue." - } - ], - "impact": { - "cvss": [ + }, { - "attackComplexity": "LOW", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 6.2, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", - "version": "3.0" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495089", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1495089" } ] } diff --git a/2017/12xxx/CVE-2017-12191.json b/2017/12xxx/CVE-2017-12191.json index 5792551decb..19a10b14964 100644 --- a/2017/12xxx/CVE-2017-12191.json +++ b/2017/12xxx/CVE-2017-12191.json @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Access Control", + "value": "Improper Access Control (CWE-284)", "cweId": "CWE-284" } ] @@ -32,40 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "Red Hat, Inc.", "product": { "product_data": [ { - "product_name": "CloudForms Management Engine 5.8", + "product_name": "CloudForms", "version": { "version_data": [ { - "version_value": "0:2.4.3.0-1.el7ae", - "version_affected": "!" - }, - { - "version_value": "0:3.1.5-3.el7at", - "version_affected": "!" - }, - { - "version_value": "0:5.8.3.4-1.el7cf", - "version_affected": "!" - }, - { - "version_value": "0:9.4.15-3PGDG.el7at", - "version_affected": "!" - }, - { - "version_value": "0:2.6.1-16.el7at", - "version_affected": "!" - }, - { - "version_value": "0:0.9.0-4.el7ae", - "version_affected": "!" - }, - { - "version_value": "0:2.1.1-2.el7ae", - "version_affected": "!" + "version_affected": "=", + "version_value": "Through 5.9" } ] } @@ -83,40 +59,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2018:0374" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2017-12191", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-12191" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500517", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1500517" } ] - }, - "credits": [ - { - "lang": "en", - "value": "This issue was discovered by Gellert Kis (Red Hat)." - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.4, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", - "version": "3.0" - } - ] } } \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12192.json b/2017/12xxx/CVE-2017-12192.json index 1200f942233..dbd2c64df55 100644 --- a/2017/12xxx/CVE-2017-12192.json +++ b/2017/12xxx/CVE-2017-12192.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in the Key Management sub component of the Linux kernel, where when trying to issue a KEYTCL_READ on a negative key would lead to a NULL pointer dereference. A local attacker could use this flaw to crash the kernel." + "value": "The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "NULL Pointer Dereference", - "cweId": "CWE-476" + "value": "n/a" } ] } @@ -32,46 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 6", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:2.6.32-754.30.2.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "0:3.10.0-693.17.1.rt56.636.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.10.0-693.17.1.el7", - "version_affected": "!" - }, - { - "version_value": "0:4.14.0-49.el7a", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise MRG 2", - "version": { - "version_data": [ - { - "version_value": "1:3.10.0-693.17.1.rt56.604.el6rt", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -94,56 +63,21 @@ "refsource": "MISC", "name": "https://usn.ubuntu.com/3583-2/" }, - { - "url": "https://access.redhat.com/errata/RHSA-2018:0654", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2018:0654" - }, { "url": "https://access.redhat.com/errata/RHSA-2018:0151", "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2018:0151" }, - { - "url": "https://access.redhat.com/errata/RHSA-2018:0152", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2018:0152" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2018:0181", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2018:0181" - }, { "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=37863c43b2c6464f252862bf2e9768264e961678", "refsource": "MISC", "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=37863c43b2c6464f252862bf2e9768264e961678" }, - { - "url": "http://seclists.org/oss-sec/2017/q4/63", - "refsource": "MISC", - "name": "http://seclists.org/oss-sec/2017/q4/63" - }, { "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5", "refsource": "MISC", "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5" }, - { - "url": "https://access.redhat.com/errata/RHSA-2020:2430", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2020:2430" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2017-12192", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-12192" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493435", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1493435" - }, { "url": "https://github.com/torvalds/linux/commit/37863c43b2c6464f252862bf2e9768264e961678", "refsource": "MISC", @@ -153,24 +87,11 @@ "url": "https://lkml.org/lkml/2017/9/18/764", "refsource": "MISC", "name": "https://lkml.org/lkml/2017/9/18/764" - } - ] - }, - "impact": { - "cvss": [ + }, { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 5.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493435", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1493435" } ] } diff --git a/2017/12xxx/CVE-2017-12193.json b/2017/12xxx/CVE-2017-12193.json index 269fe4b3cfc..32194532a09 100644 --- a/2017/12xxx/CVE-2017-12193.json +++ b/2017/12xxx/CVE-2017-12193.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in the Linux kernel's implementation of associative arrays introduced in 3.13. This functionality was backported to the 3.10 kernels in Red Hat Enterprise Linux 7. The flaw involved a null pointer dereference in assoc_array_apply_edit() due to incorrect node-splitting in assoc_array implementation. This affects the keyring key type and thus key addition and link creation operations may cause the kernel to panic." + "value": "The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "NULL Pointer Dereference", + "value": "CWE-476", "cweId": "CWE-476" } ] @@ -32,31 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "Linux kernel since 3.13 up to 4.14 (not including)", "version": { "version_data": [ { - "version_value": "0:3.10.0-693.17.1.rt56.636.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.10.0-693.17.1.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise MRG 2", - "version": { - "version_data": [ - { - "version_value": "1:3.10.0-693.17.1.rt56.604.el6rt", - "version_affected": "!" + "version_affected": "=", + "version_value": "Linux kernel since 3.13 up to 4.14 (not including)" } ] } @@ -74,16 +59,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2018:0151" }, - { - "url": "https://access.redhat.com/errata/RHSA-2018:0152", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2018:0152" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2018:0181", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2018:0181" - }, { "url": "https://usn.ubuntu.com/3698-1/", "refsource": "MISC", @@ -110,43 +85,14 @@ "name": "http://www.securityfocus.com/bid/101678" }, { - "url": "https://access.redhat.com/security/cve/CVE-2017-12193", + "url": "https://github.com/torvalds/linux/commit/ea6789980fdaa610d7eb63602c746bf6ec70cd2b", "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-12193" + "name": "https://github.com/torvalds/linux/commit/ea6789980fdaa610d7eb63602c746bf6ec70cd2b" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501215", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1501215" - }, - { - "url": "https://github.com/torvalds/linux/commit/ea6789980fdaa610d7eb63602c746bf6ec70cd2b", - "refsource": "MISC", - "name": "https://github.com/torvalds/linux/commit/ea6789980fdaa610d7eb63602c746bf6ec70cd2b" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Fan Wu (University of Hong Kong), Haoran Qiu (University of Hong Kong), Heming Cui (University of Hong Kong), and Shixiong Zhao (University of Hong Kong) for reporting this issue." - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "HIGH", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 4.7, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" } ] } diff --git a/2017/12xxx/CVE-2017-12194.json b/2017/12xxx/CVE-2017-12194.json index 2c31c31e6e1..8957ca5e9de 100644 --- a/2017/12xxx/CVE-2017-12194.json +++ b/2017/12xxx/CVE-2017-12194.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "DATE_PUBLIC": "2018-03-14T00:00:00", "ID": "CVE-2017-12194", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "spice-gtk", - "version": { - "version_data": [ - { - "version_value": "through 0.34" - } - ] - } - } - ] - }, - "vendor_name": "freedesktop.org" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,33 +21,58 @@ "description": [ { "lang": "eng", - "value": "CWE-121" + "value": "CWE-121", + "cweId": "CWE-121" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "freedesktop.org", + "product": { + "product_data": [ + { + "product_name": "spice-gtk", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "through 0.34" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "GLSA-201811-20", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201811-20" + "url": "http://www.securityfocus.com/bid/103413", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/103413" }, { - "name": "USN-3659-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3659-1/" + "url": "https://security.gentoo.org/glsa/201811-20", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201811-20" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1501200", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501200" + "url": "https://usn.ubuntu.com/3659-1/", + "refsource": "MISC", + "name": "https://usn.ubuntu.com/3659-1/" }, { - "name": "103413", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/103413" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501200", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1501200" } ] } diff --git a/2017/12xxx/CVE-2017-12195.json b/2017/12xxx/CVE-2017-12195.json index eacd815ede0..3eb44e00420 100644 --- a/2017/12xxx/CVE-2017-12195.json +++ b/2017/12xxx/CVE-2017-12195.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the Elasticsearch be configured with an external route, and the data accessed is limited to the indices." + "value": "A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the Elasticsearch be configured with an external route, and the data accessed is limited to the indices." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Authentication", + "value": "CWE-287", "cweId": "CWE-287" } ] @@ -36,1313 +36,12 @@ "product": { "product_data": [ { - "product_name": "Red Hat OpenShift Container Platform 3.4", + "product_name": "OpenShift", "version": { "version_data": [ { - "version_value": "0:3.4.1.44.38-1.git.0.d04b8d5.el7", - "version_affected": "!" - }, - { - "version_value": "0:155-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.4.1.11__redhat_1-3.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenShift Container Platform 3.5", - "version": { - "version_data": [ - { - "version_value": "0:3.5.5.31.47-1.git.0.25d535c.el7", - "version_affected": "!" - }, - { - "version_value": "0:155-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.4.4.17__redhat_1-3.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenShift Container Platform 3.6", - "version": { - "version_data": [ - { - "version_value": "0:3.6.173.0.63-1.git.0.855ea8b.el7", - "version_affected": "!" - }, - { - "version_value": "0:155-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.4.4.17__redhat_1-3.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenShift Container Platform 3.7", - "version": { - "version_data": [ - { - "version_value": "0:2.3.2.0-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.0.2-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.3.1-6.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.0.19-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.0.4-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.0.5-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.7.9-1.git.0.7c71a2d.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.3.0-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.7.0-0.el7", - "version_affected": "!" - }, - { - "version_value": "0:155-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.5.2-4.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.0.4-2.git4aceede.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.1.3-11.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.5.0-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.4.4-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.4.4.01_redhat_1-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.12.39-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.1-1.git885c9f40.el7", - "version_affected": "!" - }, - { - "version_value": "0:0-1.gitceca8c1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.9.1-2.git9f5f4b2.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.15.1-1.gitba5da2c.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.0.0-1.git0a74f98.el7", - "version_affected": "!" - }, - { - "version_value": "0:0-1.git85ceabc.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.2.2-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.3.0-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.7.1-4.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.1.2-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.73.3-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.651.2-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.7.1510081324-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.1-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.3-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.1.2-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.7-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.0.1-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.0-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.2.0-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.0.9-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:6.0.4-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.1.13-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.11-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.0-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.6-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.13-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.0.4-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.3.0-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.4.5-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.27.0-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.85-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.0.5-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.7-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.1.1-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.0.3-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.7.3-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.2.1-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.20-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.11-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.0.9.0-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.5-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.10-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.59-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.1.2.9-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.6-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.9.6-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.12-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.0.47-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.1.24-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.1-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.3-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.7-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.3.1-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.1.4-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.1.1-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.6-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.2-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.3.0-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.4-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.8-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.1.1-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.29-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.15-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.6-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.7.2-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.1-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.1-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.13-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.4-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.30-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.8-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.11-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.10-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.14-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.9-10.el7", - "version_affected": "!" - }, - { - "version_value": "0:4.6.4-3.el7", - "version_affected": "!" - }, - { - "version_value": "1:1.7.5-3.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.0.10-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.23.13-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.0.7-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.0.2-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:4.7.2-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.0.7-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.3.3-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.1.3-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.0.4-5.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.0.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.1.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.0.3-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.1.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.0.3-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.1.11-4.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.1.4-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.4.2-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.5.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.2.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.0.4-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-3.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.10.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.14.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.8.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.2.1-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.11.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.1.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.1.1-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.7.0-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.1.0-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.10.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.1.2-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.0.5-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.8.1-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.0.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.4.7-3.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.0.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.2.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.5.0-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.0.6-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.0.5-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.5.3-3.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.2.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.1.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.7.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.7.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.4.14-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.1.2-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:4.13.3-4.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.0.0-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.4.0-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.3.0-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.6.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-rc3.1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.1.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.3.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.2.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:5.0.15-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:4.1.2-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.4.5-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.1.13-3.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.7.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.8.2-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.1.2-3.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.1.1-3.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.2.0-3.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.8.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.1.7-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:3.1.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.14.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.2.3-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.3.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.11.2-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.4.13-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.4.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.0.4-6.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.0.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.0.2-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.0.1-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.12.2-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:5.0.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:3.4.3-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:3.0.2-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.5.3-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:3.10.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:4.0.2-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.0.0-3.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.3.4-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.23.0-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.1.11-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.0.2-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.2.0-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.6.1-3.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.7.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.6.1-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.4.7-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.0.4-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.9.13-3.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.8.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:4.0.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.3.2-5.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.3.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.1.1-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.4.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:7-5.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.1.1-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.3.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.2.2-4.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.1.2-4.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-4.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.2.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.2.0-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.0.1-3.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:7.1.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.0.8-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.0.2-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:5.2.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.1.4-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.0.2-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.0.0-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.5.2-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.61.0-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.0.1-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.1.6-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.1.3-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.4.4-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.13.0-3.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.10.0-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.0.9-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.1.33-3.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.2.1-3.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.10.31-2.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.0.4-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:3.0.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:3.1.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.3.1-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.4.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.0.6-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.6.9-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.0.3-3.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:3.2.2-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.0.1-4.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:4.0.0-4.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.0.0-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.24.0-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:3.7.9-1.git.4.d445616.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.4.4.17__redhat_1-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.1-1.git5bd9251.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.0.1-5.git78d6339.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.08-20.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.0.14-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.34.0-5.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.0.3-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:2016.9.26-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:4.1-3.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.0.2-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.6.1-1.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:2.4.2-1.3.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.3.0-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.9.2-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.0.0-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.0.1-9.2.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-0.3.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.1.1-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.6.5-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.4.32-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.5.7-4.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.4.1-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.4.9-3.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.15.23-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.6.0-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.5.2.2-3.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.21.1-1.el7", - "version_affected": "!" - }, - { - "version_value": "1:4.2.9-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.3.6-6.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:1.5.1-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.22.4-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.5.20170404-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.58.0-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.13.0-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.9.18-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.4.0-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.1.1-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.9.5.1-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.29.0-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.6.0-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.5.6-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.4.5-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.0.8-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.0.11-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.9.8-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.6.0-4.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.8.6-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.1.0-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.1-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.2016.0521-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:5.8.5-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.12.1-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.0.0-3.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.11.0-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.0.3-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.1.0-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.2.4-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.0.5-4.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.3.0-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.3.6-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.2.3-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.2017.2-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.1.4-4.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.0.7.4-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.1.5-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.3.0-4.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.05-5.el7aos", - "version_affected": "!" - }, - { - "version_value": "0:0.9.1-14.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "all" } ] } @@ -1365,16 +64,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2017:3389" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2017-12195", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-12195" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501986", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1501986" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12195", "refsource": "MISC", @@ -1382,12 +71,6 @@ } ] }, - "credits": [ - { - "lang": "en", - "value": "This issue was discovered by Rich Megginson (Red Hat)." - } - ], "impact": { "cvss": [ { diff --git a/2017/12xxx/CVE-2017-12197.json b/2017/12xxx/CVE-2017-12197.json index 04a59743f5d..ab3d3a91537 100644 --- a/2017/12xxx/CVE-2017-12197.json +++ b/2017/12xxx/CVE-2017-12197.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "DATE_PUBLIC": "2018-01-16T00:00:00", "ID": "CVE-2017-12197", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "libpam4j", - "version": { - "version_data": [ - { - "version_value": "up to and including 1.8" - } - ] - } - } - ] - }, - "vendor_name": "Red Hat, Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,43 +21,68 @@ "description": [ { "lang": "eng", - "value": "CWE-863" + "value": "CWE-863", + "cweId": "CWE-863" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat, Inc.", + "product": { + "product_data": [ + { + "product_name": "libpam4j", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "up to and including 1.8" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[debian-lts-announce] 20171107 [SECURITY] [DLA 1165-1] libpam4j security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00008.html" + "url": "https://access.redhat.com/errata/RHSA-2017:2904", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:2904" }, { - "name": "RHSA-2017:2904", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2904" + "url": "https://access.redhat.com/errata/RHSA-2017:2905", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:2905" }, { - "name": "RHSA-2017:2905", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2905" + "url": "https://access.redhat.com/errata/RHSA-2017:2906", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:2906" }, { - "name": "RHSA-2017:2906", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2906" + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00008.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2017/11/msg00008.html" }, { - "name": "DSA-4025", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2017/dsa-4025" + "url": "https://www.debian.org/security/2017/dsa-4025", + "refsource": "MISC", + "name": "https://www.debian.org/security/2017/dsa-4025" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1503103", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503103" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503103", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1503103" } ] } diff --git a/2017/15xxx/CVE-2017-15085.json b/2017/15xxx/CVE-2017-15085.json index fbfe389cae5..74c3123703b 100644 --- a/2017/15xxx/CVE-2017-15085.json +++ b/2017/15xxx/CVE-2017-15085.json @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Channel Accessible by Non-Endpoint", + "value": "CWE-300", "cweId": "CWE-300" } ] @@ -32,16 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "Red Hat, Inc.", "product": { "product_data": [ { - "product_name": "Red Hat Gluster Storage 3.3 for RHEL 6", + "product_name": "Gluster Storage for RHEL 6", "version": { "version_data": [ { - "version_value": "0:4.6.3-8.el6rhs", - "version_affected": "!" + "version_affected": "=", + "version_value": "3.3" } ] } @@ -64,39 +64,11 @@ "refsource": "MISC", "name": "http://www.securityfocus.com/bid/101554" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2017-15085", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-15085" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1505787", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1505787" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15085", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15085" } ] - }, - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "NONE", - "baseScore": 8.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "version": "3.0" - } - ] } } \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15086.json b/2017/15xxx/CVE-2017-15086.json index ff5a113fa25..8a3dc0fad9b 100644 --- a/2017/15xxx/CVE-2017-15086.json +++ b/2017/15xxx/CVE-2017-15086.json @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Channel Accessible by Non-Endpoint", + "value": "CWE-300", "cweId": "CWE-300" } ] @@ -32,16 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "Red Hat, Inc.", "product": { "product_data": [ { - "product_name": "Red Hat Gluster Storage 3.3 for RHEL 6", + "product_name": "Gluster Storage for RHEL 6", "version": { "version_data": [ { - "version_value": "0:4.6.3-8.el6rhs", - "version_affected": "!" + "version_affected": "=", + "version_value": "3.3" } ] } @@ -64,39 +64,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2017:3110" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2017-15086", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-15086" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1505785", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1505785" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15086", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15086" } ] - }, - "impact": { - "cvss": [ - { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 7.4, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "version": "3.0" - } - ] } } \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15087.json b/2017/15xxx/CVE-2017-15087.json index c006973b58d..385a8813abc 100644 --- a/2017/15xxx/CVE-2017-15087.json +++ b/2017/15xxx/CVE-2017-15087.json @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Exposure of Sensitive Information to an Unauthorized Actor", + "value": "CWE-200", "cweId": "CWE-200" } ] @@ -32,16 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "Red Hat, Inc.", "product": { "product_data": [ { - "product_name": "Red Hat Gluster Storage 3.3 for RHEL 6", + "product_name": "Gluster Storage for RHEL 6", "version": { "version_data": [ { - "version_value": "0:4.6.3-8.el6rhs", - "version_affected": "!" + "version_affected": "=", + "version_value": "3.3" } ] } @@ -64,39 +64,11 @@ "refsource": "MISC", "name": "http://www.securityfocus.com/bid/101556" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2017-15087", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-15087" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1505788", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1505788" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15087", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15087" } ] - }, - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "NONE", - "baseScore": 4.1, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", - "version": "3.0" - } - ] } } \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15091.json b/2017/15xxx/CVE-2017-15091.json index 9ad363534c0..571d6c87999 100644 --- a/2017/15xxx/CVE-2017-15091.json +++ b/2017/15xxx/CVE-2017-15091.json @@ -1,39 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "DATE_PUBLIC": "2017-11-27T00:00:00", "ID": "CVE-2017-15091", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "PowerDNS Authoritative", - "version": { - "version_data": [ - { - "version_value": "4.x up to and including 4.0.4" - }, - { - "version_value": "3.x up to and including 3.4.11" - } - ] - } - } - ] - }, - "vendor_name": "PowerDNS" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -48,23 +21,52 @@ "description": [ { "lang": "eng", - "value": "CWE-863" + "value": "CWE-863", + "cweId": "CWE-863" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PowerDNS", + "product": { + "product_data": [ + { + "product_name": "PowerDNS Authoritative", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.x up to and including 4.0.4" + }, + { + "version_affected": "=", + "version_value": "3.x up to and including 3.4.11" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "101982", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/101982" + "url": "http://www.securityfocus.com/bid/101982", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/101982" }, { - "name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html", - "refsource": "CONFIRM", - "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html" + "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html", + "refsource": "MISC", + "name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html" } ] } diff --git a/2017/15xxx/CVE-2017-15096.json b/2017/15xxx/CVE-2017-15096.json index f5862e9d9fd..defe3f64e73 100644 --- a/2017/15xxx/CVE-2017-15096.json +++ b/2017/15xxx/CVE-2017-15096.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2017-15096 glusterfs: Null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c" + "value": "A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer", - "cweId": "CWE-119" + "value": "Null pointer dereference" } ] } @@ -32,50 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "Red Hat, Inc.", "product": { "product_data": [ { - "product_name": "Native Client for RHEL 7 for Red Hat Storage", + "product_name": "GlusterFS", "version": { "version_data": [ { - "version_value": "0:6.0-21.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Gluster Storage 3.5 for RHEL 7", - "version": { - "version_data": [ - { - "version_value": "0:6.0-21.el7rhgs", - "version_affected": "!" - }, - { - "version_value": "0:7.7-16.el7rhgs", - "version_affected": "!" - }, - { - "version_value": "0:70.7.0-3.el7rhgs", - "version_affected": "!" - }, - { - "version_value": "0:3.5.0.0-1.el7rhgs", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "0:6.0-21.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "Prior to 3.10" } ] } @@ -88,39 +53,11 @@ }, "references": { "reference_data": [ - { - "url": "https://access.redhat.com/errata/RHEA-2019:3249", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHEA-2019:3249" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2017-15096", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-15096" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1504255", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1504255" } ] - }, - "impact": { - "cvss": [ - { - "attackComplexity": "HIGH", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "LOW", - "baseScore": 1.8, - "baseSeverity": "LOW", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "HIGH", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L", - "version": "3.0" - } - ] } } \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15097.json b/2017/15xxx/CVE-2017-15097.json index 2b9f1ad7c68..dae37ace08e 100644 --- a/2017/15xxx/CVE-2017-15097.json +++ b/2017/15xxx/CVE-2017-15097.json @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Link Resolution Before File Access ('Link Following')", + "value": "CWE-59", "cweId": "CWE-59" } ] @@ -36,129 +36,12 @@ "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "postgresql init script", "version": { "version_data": [ { - "version_value": "0:9.2.23-3.el7_4", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", - "version": { - "version_data": [ - { - "version_value": "0:9.4.14-2.el6", - "version_affected": "!" - }, - { - "version_value": "0:9.5.9-4.el6", - "version_affected": "!" - }, - { - "version_value": "0:9.6.5-2.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", - "version": { - "version_data": [ - { - "version_value": "0:9.4.14-2.el6", - "version_affected": "!" - }, - { - "version_value": "0:9.5.9-4.el6", - "version_affected": "!" - }, - { - "version_value": "0:9.6.5-2.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "0:9.4.14-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:9.5.9-4.el7", - "version_affected": "!" - }, - { - "version_value": "0:9.6.5-2.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", - "version": { - "version_data": [ - { - "version_value": "0:9.4.14-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:9.5.9-4.el7", - "version_affected": "!" - }, - { - "version_value": "0:9.6.5-2.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", - "version": { - "version_data": [ - { - "version_value": "0:9.4.14-2.el7", - "version_affected": "!" - }, - { - "version_value": "0:9.5.9-4.el7", - "version_affected": "!" - }, - { - "version_value": "0:9.6.5-2.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Virtualization Engine 4.2", - "version": { - "version_data": [ - { - "version_value": "0:9.5.9-4.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Virtualization Engine 4.3", - "version": { - "version_data": [ - { - "version_value": "0:9.5.9-4.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "all" } ] } @@ -196,16 +79,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2017:3405" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2017-15097", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-15097" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508985", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1508985" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097", "refsource": "MISC", @@ -213,12 +86,6 @@ } ] }, - "credits": [ - { - "lang": "en", - "value": "This issue was discovered by Pedro Barbosa (Red Hat) and the PostgreSQL project. Upstream acknowledges Antoine Scemama (Brainloop) as the original reporter." - } - ], "impact": { "cvss": [ { diff --git a/2017/15xxx/CVE-2017-15100.json b/2017/15xxx/CVE-2017-15100.json index d03d5204dca..28b375dcc89 100644 --- a/2017/15xxx/CVE-2017-15100.json +++ b/2017/15xxx/CVE-2017-15100.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2017-15100 foreman: Stored XSS in fact name or value" + "value": "An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the \"chart\" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics page, for facts that are aggregated on this page." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "value": "CWE-79", "cweId": "CWE-79" } ] @@ -32,1136 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "Foreman Project", "product": { "product_data": [ { - "product_name": "Red Hat Satellite 6.4 for RHEL 7", + "product_name": "Foreman", "version": { "version_data": [ { - "version_value": "0:1.5-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.8-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.7.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.18.0.37-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:201801241201-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:1.18.0.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.18.0.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.12.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:332.14-12.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.7.0-8.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.6.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.7.0.10-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.0.3-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.5.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0-2.585svn.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.1.0-3.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.1.0-1.el7", - "version_affected": "!" - }, - { - "version_value": "1:20.4-1.6.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.12-10.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.6.11-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2017.1-2.atomic.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.16.4.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.1.4.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.2-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.16.4-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.16.4.1-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.5.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.5.1-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.16-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.2.1-1.20140510git08b00d9.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.3.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.2.2-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.3-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:3.5.0.3-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.0.2-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.1.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.11.11-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:0.10.1-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.7.3-12.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.3.7-1.el7ui", - "version_affected": "!" - }, - { - "version_value": "0:0.5.0-5.pulp.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.23-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.7.2-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.6-11.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:4.0.2-8.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.10.5-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.5.6-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.5.211-8.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.32-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.35.0-5.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.2.0-6.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.2.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:12.2.0-4.el7", - "version_affected": "!" - }, - { - "version_value": "0:12.1.0-5.el7_2", - "version_affected": "!" - }, - { - "version_value": "0:1.1.3-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.0.5-4.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.36.0-19.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.8.0-19.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.16.0-12.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.9-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.6.6-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.4.3-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.4.1-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1.2-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:1.0.3-6.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1.0-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.4.0-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.0-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1.2-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.5-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.7.8-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.1.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.6-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1.3-22.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.2.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.19-7.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.12.2-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.7.7-9.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.6-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.5.4-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.4.7-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.0.18-24.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.17-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:1.6.4-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.5.3-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.2.2-41.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.7-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.6.7-7.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.3-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.4.2-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.10.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:1.4.7-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.2-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.9-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.2.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.6.11-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.2.0-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.7-2.git.0.3b416c9.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.22-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:6.4.0-15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:6.4.0.7-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.11.6-17.el7", - "version_affected": "!" - }, - { - "version_value": "0:4.0-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.1.6-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:8.0.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.2.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.2.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.12.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.5-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.7.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.7.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.4.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.1.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.7.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.2016.0521-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.8.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.7.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.3-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.7.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.2.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.13-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.20.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.6-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.8-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.5.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.4-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.6.5-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1.0-6.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.3.6-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.7.3-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.0.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.7.2-19.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:1.0.2-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.2.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.5-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.5.7-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.7.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.3-9.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.8.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:6.1.11-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:0.2.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.4.7-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.3-6.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.2.2-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.0-10.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.0.1-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.28.0-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.5.20160310-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.5.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.58.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.16-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.0-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.1-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.4.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.4.0-11.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.42.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.45.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.0-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.2-9.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.4.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.25-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.4-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.3.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.2.3-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.2-6.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.2.9-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.1.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:12.0.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:12.0.2.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.1.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.14.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.10.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.13-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.5.6-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.13.4.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.2.5-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:6.0.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.1.11-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.2.1-10.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.1.0-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.1-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.5-8.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.8.2-10.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.0-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.13.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.3.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.13.2.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.8-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.3.3-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.6-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.12-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.3-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.13.4.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.2-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.8.0-10.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.3-11.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.10-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.0-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.7.0.41-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.3-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.4.7-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.9-12.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.2.2-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.15.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.11.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.0.1-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.4.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.2.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.2-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.4-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.21.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.5-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.7.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.36.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.2.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.1-6.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.0.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.2.1-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.7-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.10.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.1.6-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1.4-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.4.1-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.2.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-20.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.7.0-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.10.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.8.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.5-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.1.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.0.5-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.7.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.10.0-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.6.0-9.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.9.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.1.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.1.2-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.3-6.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.6-8.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.4.4.1-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.16.8-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.5.0-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.8-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.1.5-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.5.5-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:3.14.5.10-19.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.5.1-7.el7sat", - "version_affected": "!" + "version_affected": "=", + "version_value": "1.2 and later, a fix is planned for 1.16.0" } ] } @@ -1184,39 +64,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2018:2927" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2017-15100", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2017-15100" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508551", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1508551" - }, { "url": "https://github.com/theforeman/foreman/pull/4967", "refsource": "MISC", "name": "https://github.com/theforeman/foreman/pull/4967" } ] - }, - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 6.1, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "version": "3.0" - } - ] } } \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15103.json b/2017/15xxx/CVE-2017-15103.json index c0ca9c211bc..b2f9447736e 100644 --- a/2017/15xxx/CVE-2017-15103.json +++ b/2017/15xxx/CVE-2017-15103.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A security-check flaw was found in the way the Heketi server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation." + "value": "A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "value": "CWE-78", "cweId": "CWE-78" } ] @@ -32,16 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "Heketi", "product": { "product_data": [ { - "product_name": "Red Hat Gluster Storage 3.3 for RHEL 7", + "product_name": "Heketi", "version": { "version_data": [ { - "version_value": "0:5.0.0-19.el7rhgs", - "version_affected": "!" + "version_affected": "=", + "version_value": "5.0" } ] } @@ -70,29 +70,5 @@ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1510147" } ] - }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Markus Krell (NTT Security) for reporting this issue." - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - ] } } \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15104.json b/2017/15xxx/CVE-2017-15104.json index 95779ca251e..5de02223009 100644 --- a/2017/15xxx/CVE-2017-15104.json +++ b/2017/15xxx/CVE-2017-15104.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An access flaw was found in heketi, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file." + "value": "An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Files or Directories Accessible to External Parties", + "value": "CWE-552", "cweId": "CWE-552" } ] @@ -32,16 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "Heketi", "product": { "product_data": [ { - "product_name": "Red Hat Gluster Storage 3.3 for RHEL 7", + "product_name": "Heketi", "version": { "version_data": [ { - "version_value": "0:5.0.0-19.el7rhgs", - "version_affected": "!" + "version_affected": "=", + "version_value": "5.0" } ] } @@ -64,39 +64,15 @@ "refsource": "MISC", "name": "https://access.redhat.com/security/cve/CVE-2017-15104" }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510149", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1510149" - }, { "url": "https://github.com/heketi/heketi/releases/tag/v5.0.1", "refsource": "MISC", "name": "https://github.com/heketi/heketi/releases/tag/v5.0.1" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "This issue was discovered by Siddharth Sharma (Red Hat)." - } - ], - "impact": { - "cvss": [ + }, { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "version": "3.0" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510149", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1510149" } ] } diff --git a/2017/15xxx/CVE-2017-15107.json b/2017/15xxx/CVE-2017-15107.json index 683b684c05c..bc63ae0ed04 100644 --- a/2017/15xxx/CVE-2017-15107.json +++ b/2017/15xxx/CVE-2017-15107.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "DATE_PUBLIC": "2018-01-19T00:00:00", "ID": "CVE-2017-15107", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "dnsmasq", - "version": { - "version_data": [ - { - "version_value": "up to and including 2.78" - } - ] - } - } - ] - }, - "vendor_name": "Simon Kelley" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,28 +21,53 @@ "description": [ { "lang": "eng", - "value": "CWE-358" + "value": "CWE-358", + "cweId": "CWE-358" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Simon Kelley", + "product": { + "product_data": [ + { + "product_name": "dnsmasq", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "up to and including 2.78" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[dnsmasq-discuss] 20180119 DNSSEC security fix.", - "refsource": "MLIST", - "url": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00027.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00027.html" }, { - "name": "102812", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/102812" + "url": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html", + "refsource": "MISC", + "name": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2669", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00027.html" + "url": "http://www.securityfocus.com/bid/102812", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/102812" } ] } diff --git a/2023/0xxx/CVE-2023-0795.json b/2023/0xxx/CVE-2023-0795.json new file mode 100644 index 00000000000..8dd1324e4f2 --- /dev/null +++ b/2023/0xxx/CVE-2023-0795.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0795", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file