admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 02:32:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-13 04:01:20 +00:00
parent f42d149bda
commit a7d350d2a5
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
36 changed files with 1505 additions and 3204 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

141
2012/4xxx/CVE-2012-4388.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4388",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398."
"value": "The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398."
}
]
},
@ -50,62 +27,86 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://security-tracker.debian.org/tracker/CVE-2012-4388",
"refsource": "CONFIRM",
"url": "http://security-tracker.debian.org/tracker/CVE-2012-4388"
},
{
"name": "[oss-security] 20120905 Re: php header() header injection detection bypass",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/09/05/15"
},
{
"name": "1027463",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027463"
},
{
"name": "[oss-security] 20120906 Re: Re: php header() header injection detection bypass",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/09/07/3"
},
{
"name": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/SAPI.c?r1=323986&r2=323985&pathrev=323986",
"refsource": "CONFIRM",
"url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/SAPI.c?r1=323986&r2=323985&pathrev=323986"
},
{
"name": "https://bugs.php.net/bug.php?id=60227",
"url": "http://www.ubuntu.com/usn/USN-1569-1",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=60227"
"name": "http://www.ubuntu.com/usn/USN-1569-1"
},
{
"name": "[oss-security] 20120829 php header() header injection detection bypass",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/08/29/5"
"url": "http://article.gmane.org/gmane.comp.php.devel/70584",
"refsource": "MISC",
"name": "http://article.gmane.org/gmane.comp.php.devel/70584"
},
{
"name": "[oss-security] 20120901 Re: php header() header injection detection bypass",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/09/02/1"
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html"
},
{
"name": "SUSE-SU-2013:1315",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html"
"url": "http://openwall.com/lists/oss-security/2012/08/29/5",
"refsource": "MISC",
"name": "http://openwall.com/lists/oss-security/2012/08/29/5"
},
{
"name": "[internals] 20120203 [PHP-DEV] The case of HTTP response splitting protection in PHP",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.php.devel/70584"
"url": "http://openwall.com/lists/oss-security/2012/09/02/1",
"refsource": "MISC",
"name": "http://openwall.com/lists/oss-security/2012/09/02/1"
},
{
"name": "USN-1569-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1569-1"
"url": "http://openwall.com/lists/oss-security/2012/09/05/15",
"refsource": "MISC",
"name": "http://openwall.com/lists/oss-security/2012/09/05/15"
},
{
"url": "http://openwall.com/lists/oss-security/2012/09/07/3",
"refsource": "MISC",
"name": "http://openwall.com/lists/oss-security/2012/09/07/3"
},
{
"url": "http://security-tracker.debian.org/tracker/CVE-2012-4388",
"refsource": "MISC",
"name": "http://security-tracker.debian.org/tracker/CVE-2012-4388"
},
{
"url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/SAPI.c?r1=323986&r2=323985&pathrev=323986",
"refsource": "MISC",
"name": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/SAPI.c?r1=323986&r2=323985&pathrev=323986"
},
{
"url": "http://www.securitytracker.com/id?1027463",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1027463"
},
{
"url": "https://bugs.php.net/bug.php?id=60227",
"refsource": "MISC",
"name": "https://bugs.php.net/bug.php?id=60227"
}
]
}

115
2012/4xxx/CVE-2012-4398.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4398",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,57 +27,81 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[linux-kernel] 20120207 [PATCH 5/5] kmod: make __request_module() killable",
"refsource": "MLIST",
"url": "http://lkml.indiana.edu/hypermail/linux/kernel/1202.0/03340.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"name": "RHSA-2013:0223",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0223.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/linux-3.4.tar.bz2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/linux-3.4.tar.bz2"
"url": "http://lkml.indiana.edu/hypermail/linux/kernel/1202.0/03340.html",
"refsource": "MISC",
"name": "http://lkml.indiana.edu/hypermail/linux/kernel/1202.0/03340.html"
},
{
"name": "[oss-security] 20120902 CVE Request -- kernel: request_module() OOM local DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/3"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0223.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0223.html"
},
{
"name": "55077",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55077"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1348.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1348.html"
},
{
"name": "RHSA-2013:1348",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1348.html"
"url": "http://secunia.com/advisories/55077",
"refsource": "MISC",
"name": "http://secunia.com/advisories/55077"
},
{
"name": "SUSE-SU-2015:0481",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/linux-3.4.tar.bz2",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/linux-3.4.tar.bz2"
},
{
"name": "openSUSE-SU-2015:0566",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/09/02/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=853474",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=853474"
"url": "http://www.securityfocus.com/bid/55361",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55361"
},
{
"name": "55361",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55361"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=853474",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=853474"
}
]
}

109
2012/4xxx/CVE-2012-4404.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4404",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,52 +27,76 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-1604-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1604-1"
"url": "http://moinmo.in/SecurityFixes",
"refsource": "MISC",
"name": "http://moinmo.in/SecurityFixes"
},
{
"name": "50496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50496"
"url": "http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16",
"refsource": "MISC",
"name": "http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
"url": "http://secunia.com/advisories/50474",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50474"
},
{
"name": "DSA-2538",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2538"
"url": "http://secunia.com/advisories/50496",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50496"
},
{
"name": "[oss-security] 20120904 CVE request: moinmoin incorrect ACL evaluation for virtual groups",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/04/4"
"url": "http://secunia.com/advisories/50885",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50885"
},
{
"name": "50885",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50885"
"url": "http://www.debian.org/security/2012/dsa-2538",
"refsource": "MISC",
"name": "http://www.debian.org/security/2012/dsa-2538"
},
{
"name": "50474",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50474"
"url": "http://www.openwall.com/lists/oss-security/2012/09/04/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/09/04/4"
},
{
"name": "http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16"
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/09/05/2"
},
{
"name": "[oss-security] 20120904 Re: CVE request: moinmoin incorrect ACL evaluation for virtual groups",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/2"
"url": "http://www.ubuntu.com/usn/USN-1604-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1604-1"
}
]
}

64
2012/4xxx/CVE-2012-4405.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write"
"value": "Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write",
"cweId": "CWE-787"
"value": "n/a"
}
]
}
@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:8.70-14.el5_8.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:8.70-14.el6_3.1",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -130,21 +118,6 @@
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1581-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1256",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1256"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-4405",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-4405"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=854227",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=854227"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78411",
"refsource": "MISC",
@ -156,30 +129,5 @@
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0301"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}
}

141
2012/4xxx/CVE-2012-4406.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2012-4406 Openstack-Swift: insecure use of python pickle()"
"value": "OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data",
"cweId": "CWE-502"
"value": "n/a"
}
]
}
@ -32,96 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Native Client for RHEL 5 for Red Hat Storage",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.3.0.7rhs-1.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Native Client for RHEL 6 for Red Hat Storage",
"version": {
"version_data": [
{
"version_value": "0:3.3.0.7rhs-1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "OpenStack Essex for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:1.4.8-5.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Storage 2.0",
"version": {
"version_data": [
{
"version_value": "0:1.7.1-1.el6rhs",
"version_affected": "!"
},
{
"version_value": "0:0.9.0-1.el6",
"version_affected": "!"
},
{
"version_value": "0:3.3.0.7rhs-1.el6rhs",
"version_affected": "!"
},
{
"version_value": "0:1.4.8-5.el6rhs",
"version_affected": "!"
},
{
"version_value": "0:0.9.10-21.el6_3.8",
"version_affected": "!"
},
{
"version_value": "0:1.0.0-73.el6rhs",
"version_affected": "!"
},
{
"version_value": "0:2.3-4.el6_3",
"version_affected": "!"
},
{
"version_value": "0:2.2-17.2.el6rhs",
"version_affected": "!"
},
{
"version_value": "0:4.9.6-20.el6rhs",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Storage 2.0 Console",
"version": {
"version_data": [
{
"version_value": "0:2.0.techpreview1-4",
"version_affected": "!"
},
{
"version_value": "0:4.9.6-20.el6rhs",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -139,11 +58,6 @@
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0691.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:0691",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0691"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html",
"refsource": "MISC",
@ -169,26 +83,11 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55420"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1379",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1379"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-4406",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-4406"
},
{
"url": "https://bugs.launchpad.net/swift/+bug/1006414",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/swift/+bug/1006414"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=854757",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=854757"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79140",
"refsource": "MISC",
@ -203,31 +102,11 @@
"url": "https://launchpad.net/swift/+milestone/1.7.0",
"refsource": "MISC",
"name": "https://launchpad.net/swift/+milestone/1.7.0"
}
]
},
"impact": {
"cvss": [
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=854757",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=854757"
}
]
}

157
2012/4xxx/CVE-2012-4414.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4414",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete."
"value": "Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete."
}
]
},
@ -50,67 +27,91 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://mariadb.atlassian.net/browse/MDEV-382",
"refsource": "CONFIRM",
"url": "https://mariadb.atlassian.net/browse/MDEV-382"
},
{
"name": "http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"refsource": "MISC",
"url": "http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/"
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "MDVSA-2013:102",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102"
},
{
"name": "openSUSE-SU-2013:0156",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html"
},
{
"name": "openSUSE-SU-2013:0135",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html"
},
{
"name": "openSUSE-SU-2013:0011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html"
},
{
"name": "openSUSE-SU-2013:0014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html"
},
{
"name": "[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/11/4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=852144",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=852144"
},
{
"name": "http://bugs.mysql.com/bug.php?id=66550",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102",
"refsource": "MISC",
"url": "http://bugs.mysql.com/bug.php?id=66550"
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
"url": "http://bugs.mysql.com/bug.php?id=66550",
"refsource": "MISC",
"name": "http://bugs.mysql.com/bug.php?id=66550"
},
{
"name": "55498",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55498"
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html"
},
{
"url": "http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/",
"refsource": "MISC",
"name": "http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/09/11/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/09/11/4"
},
{
"url": "http://www.securityfocus.com/bid/55498",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55498"
},
{
"url": "https://mariadb.atlassian.net/browse/MDEV-382",
"refsource": "MISC",
"name": "https://mariadb.atlassian.net/browse/MDEV-382"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=852144",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=852144"
}
]
}

111
2012/4xxx/CVE-2012-4415.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4415",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,52 +27,76 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "55497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55497"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=856743",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0107.html",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=856743"
"name": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0107.html"
},
{
"name": "[oss-security] 20120911 Re: CVE id request: guacd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/11/7"
"url": "http://guac-dev.org/trac/changeset/7dcefa744b4a38825619c00ae8b47e5bae6e38c0/libguac",
"refsource": "MISC",
"name": "http://guac-dev.org/trac/changeset/7dcefa744b4a38825619c00ae8b47e5bae6e38c0/libguac"
},
{
"name": "FEDORA-2012-14097",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088272.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088031.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088031.html"
},
{
"name": "http://guac-dev.org/trac/changeset/7dcefa744b4a38825619c00ae8b47e5bae6e38c0/libguac",
"refsource": "CONFIRM",
"url": "http://guac-dev.org/trac/changeset/7dcefa744b4a38825619c00ae8b47e5bae6e38c0/libguac"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088218.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088218.html"
},
{
"name": "[oss-security] 20120911 CVE id request: guacd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/11/3"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088272.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088272.html"
},
{
"name": "FEDORA-2012-13914",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088031.html"
"url": "http://www.openwall.com/lists/oss-security/2012/09/11/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/09/11/3"
},
{
"name": "FEDORA-2012-14179",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088218.html"
"url": "http://www.openwall.com/lists/oss-security/2012/09/11/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/09/11/7"
},
{
"name": "20120924 CVE-2012-4415: guacamole local root vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0107.html"
"url": "http://www.securityfocus.com/bid/55497",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55497"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=856743",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=856743"
}
]
}

84
2012/4xxx/CVE-2012-4417.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2012-4417 GlusterFS: insecure temporary file creation"
"value": "GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Insecure Temporary File",
"cweId": "CWE-377"
"value": "n/a"
}
]
}
@ -32,42 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Native Client for RHEL 5 for Red Hat Storage",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.3.0.5rhs-37.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Native Client for RHEL 6 for Red Hat Storage",
"version": {
"version_data": [
{
"version_value": "0:3.3.0.5rhs-37.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Storage 2.0",
"version": {
"version_data": [
{
"version_value": "0:3.3.0.5rhs-37.el6rhs",
"version_affected": "!"
},
{
"version_value": "0:2.2-17.1.el6rhs",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -96,55 +69,14 @@
"name": "http://www.securitytracker.com/id?1027756"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1456",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80074",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1456"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-4417",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-4417"
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80074"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=856341",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=856341"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80074",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80074"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Jim Meyering and Kurt Seifried (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

95
2012/4xxx/CVE-2012-4418.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4418",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120912 Re: CVE Request: Apache Axis2 XML Signature Wrapping Attack",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/1"
},
{
"name": "[oss-security] 20120912 CVE Request: Apache Axis2 XML Signature Wrapping Attack",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/12/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=856755",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=856755"
},
{
"name": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf",
"url": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf",
"refsource": "MISC",
"url": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf"
"name": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf"
},
{
"name": "55508",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55508"
"url": "http://www.openwall.com/lists/oss-security/2012/09/12/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/09/12/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/09/13/1"
},
{
"url": "http://www.securityfocus.com/bid/55508",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55508"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=856755",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=856755"
}
]
}

119
2013/1xxx/CVE-2013-1828.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1828",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,47 +27,71 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://twitter.com/grsecurity/statuses/309805924749541376",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=726bc6b092da4c093eb74d13c07184b18c1af0f1",
"refsource": "MISC",
"url": "http://twitter.com/grsecurity/statuses/309805924749541376"
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=726bc6b092da4c093eb74d13c07184b18c1af0f1"
},
{
"name": "24747",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/24747"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=919315",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919315"
},
{
"name": "[oss-security] 20130307 Re: CVE Request -- Linux kernel: sctp: SCTP_GET_ASSOC_STATS stack overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/08/2"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=726bc6b092da4c093eb74d13c07184b18c1af0f1",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=726bc6b092da4c093eb74d13c07184b18c1af0f1"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4"
},
{
"name": "http://grsecurity.net/~spender/sctp.c",
"url": "http://grsecurity.net/~spender/sctp.c",
"refsource": "MISC",
"url": "http://grsecurity.net/~spender/sctp.c"
"name": "http://grsecurity.net/~spender/sctp.c"
},
{
"name": "https://github.com/torvalds/linux/commit/726bc6b092da4c093eb74d13c07184b18c1af0f1",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/726bc6b092da4c093eb74d13c07184b18c1af0f1"
"url": "http://twitter.com/grsecurity/statuses/309805924749541376",
"refsource": "MISC",
"name": "http://twitter.com/grsecurity/statuses/309805924749541376"
},
{
"url": "http://www.exploit-db.com/exploits/24747",
"refsource": "MISC",
"name": "http://www.exploit-db.com/exploits/24747"
},
{
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/03/08/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/03/08/2"
},
{
"url": "https://github.com/torvalds/linux/commit/726bc6b092da4c093eb74d13c07184b18c1af0f1",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/726bc6b092da4c093eb74d13c07184b18c1af0f1"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919315",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=919315"
}
]
}

161
2013/1xxx/CVE-2013-1838.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1838",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,77 +27,101 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[openstack] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)",
"refsource": "MLIST",
"url": "https://lists.launchpad.net/openstack/msg21892.html"
},
{
"name": "58492",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58492"
},
{
"name": "https://bugs.launchpad.net/nova/+bug/1125468",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/nova/+bug/1125468"
},
{
"name": "USN-1771-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1771-1"
},
{
"name": "https://review.openstack.org/#/c/24453/",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/#/c/24453/"
},
{
"name": "52728",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52728"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=919648",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919648"
"name": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"
},
{
"name": "52580",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52580"
"url": "http://secunia.com/advisories/52728",
"refsource": "MISC",
"name": "http://secunia.com/advisories/52728"
},
{
"name": "91303",
"refsource": "OSVDB",
"url": "http://osvdb.org/91303"
"url": "http://osvdb.org/91303",
"refsource": "MISC",
"name": "http://osvdb.org/91303"
},
{
"name": "https://review.openstack.org/#/c/24452/",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/#/c/24452/"
"url": "http://secunia.com/advisories/52580",
"refsource": "MISC",
"name": "http://secunia.com/advisories/52580"
},
{
"name": "nova-fixedips-dos(82877)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877"
"url": "http://ubuntu.com/usn/usn-1771-1",
"refsource": "MISC",
"name": "http://ubuntu.com/usn/usn-1771-1"
},
{
"name": "RHSA-2013:0709",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"
"url": "http://www.openwall.com/lists/oss-security/2013/03/14/18",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/03/14/18"
},
{
"name": "https://review.openstack.org/#/c/24451/",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/#/c/24451/"
"url": "http://www.securityfocus.com/bid/58492",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/58492"
},
{
"name": "[oss-security] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/14/18"
"url": "https://bugs.launchpad.net/nova/+bug/1125468",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/nova/+bug/1125468"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877"
},
{
"url": "https://lists.launchpad.net/openstack/msg21892.html",
"refsource": "MISC",
"name": "https://lists.launchpad.net/openstack/msg21892.html"
},
{
"url": "https://review.openstack.org/#/c/24451/",
"refsource": "MISC",
"name": "https://review.openstack.org/#/c/24451/"
},
{
"url": "https://review.openstack.org/#/c/24452/",
"refsource": "MISC",
"name": "https://review.openstack.org/#/c/24452/"
},
{
"url": "https://review.openstack.org/#/c/24453/",
"refsource": "MISC",
"name": "https://review.openstack.org/#/c/24453/"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919648",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=919648"
}
]
}

91
2013/1xxx/CVE-2013-1839.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1839",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,37 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "58316",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58316"
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0025.html",
"refsource": "MISC",
"name": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0025.html"
},
{
"name": "52588",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52588"
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0069.html",
"refsource": "MISC",
"name": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0069.html"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2013_1.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2013_1.txt"
"url": "http://secunia.com/advisories/52588",
"refsource": "MISC",
"name": "http://secunia.com/advisories/52588"
},
{
"name": "20130305 Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0025.html"
"url": "http://www.openwall.com/lists/oss-security/2013/03/11/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/03/11/7"
},
{
"name": "20130307 Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0069.html"
"url": "http://www.securityfocus.com/bid/58316",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/58316"
},
{
"name": "[oss-security] 20130311 Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/11/7"
"url": "http://www.squid-cache.org/Advisories/SQUID-2013_1.txt",
"refsource": "MISC",
"name": "http://www.squid-cache.org/Advisories/SQUID-2013_1.txt"
}
]
}

121
2013/1xxx/CVE-2013-1840.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1840",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,62 +27,86 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "openstack-glance-api-info-disclosure(82878)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82878"
"url": "http://osvdb.org/91304",
"refsource": "MISC",
"name": "http://osvdb.org/91304"
},
{
"name": "https://review.openstack.org/#/c/24437/",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/#/c/24437/"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0707.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0707.html"
},
{
"name": "USN-1764-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1764-1"
"url": "http://secunia.com/advisories/52565",
"refsource": "MISC",
"name": "http://secunia.com/advisories/52565"
},
{
"name": "https://review.openstack.org/#/c/24438/",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/#/c/24438/"
"url": "http://www.openwall.com/lists/oss-security/2013/03/14/15",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/03/14/15"
},
{
"name": "https://bugs.launchpad.net/glance/+bug/1135541",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/glance/+bug/1135541"
"url": "http://www.securityfocus.com/bid/58490",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/58490"
},
{
"name": "52565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52565"
"url": "http://www.ubuntu.com/usn/USN-1764-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1764-1"
},
{
"name": "RHSA-2013:0707",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0707.html"
"url": "https://bugs.launchpad.net/glance/+bug/1135541",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/glance/+bug/1135541"
},
{
"name": "91304",
"refsource": "OSVDB",
"url": "http://osvdb.org/91304"
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82878",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82878"
},
{
"name": "[oss-security] 20130314 [OSSA 2013-007] Backend credentials leak in Glance v1 API (CVE-2013-1840)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/14/15"
"url": "https://review.openstack.org/#/c/24437/",
"refsource": "MISC",
"name": "https://review.openstack.org/#/c/24437/"
},
{
"name": "58490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58490"
"url": "https://review.openstack.org/#/c/24438/",
"refsource": "MISC",
"name": "https://review.openstack.org/#/c/24438/"
},
{
"name": "https://review.openstack.org/#/c/24439/",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/#/c/24439/"
"url": "https://review.openstack.org/#/c/24439/",
"refsource": "MISC",
"name": "https://review.openstack.org/#/c/24439/"
}
]
}

85
2013/1xxx/CVE-2013-1841.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1841",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=920683",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=920683"
"url": "http://www.openwall.com/lists/oss-security/2013/03/04/10",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/03/04/10"
},
{
"name": "58309",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58309"
"url": "http://www.openwall.com/lists/oss-security/2013/03/12/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/03/12/2"
},
{
"name": "[oss-security] 20130304 Reverse lookup issue in Net::Server",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/04/10"
"url": "http://www.securityfocus.com/bid/58309",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/58309"
},
{
"name": "[oss-security] 20130311 Re: Reverse lookup issue in Net::Server",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/12/2"
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82900",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82900"
},
{
"name": "netserver-cve20131841-security-bypass(82900)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82900"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=920683",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=920683"
}
]
}

145
2013/1xxx/CVE-2013-1848.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1848",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,82 +27,106 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/8d0c2d10dd72c5292eda7a06231056a4c972e4cc",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/8d0c2d10dd72c5292eda7a06231056a4c972e4cc"
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"
},
{
"name": "USN-1812-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1812-1"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
},
{
"name": "MDVSA-2013:176",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0928.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0928.html"
},
{
"name": "RHSA-2013:1051",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1051.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1026.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1026.html"
},
{
"name": "RHSA-2013:0928",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0928.html"
"url": "http://www.ubuntu.com/usn/USN-1809-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1809-1"
},
{
"name": "USN-1809-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1809-1"
"url": "http://www.ubuntu.com/usn/USN-1812-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1812-1"
},
{
"name": "USN-1814-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1814-1"
"url": "http://www.ubuntu.com/usn/USN-1813-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1813-1"
},
{
"name": "[oss-security] 20130320 CVE-2013-1848 -- Linux kernel: ext3: format string issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/20/8"
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4"
},
{
"name": "USN-1813-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1813-1"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d0c2d10dd72c5292eda7a06231056a4c972e4cc",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d0c2d10dd72c5292eda7a06231056a4c972e4cc"
},
{
"name": "openSUSE-SU-2013:0925",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1051.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1051.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d0c2d10dd72c5292eda7a06231056a4c972e4cc",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d0c2d10dd72c5292eda7a06231056a4c972e4cc"
"url": "http://www.openwall.com/lists/oss-security/2013/03/20/8",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/03/20/8"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4"
"url": "http://www.ubuntu.com/usn/USN-1811-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1811-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=920783",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=920783"
"url": "http://www.ubuntu.com/usn/USN-1814-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1814-1"
},
{
"name": "RHSA-2013:1026",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1026.html"
"url": "https://github.com/torvalds/linux/commit/8d0c2d10dd72c5292eda7a06231056a4c972e4cc",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/8d0c2d10dd72c5292eda7a06231056a4c972e4cc"
},
{
"name": "USN-1811-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1811-1"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=920783",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=920783"
}
]
}

97
2013/1xxx/CVE-2013-1854.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the way Ruby on Rails handled hashes in certain queries. A remote attacker could use this flaw to perform a denial of service (resource consumption) attack by sending specially crafted queries that would result in the creation of Ruby symbols, which were never garbage collected."
"value": "The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption",
"cweId": "CWE-400"
"value": "n/a"
}
]
}
@ -32,55 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Subscription Asset Manager 1.4",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:1.4.3.28-1.el6sam_splice",
"version_affected": "!"
},
{
"version_value": "1:3.2.17-1.el6sam",
"version_affected": "!"
},
{
"version_value": "1:3.2.17-6.el6sam",
"version_affected": "!"
},
{
"version_value": "1:3.2.17-5.el6sam",
"version_affected": "!"
},
{
"version_value": "1:3.2.17-2.el6sam",
"version_affected": "!"
},
{
"version_value": "0:0.6.9-1.el6sam",
"version_affected": "!"
},
{
"version_value": "0:2.5.4-1.el6sam",
"version_affected": "!"
},
{
"version_value": "1:1.4.5-3.el6sam",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEL 6 Version of OpenShift Enterprise",
"version": {
"version_data": [
{
"version_value": "1:3.2.8-6.el6",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -148,56 +108,11 @@
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-1863.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:0699",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0699"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:1863",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1863"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-1854",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-1854"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=921329",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=921329"
},
{
"url": "https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain",
"refsource": "MISC",
"name": "https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}
}

101
2013/1xxx/CVE-2013-1858.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1858",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,37 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e66eded8309ebf679d3d3c1f5820d1f2ca332c71",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e66eded8309ebf679d3d3c1f5820d1f2ca332c71"
},
{
"name": "[oss-security] 20130314 Re: CLONE_NEWUSER|CLONE_FS root exploit",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/14/6"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3"
},
{
"name": "http://stealth.openwall.net/xSports/clown-newuser.c",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3",
"refsource": "MISC",
"url": "http://stealth.openwall.net/xSports/clown-newuser.c"
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3"
},
{
"name": "https://github.com/torvalds/linux/commit/e66eded8309ebf679d3d3c1f5820d1f2ca332c71",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/e66eded8309ebf679d3d3c1f5820d1f2ca332c71"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e66eded8309ebf679d3d3c1f5820d1f2ca332c71",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e66eded8309ebf679d3d3c1f5820d1f2ca332c71"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=921448",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=921448"
"url": "http://stealth.openwall.net/xSports/clown-newuser.c",
"refsource": "MISC",
"name": "http://stealth.openwall.net/xSports/clown-newuser.c"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/03/14/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/03/14/6"
},
{
"url": "https://github.com/torvalds/linux/commit/e66eded8309ebf679d3d3c1f5820d1f2ca332c71",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/e66eded8309ebf679d3d3c1f5820d1f2ca332c71"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=921448",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=921448"
}
]
}

145
2013/1xxx/CVE-2013-1860.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1860",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,82 +27,106 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/c0f5ecee4e741667b2493c742b60b6218d40b3aa",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/c0f5ecee4e741667b2493c742b60b6218d40b3aa"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=921970",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=921970"
"url": "http://www.ubuntu.com/usn/USN-1809-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1809-1"
},
{
"name": "USN-1812-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1812-1"
"url": "http://www.ubuntu.com/usn/USN-1812-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1812-1"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c0f5ecee4e741667b2493c742b60b6218d40b3aa",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c0f5ecee4e741667b2493c742b60b6218d40b3aa"
"url": "http://www.ubuntu.com/usn/USN-1813-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1813-1"
},
{
"name": "RHSA-2014:0328",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0328.html"
"url": "http://www.ubuntu.com/usn/USN-1829-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1829-1"
},
{
"name": "MDVSA-2013:176",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4"
},
{
"name": "USN-1829-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1829-1"
"url": "http://www.ubuntu.com/usn/USN-1811-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1811-1"
},
{
"name": "[oss-security] 20130314 Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/15/3"
"url": "http://www.ubuntu.com/usn/USN-1814-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1814-1"
},
{
"name": "58510",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58510"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c0f5ecee4e741667b2493c742b60b6218d40b3aa",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c0f5ecee4e741667b2493c742b60b6218d40b3aa"
},
{
"name": "USN-1809-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1809-1"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0328.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0328.html"
},
{
"name": "USN-1814-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1814-1"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0339.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0339.html"
},
{
"name": "RHSA-2014:0339",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0339.html"
"url": "http://www.openwall.com/lists/oss-security/2013/03/15/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/03/15/3"
},
{
"name": "USN-1813-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1813-1"
"url": "http://www.securityfocus.com/bid/58510",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/58510"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4"
"url": "https://github.com/torvalds/linux/commit/c0f5ecee4e741667b2493c742b60b6218d40b3aa",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/c0f5ecee4e741667b2493c742b60b6218d40b3aa"
},
{
"name": "USN-1811-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1811-1"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=921970",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=921970"
}
]
}

109
2013/4xxx/CVE-2013-4351.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4351",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,52 +27,76 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138",
"refsource": "CONFIRM",
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
},
{
"name": "openSUSE-SU-2013:1532",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00006.html"
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00003.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00003.html"
},
{
"name": "USN-1987-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1987-1"
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00006.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00006.html"
},
{
"name": "DSA-2773",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2773"
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138",
"refsource": "MISC",
"name": "http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138"
},
{
"name": "[oss-security] 20130913 Re: GnuPG treats no-usage-permitted keys as all-usages-permitted",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/09/13/4"
"url": "http://ubuntu.com/usn/usn-1987-1",
"refsource": "MISC",
"name": "http://ubuntu.com/usn/usn-1987-1"
},
{
"name": "RHSA-2013:1459",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html"
"url": "http://www.debian.org/security/2013/dsa-2773",
"refsource": "MISC",
"name": "http://www.debian.org/security/2013/dsa-2773"
},
{
"name": "openSUSE-SU-2013:1526",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00003.html"
"url": "http://www.debian.org/security/2013/dsa-2774",
"refsource": "MISC",
"name": "http://www.debian.org/security/2013/dsa-2774"
},
{
"name": "DSA-2774",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2774"
"url": "http://www.openwall.com/lists/oss-security/2013/09/13/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/09/13/4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1010137",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010137"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010137",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1010137"
}
]
}

73
2013/4xxx/CVE-2013-4354.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4354",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,22 +27,46 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130919 Re: OpenStack: Glance image creation in other tenant accounts (CVE-2013-4354)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/09/19/3"
"url": "http://www.openwall.com/lists/oss-security/2013/09/19/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/09/19/2"
},
{
"name": "https://bugs.launchpad.net/glance/+bug/1226078",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/glance/+bug/1226078"
"url": "http://www.openwall.com/lists/oss-security/2013/09/19/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/09/19/3"
},
{
"name": "[oss-security] 20130919 OpenStack: Glance image creation in other tenant accounts (CVE-2013-4354)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/09/19/2"
"url": "https://bugs.launchpad.net/glance/+bug/1226078",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/glance/+bug/1226078"
}
]
}

167
2013/4xxx/CVE-2013-4357.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4357",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "eglibc",
"product": {
"product_data": [
{
"product_name": "eglibc",
"version": {
"version_data": [
{
"version_value": "before 2.14"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,12 +27,86 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "eglibc",
"product": {
"product_data": [
{
"product_name": "eglibc",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "before 2.14"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4357",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-4357"
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/09/17/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/09/17/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/09/17/8",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/09/17/8"
},
{
"url": "http://www.openwall.com/lists/oss-security/2015/01/28/18",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/01/28/18"
},
{
"url": "http://www.openwall.com/lists/oss-security/2015/01/29/21",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/01/29/21"
},
{
"url": "http://www.openwall.com/lists/oss-security/2015/02/24/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/02/24/3"
},
{
"url": "http://www.securityfocus.com/bid/67992",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/67992"
},
{
"url": "http://www.ubuntu.com/usn/USN-2306-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2306-1"
},
{
"url": "http://www.ubuntu.com/usn/USN-2306-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2306-2"
},
{
"url": "http://www.ubuntu.com/usn/USN-2306-3",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2306-3"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-4357",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-4357"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4357",
@ -68,64 +119,14 @@
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4357"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-4357",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95103",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-4357"
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95103"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4357",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/01/28/18",
"url": "http://www.openwall.com/lists/oss-security/2015/01/28/18"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/01/29/21",
"url": "http://www.openwall.com/lists/oss-security/2015/01/29/21"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/02/24/3",
"url": "http://www.openwall.com/lists/oss-security/2015/02/24/3"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95103",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95103"
},
{
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/09/17/4",
"url": "http://www.openwall.com/lists/oss-security/2013/09/17/4"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/09/17/8",
"url": "http://www.openwall.com/lists/oss-security/2013/09/17/8"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/67992",
"url": "http://www.securityfocus.com/bid/67992"
},
{
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2306-1",
"url": "http://www.ubuntu.com/usn/USN-2306-1"
},
{
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2306-2",
"url": "http://www.ubuntu.com/usn/USN-2306-2"
},
{
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2306-3",
"url": "http://www.ubuntu.com/usn/USN-2306-3"
"name": "https://security-tracker.debian.org/tracker/CVE-2013-4357"
}
]
}

89
2013/4xxx/CVE-2013-4359.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4359",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,37 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://kingcope.wordpress.com/2013/09/11/proftpd-mod_sftpmod_sftp_pam-invalid-pool-allocation-in-kbdint-authentication/",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3973",
"refsource": "MISC",
"url": "http://kingcope.wordpress.com/2013/09/11/proftpd-mod_sftpmod_sftp_pam-invalid-pool-allocation-in-kbdint-authentication/"
"name": "http://bugs.proftpd.org/show_bug.cgi?id=3973"
},
{
"name": "[oss-security] 20130916 Re: CVE request: proftpd: mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/09/17/6"
"url": "http://kingcope.wordpress.com/2013/09/11/proftpd-mod_sftpmod_sftp_pam-invalid-pool-allocation-in-kbdint-authentication/",
"refsource": "MISC",
"name": "http://kingcope.wordpress.com/2013/09/11/proftpd-mod_sftpmod_sftp_pam-invalid-pool-allocation-in-kbdint-authentication/"
},
{
"name": "DSA-2767",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2767"
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00032.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00032.html"
},
{
"name": "openSUSE-SU-2015:1031",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00020.html"
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00020.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00020.html"
},
{
"name": "openSUSE-SU-2013:1563",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00032.html"
"url": "http://www.debian.org/security/2013/dsa-2767",
"refsource": "MISC",
"name": "http://www.debian.org/security/2013/dsa-2767"
},
{
"name": "http://bugs.proftpd.org/show_bug.cgi?id=3973",
"refsource": "CONFIRM",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3973"
"url": "http://www.openwall.com/lists/oss-security/2013/09/17/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/09/17/6"
}
]
}

85
2013/4xxx/CVE-2013-4361.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4361",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "GLSA-201407-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201407-03.xml"
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
},
{
"name": "SUSE-SU-2014:0446",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
"url": "http://www.debian.org/security/2014/dsa-3006",
"refsource": "MISC",
"name": "http://www.debian.org/security/2014/dsa-3006"
},
{
"name": "[oss-security] 20130930 Xen Security Advisory 66 (CVE-2013-4361) - Information leak through fbld instruction emulation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/09/30/3"
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html"
},
{
"name": "DSA-3006",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3006"
"url": "http://security.gentoo.org/glsa/glsa-201407-03.xml",
"refsource": "MISC",
"name": "http://security.gentoo.org/glsa/glsa-201407-03.xml"
},
{
"name": "openSUSE-SU-2013:1636",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html"
"url": "http://www.openwall.com/lists/oss-security/2013/09/30/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/09/30/3"
}
]
}

97
2013/4xxx/CVE-2013-4362.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4362",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,42 +27,66 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "DSA-2765",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2765"
"url": "http://osvdb.org/97416",
"refsource": "MISC",
"name": "http://osvdb.org/97416"
},
{
"name": "97417",
"refsource": "OSVDB",
"url": "http://osvdb.org/97417"
"url": "http://osvdb.org/97417",
"refsource": "MISC",
"name": "http://osvdb.org/97417"
},
{
"name": "97416",
"refsource": "OSVDB",
"url": "http://osvdb.org/97416"
"url": "http://savannah.nongnu.org/bugs/?40034",
"refsource": "MISC",
"name": "http://savannah.nongnu.org/bugs/?40034"
},
{
"name": "GLSA-201612-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-02"
"url": "http://seclists.org/oss-sec/2013/q3/627",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2013/q3/627"
},
{
"name": "[oss-security] 20130918 Re: CVE request: davfs2 - Unsecure use of system()",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q3/627"
"url": "http://www.debian.org/security/2013/dsa-2765",
"refsource": "MISC",
"name": "http://www.debian.org/security/2013/dsa-2765"
},
{
"name": "http://savannah.nongnu.org/bugs/?40034",
"refsource": "CONFIRM",
"url": "http://savannah.nongnu.org/bugs/?40034"
"url": "http://www.securityfocus.com/bid/62445",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/62445"
},
{
"name": "62445",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62445"
"url": "https://security.gentoo.org/glsa/201612-02",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201612-02"
}
]
}

61
2013/4xxx/CVE-2013-4364.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4364",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,12 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1009734",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1009734"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1009734",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1009734"
}
]
}

109
2013/4xxx/CVE-2013-4368.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4368",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,52 +27,76 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2014:0470",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
},
{
"name": "GLSA-201407-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201407-03.xml"
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html"
},
{
"name": "[oss-security] 20131010 Xen Security Advisory 67 (CVE-2013-4368) - Information leak through outs instruction emulation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/10/10"
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html"
},
{
"name": "xen-cve20134368-info-disc(87799)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87799"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1449.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1449.html"
},
{
"name": "RHSA-2013:1449",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1449.html"
"url": "http://www.debian.org/security/2014/dsa-3006",
"refsource": "MISC",
"name": "http://www.debian.org/security/2014/dsa-3006"
},
{
"name": "SUSE-SU-2014:0446",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html"
},
{
"name": "DSA-3006",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3006"
"url": "http://security.gentoo.org/glsa/glsa-201407-03.xml",
"refsource": "MISC",
"name": "http://security.gentoo.org/glsa/glsa-201407-03.xml"
},
{
"name": "SUSE-SU-2014:0411",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html"
"url": "http://www.openwall.com/lists/oss-security/2013/10/10/10",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/10/10/10"
},
{
"name": "openSUSE-SU-2013:1636",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html"
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87799",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87799"
}
]
}

73
2013/4xxx/CVE-2013-4369.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4369",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,22 +27,46 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "xen-cve20134369-dos(87798)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87798"
"url": "http://security.gentoo.org/glsa/glsa-201407-03.xml",
"refsource": "MISC",
"name": "http://security.gentoo.org/glsa/glsa-201407-03.xml"
},
{
"name": "GLSA-201407-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201407-03.xml"
"url": "http://www.openwall.com/lists/oss-security/2013/10/10/11",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/10/10/11"
},
{
"name": "[oss-security] 20131010 Xen Security Advisory 68 (CVE-2013-4369) - possible null dereference when parsing vif ratelimiting info",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/10/11"
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87798",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87798"
}
]
}

30
2018/14xxx/CVE-2018-14625.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly impersonate AF_VSOCK messages destined to other clients or leak kernel memory."
"value": "A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Use After Free",
"value": "CWE-416",
"cweId": "CWE-416"
}
]
@ -32,24 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-1062.rt56.1022.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-1062.el7",
"version_affected": "!"
},
{
"version_value": "0:4.14.0-115.16.1.el7a",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -97,16 +89,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:4154"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-14625",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-14625"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1619846",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1619846"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14625",
"refsource": "MISC",

52
2018/14xxx/CVE-2018-14628.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-14628",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions from 4.0.0 onwards"
}
]
@ -30,37 +52,17 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.samba.org/show_bug.cgi?id=13595",
"refsource": "MISC",
"name": "https://bugzilla.samba.org/show_bug.cgi?id=13595",
"url": "https://bugzilla.samba.org/show_bug.cgi?id=13595"
"name": "https://bugzilla.samba.org/show_bug.cgi?id=13595"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625445",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1625445",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625445"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store."
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1625445"
}
]
}

175
2018/14xxx/CVE-2018-14634.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system."
"value": "An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Integer Overflow or Wraparound",
"value": "CWE-190",
"cweId": "CWE-190"
}
]
@ -32,152 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "The Linux Foundation",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-754.6.3.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.4 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-358.94.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-431.93.2.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.6 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-504.76.2.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.6 Telco Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-504.76.2.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.7 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-573.65.2.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-862.14.4.rt56.821.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-862.14.4.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-327.76.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.2 Telco Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-327.76.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-327.76.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.3 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.61.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.43.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-693.43.1.rt56.630.el6rt",
"version_affected": "!"
"version_affected": "=",
"version_value": "2.6.x, 3.10.x, 4.14.x"
}
]
}
@ -270,21 +134,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3643"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-14634",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-14634"
},
{
"url": "https://access.redhat.com/security/vulnerabilities/mutagen-astronomy",
"refsource": "MISC",
"name": "https://access.redhat.com/security/vulnerabilities/mutagen-astronomy"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1624498",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1624498"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634",
"refsource": "MISC",
@ -317,18 +166,6 @@
}
]
},
"work_around": [
{
"lang": "en",
"value": "To mitigate the issue:\n\nEnable and install kernel-debuginfo packages as per https://access.redhat.com/solutions/666123\n\n1) On the host, save the following in a file with the \".stp\" extension:\n\n// CVE-2018-14634\n//\n// Theory of operations: adjust the thread's # rlimit-in-effect around\n// calls to the vulnerable get_arg_page() function so as to encompass\n// the newly required _STK_LIM / 4 * 3 maximum.\n\n// Complication: the rlimit is stored in a current-> structure that\n// is shared across the threads of the process. They may concurrently\n// invoke this operation.\n\nfunction clamp_stack_rlim_cur:long ()\n%{\n struct rlimit *rlim = current->signal->rlim;\n unsigned long rlim_cur = READ_ONCE(rlim[RLIMIT_STACK].rlim_cur);\n\n unsigned long limit = _STK_LIM / 4 * 3;\n limit *= 4; // multiply it back up, to the scale used by rlim_cur\n\n if (rlim_cur > limit) {\n WRITE_ONCE(rlim[RLIMIT_STACK].rlim_cur, limit);\n STAP_RETURN(limit);\n } else\n STAP_RETURN(0);\n%}\n\nprobe kernel.function(\"copy_strings\").call\n{\n l = clamp_stack_rlim_cur()\n if (l)\n printf(\"lowered process %s(%d) STACK rlim_cur to %p\\n\",\n execname(), pid(), l)\n}\n\nprobe begin {\n\tprintf(\"CVE-2018-14634 mitigation loaded\\n\")\n\n}\n\nprobe end {\n\tprintf(\"CVE-2018-14634 mitigation unloaded\\n\")\n}\n\n2) Install the \"systemtap\" package and any required dependencies. Refer\nto the \"2. Using SystemTap\" chapter in the Red Hat Enterprise Linux\n\"SystemTap Beginners Guide\" document, available from docs.redhat.com,\nfor information on installing the required -debuginfo and matching kernel-devel packages\n\n3) Run the \"stap -g [filename-from-step-1].stp\" command as root.\n\nIf the host is rebooted, the changes will be lost and the script must be\nrun again.\n\n\nAlternatively, build the systemtap script on a development system with\n\"stap -g -p 4 [filename-from-step-1].stp\", distribute the resulting\nkernel module to all affected systems, and run \"staprun -L <module>\" on those.\nWhen using this approach only systemtap-runtime package is required on\nthe affected systems. Please notice that the kernel version must be the same\nacross all systems.\n\n\nThis may not be a suitable workaround if your application uses massive amounts of stack space. Please consider this if there are any adverse affects when running this mitigation."
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Qualys Research Labs for reporting this issue."
}
],
"impact": {
"cvss": [
{

39
2018/14xxx/CVE-2018-14649.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was found that rbd-target-api service provided by ceph-iscsi-cli was running in debug mode. An unauthenticated attacker could use this to remotely execute arbitrary code and escalate privileges."
"value": "It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successfully connected to this debug shell they will be able to execute arbitrary commands remotely. These commands will run with the same privileges as of user executing the application which is using python-werkzeug with debug shell mode enabled. In - Red Hat Ceph Storage 2 and 3, ceph-isci-cli package runs python-werkzeug library with root level permissions."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"value": "CWE-77",
"cweId": "CWE-77"
}
]
@ -32,27 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "Red Hat Ceph Storage 2.5 for Red Hat Enterprise Linux 7",
"product_name": "ceph-iscsi-cli",
"version": {
"version_data": [
{
"version_value": "0:2.0-7.el7cp",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Ceph Storage 3.1",
"version": {
"version_data": [
{
"version_value": "0:2.7-7.el7cp",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -85,16 +74,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2838"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-14649",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-14649"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632078",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1632078"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14649",
"refsource": "MISC",
@ -112,12 +91,6 @@
}
]
},
"work_around": [
{
"lang": "en",
"value": "To stop werkzeug debug mode started by rbd-target-api which is provided by ceph-iscsi-cli:\n\n1. ~]# systemctl stop rbd-target-api\n\n2. ~]# vi /usr/bin/rbd-target-api\n\n# Start the API server\n...\n737 app.run(host='0.0.0.0',\n738 port=settings.config.api_port,\n739 debug=True, <==== change this to debug=False\n use_evalex=False, <=== add this line to disable debugger code execution\n740 use_reloader=False,\n741 ssl_context=context)\n...\n\nafter changes it should be\n\n# Start the API server\n...\n737 app.run(host='0.0.0.0',\n738 port=settings.config.api_port,\n739 debug=False, \n use_evalex=False,\n740 use_reloader=False,\n741 ssl_context=context)\n...\n\n3. ~]# systemctl start rbd-target-api\n\n4. Limit exposure of port 5000/tcp: This port should be opened to trusted hosts which require to run 'gwcli'."
}
],
"impact": {
"cvss": [
{

1163
2018/1xxx/CVE-2018-1097.json
View File

File diff suppressed because it is too large Load Diff

83
2018/1xxx/CVE-2018-1098.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-02-25T00:00:00",
"ID": "CVE-2018-1098",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "etcd",
"version": {
"version_data": [
{
"version_value": "3.3.1 and earlier"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,33 +21,58 @@
"description": [
{
"lang": "eng",
"value": "CWE-352"
"value": "CWE-352",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "etcd",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.3.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1552714",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552714"
"url": "https://github.com/coreos/etcd/issues/9353",
"refsource": "MISC",
"name": "https://github.com/coreos/etcd/issues/9353"
},
{
"name": "https://github.com/coreos/etcd/issues/9353",
"refsource": "CONFIRM",
"url": "https://github.com/coreos/etcd/issues/9353"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-833466697f",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-219b0b0b6a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552714",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1552714"
}
]
}

62
2018/1xxx/CVE-2018-1100.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow flaw was found in the zsh shell check path functionality. A local, unprivileged user can create a specially crafted message file, which, if used to set a custom \"you have new mail\" message, leads to code execution in the context of the user who receives the message. If the user affected is privileged, this leads to privilege escalation."
"value": "zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
"value": "CWE-120->CWE-121",
"cweId": "CWE-120"
}
]
}
@ -32,27 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "zsh",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "zsh",
"version": {
"version_data": [
{
"version_value": "0:4.3.11-8.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:5.0.2-31.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "through 5.4.2"
}
]
}
@ -85,16 +74,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1932"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-1100",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-1100"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563395",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1563395"
},
{
"url": "https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/",
"refsource": "MISC",
@ -104,30 +83,11 @@
"url": "https://usn.ubuntu.com/3764-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3764-1/"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Richard Maciel Costa (Red Hat)."
}
],
"impact": {
"cvss": [
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563395",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1563395"
}
]
}

130
2018/1xxx/CVE-2018-1114.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1114",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "undertow",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,59 +15,92 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
"value": "CWE-400",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "undertow",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114"
},
{
"name": "RHSA-2018:2669",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2669"
},
{
"name": "RHSA-2018:2643",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2643"
},
{
"name": "https://issues.jboss.org/browse/UNDERTOW-1338",
"url": "https://access.redhat.com/errata/RHSA-2018:2643",
"refsource": "MISC",
"url": "https://issues.jboss.org/browse/UNDERTOW-1338"
"name": "https://access.redhat.com/errata/RHSA-2018:2643"
},
{
"name": "https://bugs.openjdk.java.net/browse/JDK-6956385",
"url": "https://access.redhat.com/errata/RHSA-2018:2669",
"refsource": "MISC",
"url": "https://bugs.openjdk.java.net/browse/JDK-6956385"
"name": "https://access.redhat.com/errata/RHSA-2018:2669"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:0877",
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
"url": "https://access.redhat.com/errata/RHSA-2019:0877",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:0877"
},
{
"url": "https://bugs.openjdk.java.net/browse/JDK-6956385",
"refsource": "MISC",
"name": "https://bugs.openjdk.java.net/browse/JDK-6956385"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114"
},
{
"url": "https://issues.jboss.org/browse/UNDERTOW-1338",
"refsource": "MISC",
"name": "https://issues.jboss.org/browse/UNDERTOW-1338"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

30
2018/1xxx/CVE-2018-1118.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Linux kernel does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file."
"value": "Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Initialization",
"value": "CWE-665",
"cweId": "CWE-665"
}
]
@ -32,24 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "kernel",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "vhost",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-957.rt56.910.el7",
"version_affected": "!"
},
{
"version_value": "0:4.14.0-115.el7a",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-957.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "since 4.8"
}
]
}
@ -82,16 +74,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-1118",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-1118"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573699",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1573699"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118",
"refsource": "MISC",